 |
 | Norton Toolbar |  |
|
subset
|
|
Hi,
in a german forum a Norton Internet Security 2008 user has troubles with the Norton Toolbar when running Firefox or Internet Explorer sandboxed. This toolbar just doesn't appear in FF or IE sandboxed with Windows XP. I searched the forum, there are a few threads about this problem, but I didn't find a solution. We also have already tried a few settings, but without any success: OpenPipePath=\Device\NamedPipe\wkssvc OpenPipePath=\Device\NamedPipe\lsarpc OpenWinClass=SymHTMLWindow BlockWinHooks=n BlockFakeInput=n Note: SymHTMLWindow is the WinSpy class name of the Norton toolbar I have two trace logs with IpcTrace=ad, PipeTrace=ad and GuiTrace=ad settings, named Firefox Log and InternetExplorer Log. Just opened each Browser for a while and closed it. Maybe someone with advance knowledge can analyse this trace logs. Thanks in advance. Firefox Log
to be continued... |
|||||||||||||
|
Last edited by subset on Mon Jul 28, 2008 4:48 pm; edited 1 time in total
|
|||||||||||||||
 |
| |
|
subset
|
|
|
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
Good work with the trace. But I think you should remove the exclusions you set, and try these instead.
OpenIpcPath=*BaseNamedObjects*{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5} OpenIpcPath=*BaseNamedObjects*{A64C7F33-DA35-459b-96CA-63B51FB0CDB9} OpenIpcPath=*BaseNamedObjects*IDS_STORAGE_MUTEX OpenIpcPath=*BaseNamedObjects*CNDIE OpenIpcPath=*BaseNamedObjects*aca5dbec-42de-4679-ba7f-9e070bc299ba OpenIpcPath=*BaseNamedObjects*CGSCE OpenIpcPath=*BaseNamedObjects*CSECE OpenIpcPath=*BaseNamedObjects*{141451BD-6D3D-4EE5-BE11-ABDF08D55867} I suggest you start with all these exclusions, then if it works, start removing them one-by-one to identify those that are really necessary and those that aren't. This, in order to minimize the number of exclusions. Good luck. P.S. This one seems unrelated but I wonder if any mouse functions are missing in the sandbox because of it? OpenIpcPath=*BaseNamedObjects*A44DwheelMouseSharedMemory |
|||||||||||
|
_________________ tzuk
|
|||||||||||||
|
| |
|
subset
|
|
The mouse is working as expected with sandboxed programs, I use the same models/driver on different PCs. But the mouse software offers a lot functions I never use, maybe that's why I don't miss anything. About the Norton Toolbar
Unfortunately these settings were without success. (even with OpenIpcPath=\RPC Control\* setting from below) The toolbar appears in IE and Firefox with the following settings OpenIpcPath=\BaseNamedObjects\* OpenIpcPath=\RPC Control\* I have no clue which \BaseNamedObjects\ and \RPC Control\ settings I should bring together, so I just captured another Firefox trace with the settings from above. The Norton toolbar is displayed in sandboxed Firefox, maybe this makes a difference for analysing. Thanks in advance
Cheers |
|||||||||||||||||
|
|||||||||||||||||||
|
| |
|
tzuk
|
|
Ah, then there is hope that if the particular resources are excluded from sandboxing, then the toolbar does work. Let's see if we can pin-point it better, try removing all exclusions except:
Let me know if this is enough. |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
subset
|
|
Thanks a lot, both lines are exactly right, but I had to add another line for the toolbar to appear.
With these three lines the Norton toolbar of NIS 2008 works as expected with sandboxed browsers. I have tested it with XP SP3 and Vista SP1, both 32-Bit; Internet Explorer and Firefox. So if there are no concerns about security with these settings, I think we are through with it. Cheers |
|||||||||||||||||
|
|||||||||||||||||||
|
| |
|
tzuk
|
|
Actually there are grave concerns about security with these settings. My intention was only to see if the toolbar was trying to access a COM object resource rather than any other kind of resource. To proceed, please upgrade to Sandboxie 3.29.13 and try its new Resource Access Monitor in the File menu. Then run the browser sandboxed. You should see some lines in the monitor that begin with Clsid. For example,
If you see a line that mentions Norton, add an exclusion for it like this in Sandboxie.ini: OpenClsid={25336920-03F9-11CF-8FD0-00AA00686F13} (But use the correct clsid for the Norton COM object, of course.) Also I'd be happy to know which clsid(s) are required and add them as default exclusions. |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
subset
|
|
Hi,
the Norton Toolbar Clsid is shown in Resource Access Monitor log.
But adding OpenClsid={7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} to sandboxie.ini doesn't make the toolbar appear, even with all four Clsid lines it doesn't work. Apparently there is another resource access required. Here are two logs with Internet Explorer. Resource Access Monitor Log without OpenClsid={7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} setting http://tinypaste.com/cbd38 Resource Access Monitor Log with OpenClsid={7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} setting http://tinypaste.com/84d50 Cheers |
|||||||||||||
|
|||||||||||||||
|
| |
|
tzuk
|
|
Not necessarily; OpenClsid only supports basic one-way communication between the sandboxed program and the COM object outside the sandbox. So the Norton Toolbar may just expect more than OpenClsid can offer. So it seems like you can use Sandboxie with full protection and no Norton Toolbar, or lose a considerable amount of protection but have the Norton Toolbar. By "considerable" I mean that if you add the RPC Control exclusions, then Sandboxie may not be able to protect programs launched by the Web browser, for example PDF or DOC viewers. |
|||||||||||||
|
|||||||||||||||
|
| |
|
subset
|
|
Well, for some problems it's not possible to find a satisfactory solution. However, thank you for taking the time to complete this survey. Cheers |
|||||||||||||
|
|||||||||||||||
|
| |
|
tzuk
|
|
Norton Internet Security 2009 toolbar should work fine inside a sandboxed Internet Explorer, in Sandboxie version 3.31.02.
|
|||||||||||
|
|||||||||||||
|
 | Norton Toolbar | |
|
||
Use the RSS feed to watch this topic for replies |
|
|