 |
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
 Posted: Thu Jan 12, 2012 8:25 pm |
|
 |
 |
|
|
Buster Sandbox Analyzer: Installation and configuration.
http://www.youtube.com/watch?v=MXASXoq5akc |
|
|
 | I / O error 32 |  |
|
M_R
| Joined: 17 Nov 2010 |
| Posts: 19 |
|
|
|
| Posted: Sun Jan 15, 2012 2:19 pm |
|
|
|
|
|
Buster: Kobayashi: I miss the Buster Sandbox Analyzer reports. 
Yes, you are right !
After a big infection of my computer I changed some settings of it.
I do not run in admin account anymore as before with user account control turned off, but instead I run in a standard user account and turned on again user account control.
Then I started to get I/O error 32
I have not yet solved this problem. |
|
|
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Mon Jan 16, 2012 9:13 pm |
|
|
|
|
|
Released Buster Sandbox Analyzer 1.49.
Changes:
+ Added support for XML reports
+ Added support for TLS hooks detection
+ Improved PDF Statistics
+ Updated LOG_API verbose versions to include FindFirst/NextFile support
+ Updated support for new VirusTotal web service
+ Fixed several bugs
|
|
|
| Re: I / O error 32 | |
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Wed Jan 18, 2012 7:16 pm |
|
|
|
|
|
| M_R wrote: |
Buster: Kobayashi: I miss the Buster Sandbox Analyzer reports.
Yes, you are right !
After a big infection of my computer I changed some settings of it.
I do not run in admin account anymore as before with user account control turned off, but instead I run in a standard user account and turned on again user account control.
Then I started to get I/O error 32
I have not yet solved this problem. |
The problem was that "DefaultBox" folder was created from an account with admin rights. When BSA runs from a standard user account it will not have the rights to access folder contents, so it will not run fine.
The solution is deleting "DefaultBox" folder from the account having admin rights and switching to standard user account, so when Sandboxie creates the folder, BSA will have the rights to access the contents. |
|
|
 |
| | |
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Fri Feb 10, 2012 4:15 pm |
|
|
|
|
|
Released Buster Sandbox Analyzer 1.50.
Changes:
+ Added multi-language support
+ Updated LOG_API
+ Fixed several bugs
|
|
|
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Sat Feb 11, 2012 2:15 pm |
|
|
|
|
|
If anyone translates BSA to other language it would be cool if he sends me it so I include it in the package.
|
|
|
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Tue Mar 06, 2012 7:17 pm |
|
|
|
|
|
Released Buster Sandbox Analyzer 1.51.
Changes:
+ Added a custom driver to hide Sandboxie´s processes
+ Removed Hide Driver from package
+ Included new malware behaviour
+ Added File Renamer feature to utilities section
+ Updated LOG_API
|
|
|
|
| | |
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Tue Mar 06, 2012 7:24 pm |
|
|
|
|
|
HideDriver has been removed from package. I have included a custom driver to hide Sandboxie´s processes. This driver can be installed and started by Buster Sandbox Analyzer on demand or automatically.
In order to get the driver working, Buster Sandbox Analyzer must have admin rights.
The driver (BSA.SYS) can be renamed for security purposes to any name.
At least one antivirus vendor detects as malicious the driver. I would be grateful if you submit the driver to those vendors detecting the driver so they remove the false positive.
If anyone has any questions about this or any of the new features (File Renamer) just post a message.
|
|
|
|
| | |
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Sun Mar 25, 2012 1:28 pm |
|
|
|
|
|
Released Buster Sandbox Analyzer 1.52.
Changes:
+ Added support for HTML reports
+ Added a feature to remove sandbox folder contents automatically in manual mode
+ Included new malware behaviour
+ Updated LOG_API
+ Fixed several bugs
|
|
|
|
| | |
|
Max100
| Joined: 20 Oct 2009 |
| Posts: 160 |
|
|
|
| Posted: Sun Mar 25, 2012 3:58 pm |
|
|
|
|
|
| Buster wrote: |
HideDriver has been removed from package. I have included a custom driver to hide Sandboxie´s processes. This driver can be installed and started by Buster Sandbox Analyzer on demand or automatically.
In order to get the driver working, Buster Sandbox Analyzer must have admin rights.
The driver (BSA.SYS) can be renamed for security purposes to any name.
At least one antivirus vendor detects as malicious the driver. I would be grateful if you submit the driver to those vendors detecting the driver so they remove the false positive.
If anyone has any questions about this or any of the new features (File Renamer) just post a message. |
Here there is the complete list of antivirus that reports this file as malware:
https://www.virustotal.com/file/fc3dec19ba7387874099565192fd3ec28aeb396fc33f18275ac9c3d306237a1e/analysis/
Currently I submitted detailed false positive reports to: AntiVir, AVG, Microsoft, Comodo, Fortiguard, VirusBuster. |
|
|
|
| | |
|
MichaelS
| Joined: 07 Feb 2012 |
| Posts: 139 |
| Location: MeanWhile City |
|
|
| Posted: Tue Mar 27, 2012 5:13 am |
|
|
|
|
|
Hello,
Is it possible to include accessed resources (i.e. read files/registry entries) in the reports or would that crowd the report too much?
|
|
|
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Tue Mar 27, 2012 6:00 am |
|
|
|
|
|
| MichaelS wrote: |
Hello,
Is it possible to include accessed resources (i.e. read files/registry entries) in the reports or would that crowd the report too much? |
As you say, that would crowd the report too much, so when I designed the tool I decided I would not include that stuff.
Anyway you could use the verbose version of LOG_API.DLL and get readed registry entries from LOG_API.TXT. And if you want I could make a special LOG_API version that also logs readed files for you. With such LOG_API.DLL version would be easy to make a program that parses LOG_API.TXT and produces a file logging readed files/registy entries. |
|
|
|
| | |
|
MichaelS
| Joined: 07 Feb 2012 |
| Posts: 139 |
| Location: MeanWhile City |
|
|
| Posted: Tue Mar 27, 2012 6:17 am |
|
|
|
|
|
Yes, it would be excellent to have an alternative for files and registry entries that a sandboxed application reads. Thank you!
Unrelated: just thought I should mention, if a user has a 2 screens setup, with the primary screen to the right side, BSA positions itself offscreen (only half of the BSA GUI is visible on the main screen). That's not an issue nor an annoyance for me as I can use a window manager to automatically position BSA centered on my main screen at startup, but I don't know about others.
|
|
|
|
| | |
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2191 |
|
|
|
| Posted: Tue Mar 27, 2012 6:27 am |
|
|
|
|
|
| MichaelS wrote: |
| Yes, it would be excellent to have an alternative for files and registry entries that a sandboxed application reads. Thank you! |
No problem, I will make a custom version for you.
Do you want the 32 or the 64 version of the DLL?
| MichaelS wrote: |
| Unrelated: just thought I should mention, if a user has a 2 screens setup, with the primary screen to the right side, BSA positions itself offscreen (only half of the BSA GUI is visible on the main screen). That's not an issue nor an annoyance for me as I can use a window manager to automatically position BSA centered on my main screen at startup, but I don't know about others. |
Place BSA in the position you prefer and then enable:
Options > Program Options > Remember Window Position |
|
|
|
You cannot post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 38 of 60
 Use the RSS feed to watch this topic for replies
|
|
|
|
| |
