BSA Version : BSA 1.71
Sanboxie : 3.72

how can i fix this error?

Does the error appear with every application you test (like NOTEPAD.EXE) or only with one file?

If it happens only with one file: send me the file, please.

yes sir.. every application that I test produces the error.. can you help me?

Hi there

Works fine for me under Win7 Prof. and Sandboxie v3.70.


Scrapie

Update to 3.72.

First update to BSA 1.72 and try again. It should crash anyway, but let´s try.

If version 1.72 does not work, send me a mail to the mail address that appears in the manual and I will send you a custom version that may help to locate the origin of the bug.

i have found it. when i used LOG_API.DLL from folder BSA\LOG_API\, the program still working. the problem wll occur when i use the old version of LOG_API.DLL.

Yes, updating LOG_API is necessary.

I will try to introduce a checking in BSA so it checks you are using a valid LOG_API dll version.

Hi

I´d like to know why is it that Bsa.sys, being such a small file, shows so many false positives (12!). Other files seem mostly clean (1 false positive at most).

https://www.virustotal.com/file/fc3dec19ba7387874099565192fd3ec28aeb396fc33f18275ac9c3d306237a1e/analysis/

Thank you!

Because it makes use of certain APIs commonly used by malwares I guess.

No, the "detection" is simply based on the File-Hash. Change a single (!) byte (for example offset 2310 from 4D to 6D which wont break the driver) and the "detection" drops from 12 AV's to 2 AV's
AV's are full of s***t and love to copy "signatures" from each other so in the next test they score the same as the others - even if a "detection" makes no sense. They didn't even made the effort to generate a propper signature for the file. Easier to add a hash, done in a second and no danger of a FP...

Patched BSA.SYS *Click*


Scrapie

thank you for your answers!

I have updated Sandboxie to 3.72 (64bits) and BSA to 1.72
I have modified the sandboxie.ini with these lines:

When I click "Start Analysis" in BSA a window pops up saying "Window title does not match LOG_API string!"
What does that means ??? Is it a problem ?

Another small annoyance: I am using a dual screen display and any BSA windows displayed is located in the middle of the two screens (that is half on the left screen and half on the right screen). So each time it is necessary to move the windows displayed by BSA. The window is placed like that when you start the program but also when you execute commands like start/Finish analysis, malware analyzer etc. ... would be nice to fix this behavior perhaps by storing the last position of the windows (at least the main windows) ?

Thanks - Jean

Did you click at "Options > Program Options > Change title" and changed BSA´s window title from "Buster Sandbox Analyzer" to other string?



Try with "Options > Program Options > Remember Window Position".

No - The title in the BSA window is "Buster Sandbox Analyzer"


Did not know about this one!
But it is not really working! When I start the program it does remember the window position, however if I click "Start Analysis" the window is put back in center of the two screen and same happen when I click "Finish Analysis". However "Malware analyzer" does not move the window.
Also several popup windows like "Sandox folder not Empty", "Malware Behavior Analyzer Module", are open in midle of two screens.