Fluff, and any others new to Sandboxie.

There isn't any need to use any third party software to clean up or delete the contents of the Sandbox.

With your browser Sandboxed, everything it downloads in way of temp files, cookies, or even Malware is placed into a copy of the actual folder it would have gone to, created inside the Sandbox.

When you explore the sandbox, the cookies and stuff you are finding in folders haven't escaped the sandbox. They are in copies of the real folders mentioned above.

Next time you have a look in the sandbox, make a note of any particular folder in there containing undesirable files, and then go look for the real folder, which you will find devoid of those files.

When I close down my browser, Sandboxie is configured to automatically delete the contents of the sandbox, which is the complete folder structure created inside of it.

I don't need to examine the sandbox after browsing, or use another program to delete it, as hand in hand with that setting, I have "Quick Recovery" activated and configured to give me the option of recovering files heading for a particular chosen folder or folders, straight to the real folders on my Hard Drive.

You can also configure Sandboxie to securely delete the contents of the Sandbox using "Eraser" or "SDelete". I would go along with Eraser, but I believe SDelete isn't as reliable.

You should be able to set up Sandboxie so that using it is a smooth and painless operation with as little user interference as possible.

Activate it, browse and "Instantly Recover" chosen stuff to the real folders, close your browser, and the sandbox is automatically deleted, securely or otherwise.

I'm wondering if you guys are making it too complicated, when all the necessary recovering and deleting can be set up within Sandboxie itself.

Of course this is just MHO, and the way I have Sandboxie set up for myself.

If anyone is having a problem with settings, or even fully understanding what you can actually do with Sandboxie and how it works, please post your queries and hopefully make using Sandboxie a much simpler process.

Of course you guys who already know all this can tell me to p*** off and mind my own business, but I'll chance that.

hi Dennis,i use sdelete and it works good also for the sytrem. and specially becuase is a systernal product.

,i though about eraser,,but i read to many complains for the latest build,and now i wonder which eraser build was the best.

.you know i also read in some sites that sandboxie can stop programs to phone home..i bet ?..ios done allowing only accesiing browser to the net in restriction.

hi Dennis,i use sdelete and it works good also for the sytrem. and specially becuase is a systernal product.

,i though about eraser,,but i read to many complains for the latest build,and now i wonder which eraser build was the best.

.you know i also read in some sites that sandboxie can stop programs to phone home..i bet ?..ios done allowing only accesiing browser to the net in restriction.

http://forum.piriform.com/index.php?showto...st&p=160353

I heard negative stuff about SDelete some time back, but nothing stays the same so we could both be right, or wrong.

Whatever works for you is the right one.

what about eraser?..which version you use?...i heard comments about it too.

what about eraser?..which version you use?...i heard comments about it too.

I don't actually use it anymore. Takes too long for me, and the normal Sandboxie delete does what I want.

I pointed it out as there are plenty of folk who prefer to secure delete.

This works for me:

By default, Sandboxie deletes the sandbox using a standard Windows command to delete folders -- RMDIR. This makes sure the contents of the sandbox (including malicious software) are properly removed from the operating system. But as mentioned above, it leaves the data vulnerable to inspection and recovery by forensics experts.

Link:

I did have Eraser 5.7 but it's off my system now.

you knoe,i read on different sites that regular default RMDIR sometimes don't do the job..

so just be careful..we got to make sure of geting rid of it.

btw,,is there any configuration tips for sandboxie here on the site?

..when i use sandboxiei have check everything in IE

delete-invocation-erase verything when exit

-restriction-only iexplore

-sandboxed cd/dvd drives...

Any other recomendations?

Hello aqua. I've been using Sandboxie for about two years after getting infected by a trojan when my wife merely clicked on what appeared to be a benign website (something pertaining to an internet game). I don't claim to be an outright expert using Sandboxie, but I'll share with you how I use it and you may be able to glean information from this post and others to determine the best fit for you.

1. I have four different types of sandboxes:

• One type is for "routine" browsing and I assign this sandbox a green border. My definition of "routine" means I have reason to believe the websites I'll be looking at will be safe. For my routine browsing sandbox, I use the default settings except I block access (you have to have the registered version of Sandboxie) to the My Documents folder. The reason is because I keep some private information there and if, in the extreme chance I pick up a keylogger while browsing in that sandbox, I want to keep it from reading the information in My Documents. (Keep in mind that even though the keylogger is sandboxed, it can still run and attempt to fulfill its mission until it gets flushed when the sandbox is emptied.) To block access: Sandboxie Control > Resource Access > File Access > Blocked Access.

• I call the second type of sandbox "high security" and I assign it a red border. As the name suggests, we use it when we are doing any internet shopping or banking or visiting uncertain sites. I have hardened that sandbox by not only blocking access to My Documents, but also by (1) making my browser the only program that can access the internet (Sandboxie Control > Restrictions > Internet Access), (2) making my browser the only program that can start/run in that sandbox (Sandboxie Control > Restrictions > Start/Run Access), and (3) Dropping rights (Sandboxie Control > Restrictions > Drop Rights).

• I call the third type my Forced Folders sandbox and I assign it a yellow border. Again, you need the registered version of Sandboxie for this and I have it configured so that any program that opens via my external hard drive or flash drives is forced into that sandbox. Of course, if I want a program on one of those drives to open non-sandboxed, it's as easy as right-clicking the Sandboxie icon in the system tray and clicking Disable Forced Programs. Another purpose for that sandbox: I don't frequently test programs, but when I do, I first download their installers into a special "Downloads" folder on my desktop and keep them there for a while. That "Downloads" folder is also listed as a forced folder (along with my external and flash drives) in that sandbox. That way if/when I run any of those "test" programs via the Downloads folder, they will automatically open in that sandbox. For this sandbox, I block access to My Documents and I also restrict all access to the internet (Sandboxie Control > Restrictions > Internet Access).

• I use my fourth type of sandbox if I not only want to test a new program, but also if I intend to keep it sandboxed on a long-term basis. I call these my testboxes and I assign them yellow borders as well. Two examples of programs I have in them are DVDShrink and DVDFab (thank you, Dennis!). I have to be careful with what gets blocked and restricted in these sandboxes depending on the needs of the programs they contain, but blocking access to My Documents is a must for me.

2. I do not have any of my sandbox types configured to automatically delete. I use the secure delete feature in CCleaner to delete my sandbox types 1, 2, and 3. Why? Well, I've been in the habit of always using CCleaner when finishing a browsing session. So, for me, it just made sense to use it to secure delete the contents of those three sandboxes versus installing another program such as Eraser. The illustration at the end of this post shows how I configured sandboxie for this task. One other note about emptying out the sandboxes: I've read several threads in Sandboxie's forum that in some cases sandboxed malware could possibly be backed up by Windows System Restore if a sandbox is emptied using the conventional RMDIR method. How likely is that to happen and could it pose subsequent problems are questions for which I'm not completely sure of the answers. Some more information about this is provided here (scroll down to System Restore), and if you want to find out more, you can search Sandboxie's forum. But it's my understanding that secure deletion of the sandboxes via Eraser, SDelete, or CCleaner mitigates the possibility of this happening. Lastly, note that I don't delete the contents of my sandbox type 4 for the obvious reason that I plan to continue using the programs in those testboxes for a longer period of time.

I hope you feel free to jump back in if you have more questions, comments, or suggestions. We all learn by feedback. If I can help, I will. If I can't, I'm sure someone else will.

Hi cc1 and thanks for your great tips about sandboxie.

you said that the only reason you block access my documents is becuase you have important files right?

well i don't have really important documents there..my important files are always kept on a cd.

Released today, info here

http://www.sandboxie.com/index.php?DownloadSandboxie

Well it's all your fault Hazenut, so many comments about Sandboxie all glowing ones, thought I best give it a go on my newly built dual boot test unit.

I have mentioned before that I am a keen user of Returnil on my Win 7 unit, I also have been using use Sun Virtual Box on my main XP Pro unit for a while now.

Once installed on the new XP Pro build I must say I was very impressed playing in the "Sandbox", I do like the way one gets to recover (save) documents (in my case PDF's) which I do a lot of. Reason is that I "print to PDF" regurally while on the web and store these documents for future OCR and indexing.

So I for one am enjoying this Sandboxie thread and will look forward to more play time with this application.

Thank you for the previous kind words of yours re my Dual Boot exercise.

Tasgandy ! Do`nt blame Hazelnut,I think it was my fault in asking questions..!!!!

and Dennis thanks for the logical reply i do`nt think anyone will ever tell you to P*** off you are too valued here

I have looked at the Sandboxie forum like Aqua and you never seem to find the simple answer you end up finding new queries !

What freaked me out a bit was when I did a Superantispware scan,after i had used CCleaner and it found 36 tracking cookies

when normally i would expect 2 from my homepage.

These were found in C,Sandbox,User,delete default box, The files kept adding and adding everytime i browsed.

cc1Brilliant reply !!! tweaking CC as you have shown should help to clear these out ,or is it best to alter sanboxie to stop them getting there in the first place ?!

Thank you all

Fluff

Hi cc1 and thanks for your great tips about sandboxie.

you said that the only reason you block access my documents is becuase you have important files right?

well i don't have really important documents there..my important files are always kept on a cd.

Correct. I want My Documents to be cordoned off and inaccessible to my sandboxes. But your method of using a CD (presumably a rewriteable one) to store important information works well too. Perhaps another approach would be to use a flash drive.

Two other points (which may already be obvious) regarding my use of CCleaner with Sandboxie:

1) I use the Settings window in CCleaner to configure the secure delete settings. I think I selected the 3 passes option.

2) I also use the Settings window in CCleaner to add the Run CCleaner option to the Recycle Bin context menu because my preference is to just right click the recycle bin and run ccleaner from there.

...What freaked me out a bit was when I did a Superantispware scan,after i had used CCleaner and it found 36 tracking cookies when normally i would expect 2 from my homepage. These were found in C,Sandbox,User,delete default box, The files kept adding and adding everytime i browsed.

cc1Brilliant reply !!! tweaking CC as you have shown should help to clear these out ,or is it best to alter sanboxie to stop them getting there in the first place ?!

Thank you all

Fluff

Hi Fluff. I'm a little confused by your post. If your browser is installed on your "real" system, and if you run it sandboxed, and lastly, if you empty* the contents of your sandbox when you are finished browsing, then a subsequent scan by SuperAntispyware should find absolutely nothing related to that sandboxed session.

( * by using/checking the Sandboxie's automatic deletion block - see below image - or some other approach)

cc1 sorry if i`m not clearly explaining,

I am finding files in my computer,local c drive,sandbox,user,delete default box,

they are on my ordinary c drive,it seems everytime i browse the cookies etc are put in there,a different folder for each browsing sesion

I have ticked the box for deletion as you indicate and with sdelete,thats why i do`ntt find anthing to delete in the sandbox

its as if they are copied from my browsingsessions and put in the sandbox folder on my c drive outside the sandbox

thats why superntispyware can pick them up,

I hope this might give you a better idea of why i think something isn`t right !!

Please if i haven`t explaine properly let me know !!

Fluff

Fluffy the sandbox is a little virtual world with a real address.

When you say

I am finding files in my computer,local c drive,sandbox,user,delete default box

They are held in that virtual world by sandboxie until the box gets emptied. They have no contact with your real c drive.

I browse sandboxed, I pick up cookies in the default box, I pick up trojans in my default box.

They show an address of c sandbox. But when I empty the sandbox, they are gone.

Or are we misunderstanding what you mean?

...I have ticked the box for deletion as you indicate and with sdelete...

Fluffy, are you saying you use SDelete to secure delete your sandbox? If so, it's possible it's not configured properly and fouling up the deletion process. Try changing your sandbox settings by relying solely on the default deletion process (RMDIR). See below image.

Also, something else that's puzzling is that you refer to the location of your sandbox as "c drive,sandbox,user,delete default box". My paths to my sandboxes do not contain the word "delete". ??? I'm not sure if that's related to SDelete or not.

Fluffy the sandbox is a little virtual world with a real address.

My sweet Hazelnut Fluffy does live in a little virtual world !!!!!

when i delete they stay there also if i use the"is window sandboxed" and move the target over them it says "the selected window is not running as part of any sanbox program"

which makes me think they are in my ]real c drive

Floof

Right Floof (new name?)

Right click on browser and select run sandboxed.

Browse around collecting cookies etc.

Close browser.

Right -click sandboxie taskbar icon.

Choose default box then select delete contents.

Is this what you are doing?

cc1 Oh yes you`ve hit on something there i`ve changed deletion from sdelete to rmdir and guess what??? it`s cleared a load of out it out,some of the folders have gone yessssssssssssssss!

i`m not counting chickens yet but i think your right sdelete hasn`t been deleting !

with regard to the location i was finding these files and superantispyware,in it`s quranteen it had the tracking cookies at this location

C:\sanbox\user\_delete_defaultbox_01AA................C\user\current\cookies\user@ads.audxch.txt

it could have been related to the sdelete...

i`m going to keep browsing and deleting the sandbox and see if this has craked it

i`ll repost soon !

Thank you all

F

Fluffy..did you copy the sdelete to c:documents and settings/your username....

don't forget you have to do so..

after that configure sandboxi to delete with sdelete.

Fluff here! reporting that when i now empty the sandbox or just shut down everyything has gone !

I`m still on RMDIR delete,

Aqua-i`m not going to use Sdelete for now i might try eraiser see Dennis`s comments ...

Thankyou cc1 you were correct Sdelete just wasn`t doing it ! it maybe not loaded properly perhaps

Hazelnut thanks for your kind approach in understanding when and what i do`nt understand!

Thanks again you lot !

One day I might be able to get around to helping someone on the forum,I just seem to always taking the help but not giving it

Fluff