Jump to content

New Sandboxie version


hazelnut

Recommended Posts

btw,,is there any configuration tips for sandboxie here on the site?

..when i use sandboxiei have check everything in IE

delete-invocation-erase verything when exit

-restriction-only iexplore

-sandboxed cd/dvd drives...

Any other recomendations?

Hello aqua. I've been using Sandboxie for about two years after getting infected by a trojan when my wife merely clicked on what appeared to be a benign website (something pertaining to an internet game). I don't claim to be an outright expert using Sandboxie, but I'll share with you how I use it and you may be able to glean information from this post and others to determine the best fit for you.

 

1. I have four different types of sandboxes:

  • One type is for "routine" browsing and I assign this sandbox a green border. My definition of "routine" means I have reason to believe the websites I'll be looking at will be safe. For my routine browsing sandbox, I use the default settings except I block access (you have to have the registered version of Sandboxie) to the My Documents folder. The reason is because I keep some private information there and if, in the extreme chance I pick up a keylogger while browsing in that sandbox, I want to keep it from reading the information in My Documents. (Keep in mind that even though the keylogger is sandboxed, it can still run and attempt to fulfill its mission until it gets flushed when the sandbox is emptied.) To block access: Sandboxie Control > Resource Access > File Access > Blocked Access.

  • I call the second type of sandbox "high security" and I assign it a red border. As the name suggests, we use it when we are doing any internet shopping or banking or visiting uncertain sites. I have hardened that sandbox by not only blocking access to My Documents, but also by (1) making my browser the only program that can access the internet (Sandboxie Control > Restrictions > Internet Access), (2) making my browser the only program that can start/run in that sandbox (Sandboxie Control > Restrictions > Start/Run Access), and (3) Dropping rights (Sandboxie Control > Restrictions > Drop Rights).

  • I call the third type my Forced Folders sandbox and I assign it a yellow border. Again, you need the registered version of Sandboxie for this and I have it configured so that any program that opens via my external hard drive or flash drives is forced into that sandbox. Of course, if I want a program on one of those drives to open non-sandboxed, it's as easy as right-clicking the Sandboxie icon in the system tray and clicking Disable Forced Programs. Another purpose for that sandbox: I don't frequently test programs, but when I do, I first download their installers into a special "Downloads" folder on my desktop and keep them there for a while. That "Downloads" folder is also listed as a forced folder (along with my external and flash drives) in that sandbox. That way if/when I run any of those "test" programs via the Downloads folder, they will automatically open in that sandbox. For this sandbox, I block access to My Documents and I also restrict all access to the internet (Sandboxie Control > Restrictions > Internet Access).

  • I use my fourth type of sandbox if I not only want to test a new program, but also if I intend to keep it sandboxed on a long-term basis. I call these my testboxes and I assign them yellow borders as well. Two examples of programs I have in them are DVDShrink and DVDFab (thank you, Dennis!). I have to be careful with what gets blocked and restricted in these sandboxes depending on the needs of the programs they contain, but blocking access to My Documents is a must for me.

2. I do not have any of my sandbox types configured to automatically delete. I use the secure delete feature in CCleaner to delete my sandbox types 1, 2, and 3. Why? Well, I've been in the habit of always using CCleaner when finishing a browsing session. So, for me, it just made sense to use it to secure delete the contents of those three sandboxes versus installing another program such as Eraser. The illustration at the end of this post shows how I configured sandboxie for this task. One other note about emptying out the sandboxes: I've read several threads in Sandboxie's forum that in some cases sandboxed malware could possibly be backed up by Windows System Restore if a sandbox is emptied using the conventional RMDIR method. How likely is that to happen and could it pose subsequent problems are questions for which I'm not completely sure of the answers. Some more information about this is provided here (scroll down to System Restore), and if you want to find out more, you can search Sandboxie's forum. But it's my understanding that secure deletion of the sandboxes via Eraser, SDelete, or CCleaner mitigates the possibility of this happening. Lastly, note that I don't delete the contents of my sandbox type 4 for the obvious reason that I plan to continue using the programs in those testboxes for a longer period of time.

 

I hope you feel free to jump back in if you have more questions, comments, or suggestions. We all learn by feedback. If I can help, I will. If I can't, I'm sure someone else will.

 

post-23766-1265855781_thumb.png

Link to comment
Share on other sites

Hi cc1 and thanks for your great tips about sandboxie.

you said that the only reason you block access my documents is becuase you have important files right?

well i don't have really important documents there..my important files are always kept on a cd.

Link to comment
Share on other sites

Well it's all your fault Hazenut, so many comments about Sandboxie all glowing ones, thought I best give it a go on my newly built dual boot test unit.

 

I have mentioned before that I am a keen user of Returnil on my Win 7 unit, I also have been using use Sun Virtual Box on my main XP Pro unit for a while now.

 

Once installed on the new XP Pro build I must say I was very impressed playing in the "Sandbox", I do like the way one gets to recover (save) documents (in my case PDF's) which I do a lot of. Reason is that I "print to PDF" regurally while on the web and store these documents for future OCR and indexing.

 

So I for one am enjoying this Sandboxie thread and will look forward to more play time with this application.

 

Thank you for the previous kind words of yours re my Dual Boot exercise. :rolleyes:

Always With Kind Regards

Tasgandy

"one is never too old to listen & learn"

Link to comment
Share on other sites

Tasgandy ! Do`nt blame Hazelnut,I think it was my fault in asking questions..!!!!

and Dennis thanks for the logical reply i do`nt think anyone will ever tell you to P*** off you are too valued here

 

I have looked at the Sandboxie forum like Aqua and you never seem to find the simple answer you end up finding new queries !

What freaked me out a bit was when I did a Superantispware scan,after i had used CCleaner and it found 36 tracking cookies

when normally i would expect 2 from my homepage.

These were found in C,Sandbox,User,delete default box, The files kept adding and adding everytime i browsed.

 

cc1Brilliant reply !!! tweaking CC as you have shown should help to clear these out ,or is it best to alter sanboxie to stop them getting there in the first place ?!

 

Thank you all

 

Fluff

Link to comment
Share on other sites

Hi cc1 and thanks for your great tips about sandboxie.

you said that the only reason you block access my documents is becuase you have important files right?

well i don't have really important documents there..my important files are always kept on a cd.

Correct. I want My Documents to be cordoned off and inaccessible to my sandboxes. But your method of using a CD (presumably a rewriteable one) to store important information works well too. Perhaps another approach would be to use a flash drive.

 

Two other points (which may already be obvious) regarding my use of CCleaner with Sandboxie:

1) I use the Settings window in CCleaner to configure the secure delete settings. I think I selected the 3 passes option.

2) I also use the Settings window in CCleaner to add the Run CCleaner option to the Recycle Bin context menu because my preference is to just right click the recycle bin and run ccleaner from there.

Link to comment
Share on other sites

...What freaked me out a bit was when I did a Superantispware scan,after i had used CCleaner and it found 36 tracking cookies when normally i would expect 2 from my homepage. These were found in C,Sandbox,User,delete default box, The files kept adding and adding everytime i browsed.

cc1Brilliant reply !!! tweaking CC as you have shown should help to clear these out ,or is it best to alter sanboxie to stop them getting there in the first place ?!

Thank you all

Fluff

Hi Fluff. I'm a little confused by your post. If your browser is installed on your "real" system, and if you run it sandboxed, and lastly, if you empty* the contents of your sandbox when you are finished browsing, then a subsequent scan by SuperAntispyware should find absolutely nothing related to that sandboxed session.

 

( * by using/checking the Sandboxie's automatic deletion block - see below image - or some other approach)

 

post-23766-1265896794_thumb.jpg

Link to comment
Share on other sites

cc1 sorry if i`m not clearly explaining,

I am finding files in my computer,local c drive,sandbox,user,delete default box,

they are on my ordinary c drive,it seems everytime i browse the cookies etc are put in there,a different folder for each browsing sesion

I have ticked the box for deletion as you indicate and with sdelete,thats why i do`ntt find anthing to delete in the sandbox

its as if they are copied from my browsingsessions and put in the sandbox folder on my c drive outside the sandbox

thats why superntispyware can pick them up,

I hope this might give you a better idea of why i think something isn`t right !!

Please if i haven`t explaine properly let me know !!

 

Fluff

Link to comment
Share on other sites

  • Moderators

Fluffy the sandbox is a little virtual world with a real address.

 

When you say

 

I am finding files in my computer,local c drive,sandbox,user,delete default box
that is where they will be kept until you delete the contents of the sandbox.

 

They are held in that virtual world by sandboxie until the box gets emptied. They have no contact with your real c drive.

 

 

I browse sandboxed, I pick up cookies in the default box, I pick up trojans in my default box.

 

They show an address of c sandbox. But when I empty the sandbox, they are gone.

 

Or are we misunderstanding what you mean?

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

...I have ticked the box for deletion as you indicate and with sdelete...

Fluffy, are you saying you use SDelete to secure delete your sandbox? If so, it's possible it's not configured properly and fouling up the deletion process. Try changing your sandbox settings by relying solely on the default deletion process (RMDIR). See below image.

 

Also, something else that's puzzling is that you refer to the location of your sandbox as "c drive,sandbox,user,delete default box". My paths to my sandboxes do not contain the word "delete". ??? I'm not sure if that's related to SDelete or not.

 

 

post-23766-1265900382_thumb.jpg

Link to comment
Share on other sites

Fluffy the sandbox is a little virtual world with a real address.

My sweet Hazelnut Fluffy does live in a little virtual world !!!!! :lol:

 

when i delete they stay there also if i use the"is window sandboxed" and move the target over them it says "the selected window is not running as part of any sanbox program"

 

which makes me think they are in my ]real c drive

 

Floof

Link to comment
Share on other sites

  • Moderators

Right Floof (new name?)

 

Right click on browser and select run sandboxed.

 

Browse around collecting cookies etc.

 

Close browser.

 

Right -click sandboxie taskbar icon.

 

Choose default box then select delete contents.

 

Is this what you are doing?

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

cc1 Oh yes you`ve hit on something there i`ve changed deletion from sdelete to rmdir and guess what??? it`s cleared a load of out it out,some of the folders have gone yessssssssssssssss!

i`m not counting chickens yet but i think your right sdelete hasn`t been deleting !

 

with regard to the location i was finding these files and superantispyware,in it`s quranteen it had the tracking cookies at this location

C:\sanbox\user\_delete_defaultbox_01AA................C\user\current\cookies\user@ads.audxch.txt

 

it could have been related to the sdelete...

 

i`m going to keep browsing and deleting the sandbox and see if this has craked it

i`ll repost soon !

Thank you all

F

Link to comment
Share on other sites

Fluff here! reporting that when i now empty the sandbox or just shut down everyything has gone !

I`m still on RMDIR delete,

Aqua-i`m not going to use Sdelete for now i might try eraiser see Dennis`s comments ...

Thankyou cc1 you were correct Sdelete just wasn`t doing it ! it maybe not loaded properly perhaps

Hazelnut thanks for your kind approach in understanding when and what i do`nt understand!

 

Thanks again you lot !

One day I might be able to get around to helping someone on the forum,I just seem to always taking the help but not giving it

 

 

Fluff

Link to comment
Share on other sites

  • Moderators
I heard negative stuff about SDelete some time back

I've watched it do negative stuff before like munching away at the Windows directory only stopping when it couldn't kill off Explorer.exe. Damaged the hell out of Windows in the process too, and System Restore can only fix so much.

 

I personally wouldn't use a command line secure deletion program like sdelete even though it's by Sysinternals simply because a typo can spell complete disaster.

Link to comment
Share on other sites

  • Moderators
what about eraser?..which version you use?...i heard comments about it too.

Eraser 5.7 is good, although if you have it wipe a ton of files from the Recycle Bin you'll have to wait however long it takes to show the Finished dialog - if you get impatient with it and try to forcefully stop it it can screw up the system and you'd have to use Recovery Console to either fix things like the MBR or use fix boot, etc.

 

Other very good freeware alternatives I've used are:

* Alternate File Shredder - can't integrate into the right click shell

* File Shredder - possibly the most comparable to Eraser's features

Link to comment
Share on other sites

Fluff here! reporting that when i now empty the sandbox or just shut down everyything has gone !

I`m still on RMDIR delete,

Aqua-i`m not going to use Sdelete for now i might try eraiser see Dennis`s comments ...

Thankyou cc1 you were correct Sdelete just wasn`t doing it ! it maybe not loaded properly perhaps

Hazelnut thanks for your kind approach in understanding when and what i do`nt understand!

Thanks again you lot !

One day I might be able to get around to helping someone on the forum,I just seem to always taking the help but not giving it

Fluff

 

That's great news, Fluff. I used Sandboxie with its default settings for a while before I began to tweak it. So I agree with your decision to stick with the default delete method (RMDIR) for now.

 

Chris

Link to comment
Share on other sites

  • Moderators
btw how do you guys sandbox MSPaint and clipboard..

i read on another site keylogers can use both .

 

I would do that via Sandboxie Control's "Configure\Shell Integration" menu.

 

It brings up this window:

 

1sAYCs.jpg

 

Which gives you this list.

 

mBIqSs.jpg

 

Choose the program and the shortcut runs it sandboxed every time.

 

You could set it as a forced program, or right click the original shortcut and run sandboxed, but this method is probably better, and you wouldn't forget to do it.

 

EDIT: The clipboard I believe is stored in RAM, so can you sandbox RAM? Never thought about that one.

Link to comment
Share on other sites

From changelog

 

Full support for 64-bit Windows.

 

* Single installation EXE contains both 32-bit and 64-bit editions of Sandboxie.

 

Anyone tested this?

 

The description is not encouraging for 64 bit systems. http://www.sandboxie.com/index.php?NotesAbout64BitEdition

 

"Thus in 64-bit Windows, Sandboxie can only "recommend" a program to not go out of the sandbox, but cannot mandate this. A malicious program could easily circumvent Sandboxie by simply ignoring these recommendations. "

 

 

Not good.

Link to comment
Share on other sites

  • Moderators

I think it is a good idea for any 64 bit user to read that link. It is not totally all bad news.

 

Microsoft's Patch Guard is making it quite difficult for 3rd party software developers, but we live in hope :)

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

Microsoft's Patch Guard is making it quite difficult for 3rd party software developers, but we live in hope :)

 

Not long ago tzuk was saying it would never work with 64 bit due to Microsoft's PatchGuard and now we have this. Hopefully he will find a way to make it fully compatible.

 

I wish MS had made Windows XP Mode available in Home versions of 64 bit and not just Professional and on up...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.