Hi All,

I'd like to start a thread on configuring Sandboxie. It seems like such a flexible program but the official documentation is hard for me to understand. Maybe we can build this up enough that we can create a quality guide.

I think there are two types of approaches, functional and solutions based. By functional, I mean would users who are already Sandboxie power users go through some of the more powerful and flexible functions ClosedFilePath, explaining the syntax, options and possible uses. By solutions based, I mean ways of putting together a set of functions with a end in mind.

As I'm not a Sandboxie power user myself, I don't have interesting here to share. However I do have a few requests. Would someone be able to explain the following functions:

ClosedFilePath
ClosedIpcPath

Also I'm looking for the following solutions:

A sandbox that only allows the web browser to run and acces the internet.
A sandbox to test viruses. So this sandbox should only allow 1 executable to run, no direct access to any local resources, no access to the internet.

Cheers,
Jeremy

I'll be following this thread with interest!

Regarding CloseFilePath.

It closes the access to the file referenced. The name says it.
How is this used in SBIE?
If you block access to a specific folder, let's say "my documents", there will be this entry at the ini:

CloseFilePath=%Personal%

This means that the path to %personal% (my documents), is closed.

Another use to this, is using this lines:

ProcessGroup=<restricted1>,iexplore.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe
ClosedFilePath=!<restricted1>,*

Please note the use of "!=". In most programming languages, "!=" means "not equal". So, basically this says that the path for any file outside the "restricted1" group declared before is closed. (I do not know what the * is for)

I do not know what exactly ClosedIpcPath does. For avoiding execution, it's enough with ClosedFilePath. I do believe that ColsedIpcPath adds itself to the ini when you add ClosedFilePath, since I just saw it in my ini file and I'm 90% certain that I only added CloseFilePath.
Can anyone confirm this please?


I'll be posting my ini file and explain the way I use each sandbox in a future post.



EDIT: I just realized that I talked about "!=", but in reality the setting is "=!<restricted1>", so the ! is before <restricted1>, not before "=". The idea is the same...
! is the logic operator for "NOT". so in this case it would be "close file path for all that is equal to not process group restricted1". It's a slight difference.

{QUOTE-> Please note the use of "!=". In most programming languages, "!=" means "not equal". So, basically this says that the path for any file outside the "restricted1" group declared before is closed. (I do not know what the * is for) <-QUOTE}
Thanks for the "!=" explanation :).

The * is a wildcard. http://www.sandboxie.com/index.php?OpenFilePath
{QUOTE-> Wildcard stars are used to specify patterns with variable, unknown parts. For example, a.eml matches only that one file, whereas *.eml matches a.eml, test.eml, important message.eml and so on. But note that neither form matches a.txt. <-QUOTE}

Edit: also regarding the "!". See here for a decent explanation. http://www.sandboxie.com/index.php?ProgramNamePrefix

Yes, I know it's a wildcard.
What I don't know, is why a wilcard is needed, when IMO the "!=<restricted>" should be enough, as it covers ALL files outside the group.

{QUOTE-> Yes, I know it's a wildcard.
What I don't know, is why a wilcard is needed, when IMO the "!=<restricted>" should be enough, as it covers ALL files outside the group. <-QUOTE}

I get it now. * in this context means all file paths on your computer.

So the direct translation for

{QUOTE->
ClosedFilePath=!<restricted1>,*
<-QUOTE}

is

{QUOTE->
Close the file path, for all programs not in group restricted1, everything.
<-QUOTE}

in natural English it is

{QUOTE->
Close access to everything on this computer for programs not in group restricted1
<-QUOTE}

EDIT: I might also add that this means deny all disk access i.e. deny READ and WRITE access

But isn't the wildcard redundant?

EDIT: Never mind, I just got it. "for every program outside the process group, the access to any file path is closed."

Here I post my sandboxie ini and the way I use SBIE. I hope this helps. Also if someone with more knowledge than I (a lot of wilders members :)) finds some redundant entries, please let me know. For example, I believe the "lingering process" entries are not needed, since no other processes can run in some sandboxes.

SBIE is now my only security app, so I want to have it tuned to perfection, and cover all vectors.

I have several sandboxes, which have self-explainatory names (but some are in spanish, so I'll translate)


[DefaultBox] Sandbox:

Used for:
-testing unknown programs
-for opening every document that comes from the web (docs, ppts, mp3s, etc) when a virustotal scan can't be done ATM (after VT scan, file is considered safe and moved to data partition).
-Also this sandbox holds anything that runs from usb sticks (partitions F: and G:.. I don't think I'll ever plug more than 2 at the same time)

Nothing in this sandbox can conect to the internet.
Nothing can access my data partition (%personal%)
This sandbox is eraser with a 3-passes algorithm.

Lots of un-needed entries. Will have to clean the ini.


[IEXPLORER] Sandbox:

Only IE can run on it. Only IE can connect to the to the internet. Redundant-if it can't run it can't connect.
Nothing can access data partition.
Not erased, only deleted. See below.


[FIREFOX] Sandbox:

Only Firefox and and PDF-Viewer can run (I do need to look for a lot of pdf's, and I prefer open them instead of downloading them).
Only Firefox can connect.
Access to some personal data is granted (Pictures so I can upload or directly download to folder, My university folder, etc)
Access to sensitive data resticted (passwords, financial info, messenger logs, etc).
Not erased, it only deletes the contents in order to save laptop battery life, since it's the most used sandbox (a lot of firefox opening and closing)


[ArchivosRecibidos] Sandbox -- received files --:

This sandbox forces anything that runs from the folders "My recieved files" (msn messenger) and "Completed torrent downloads" to run sandboxed.
Access to data is denied.
Nothing can connect to the internet.
Erased with 3-passes.


[Winamp] Sandbox -- in reality it's my media player sandbox--:

Forces Winamp and Media Player Classic to run sandboxed. Used to avoid accidental damage by fake mp3's.
WMP is not included as I hardly ever use it, but will be included next time I reboot without Returnil enabled.
Nothing can connect to the internet.
Only Winamp, MediaPlayerClassic and the exe needed for k-lite codec pack can run.
Access granted for music, movies and completed torrents folder.


And that's it. Any suggestions to avoid redundancies and close open gaps are welcomed (and needed ;D).
ATM the weak links are: Outlook and MSN messenger. I couldn't make them work in SBIE.
I workaround this by:
a) the received files force sandbox.
b) all mail is converted to plain text.


{QUOTE->
[GlobalSettings]

ProcessGroup=<InternetAccess_IEXPLORER>,iexplore.exe
ProcessGroup=<InternetAccess_FIREFOX>,firefox.exe
ProcessGroup=<restricted1>,iexplore.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe
ProcessGroup=<restricted2>,firefox.exe,PDFXCview.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe
ProcessGroup=<restricted3>,DivXsm.exe,mplayerc.exe,winamp.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe

[DefaultBox]

ConfigLevel=3
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
Enabled=y
AutoDelete=y
NeverDelete=n
ClosedFilePath=\Device\RawIp
ClosedFilePath=\Device\Ip*
ClosedFilePath=\Device\Tcp*
ClosedFilePath=\Device\Afd*
ClosedFilePath=%Personal%
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\places*
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\bookmark*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\places*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\bookmark*
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
ForceFolder=G:\
ForceFolder=F:\
DeleteCommand=C:\Archivos de programa\Eraser\Eraserl.exe -folder "%SANDBOX%" -subfolders -method Random 3

[UserSettings_38A404AF]

SbieCtrl_UserName=propietario
SbieCtrl_ShowWelcome=N
SbieCtrl_NextUpdateCheck=1555555555
SbieCtrl_UpdateCheckNotify=Y
SbieCtrl_HideWindowNotify=N
SbieCtrl_WindowLeft=560
SbieCtrl_WindowTop=295
SbieCtrl_WindowWidth=660
SbieCtrl_WindowHeight=450
SbieCtrl_Hidden=N
SbieCtrl_ActiveView=40021
SbieCtrl_BoxExpandedView_DefaultBox=Y
SbieCtrl_AutoApplySettings=Y
SbieCtrl_SettingChangeNotify=N
SbieCtrl_BoxExpandedView_IEXPLORER=N
SbieCtrl_BoxExpandedView_FIREFOX=Y
SbieCtrl_BoxExpandedView_SKYPE=Y
SbieCtrl_ReloadConfNotify=N
SbieCtrl_EditConfNotify=N
SbieCtrl_ColWidthProcName=250
SbieCtrl_ColWidthProcId=70
SbieCtrl_ColWidthProcTitle=310
SbieCtrl_BoxExpandedView_ArchivosRecibidos=Y
SbieCtrl_BoxExpandedView_Winamp=Y

[IEXPLORER]

ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\RawIp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Ip*
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Afd*
ClosedFilePath=!<restricted1>,*
ClosedFilePath=%Personal%
ClosedIpcPath=!<restricted1>,*
Enabled=y
ConfigLevel=3
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
AutoDelete=y
NeverDelete=n
ForceProcess=iexplore.exe
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms

[FIREFOX]

ClosedFilePath=!<restricted2>,*
ClosedFilePath=%Personal%Mis archivos recibidos\
ClosedFilePath=%Personal%My Chat Logs\
ClosedFilePath=%Personal%varios\
ClosedFilePath=%Personal%Contraseñas\
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\RawIp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Ip*
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Afd*
ClosedIpcPath=!<restricted2>,*
Enabled=y
ConfigLevel=3
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
AutoDelete=y
NeverDelete=n
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\places*
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\bookmark*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\places*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\bookmark*
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
ForceProcess=firefox.exe

[ArchivosRecibidos]

Enabled=y
ConfigLevel=3
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
AutoDelete=y
NeverDelete=n
ForceFolder=D:\Completed Torrent Downloads
ForceFolder=D:\Mis archivos recibidos
DeleteCommand=C:\Archivos de programa\Eraser\Eraserl.exe -folder "%SANDBOX%" -subfolders -method Random 3
ClosedFilePath=%My Video%\
ClosedFilePath=%Personal%EII\
ClosedFilePath=\Device\RawIp
ClosedFilePath=\Device\Ip*
ClosedFilePath=\Device\Tcp*
ClosedFilePath=\Device\Afd*
ClosedFilePath=%Personal%Contraseñas\
ClosedFilePath=%Personal%8525 BACKUP\
ClosedFilePath=%Personal%My Chat Logs\
ClosedFilePath=%Personal%varios\
ClosedFilePath=%Personal%Mis imágenes\
ClosedFilePath=%Personal%Mi música\

[Winamp]

ClosedFilePath=!<restricted3>,*
ClosedFilePath=%Personal%varios\
ClosedFilePath=%Personal%My Chat Logs\
ClosedFilePath=%Personal%Contraseñas\
ClosedFilePath=%Personal%8525 BACKUP\
ClosedFilePath=%Personal%EII\
ClosedFilePath=\Device\Afd*
ClosedFilePath=\Device\Tcp*
ClosedFilePath=\Device\Ip*
ClosedFilePath=\Device\RawIp
ClosedIpcPath=!<restricted3>,*
Enabled=y
ConfigLevel=3
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
AutoDelete=y
NeverDelete=n
ForceProcess=mplayerc.exe
ForceProcess=winamp.exe
<-QUOTE}

{QUOTE-> Also I'm looking for the following solutions:
A sandbox that only allows the web browser to run and acces the internet. Cheers, Jeremy <-QUOTE}
Jeremy, I've been a user of Sandboxie for only about a month or so now. Love what I have seen thus far, so although I'm currently using the free version, I plan on buying the registered version. I'm not a computer power-user, so whether I make custom ClosedFilePath entries remains to be seen. But, for those reading this post who are less technically savvy, what I have been able to do using the more "standard" features of Sandboxie are (a) make Internet Explorer the only program that can access the internet when sandboxed, (b) make Sandboxie notify me if I carelessly open an unsandboxed version of IE, (c) block access to certain files/folders while sandboxed (Example, I block access to My documents in the event I pick up a keylogger while sandboxed. The keylogger will, of course, be removed when I delete the contents of that sandbox.), (d) create sandboxed web link icons directly on my desktop so I can click on them and go directly to those websites...sandboxed of course, and (e) automatically delete contents of the sandbox.

Regarding (a) and (b), you can find information here: http://www.sandboxie.com/index.php?ProgramSettings
Regarding (c), you can find information here:
http://www.sandboxie.com/index.php?ResourceAccess (scroll down to File Access > Blocked Access)
Regarding (d), if you want the web site to open in the default sandbox, then Right click on desktop>new> shortcut>enter "C:\Program Files\Sandboxie\Start.exe" (the url goes here without the parenethesis)
If you want the web site to open in a custom sandbox that you've already created, then follow the same steps, but add "/box: name of the custom sandbox" (without the quotation marks) immediately after "C:\Program Files\Sandboxie\Start.exe"
Regarding (e), you can find information here: http://www.sandboxie.com/index.php?GettingStartedPartFive

{QUOTE-> Also I'm looking for the following solutions: A sandbox to test viruses. So this sandbox should only allow 1 executable to run, no direct access to any local resources, no access to the internet. Cheers, Jeremy <-QUOTE}
I found a web site with some guidance to follow about this. I've got it bookmarked on another computer and will try to post a follow-up later today.

Would the below settings achieve most of what you want to do?

Under - [GlobalSettings]
ProcessGroup=<InternetAccess_DefaultBox>,iexplore.exe,firefox.exe
ProcessGroup=<restricted>,iexplore.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe,firefox.exe,PDFXCview.exe,
DivXsm.exe,mplayerc.exe,winamp.exe

Under - [DefaultBox]
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*
ClosedIpcPath=!<restricted>,*

I think the above settings will allow IE and FF to run and connect to the net and the restricted setting allows all apps in that line to run sandboxed but not connect out unless they are in the Internet access line.

Yes could be.
But keep in mind that there are different folder access privileges for each sandbox.
But it's a great suggestion, I'll try working on it to simplify things.

Tanks a lot!

{QUOTE-> Would the below settings achieve most of what you want to do?

Under - [GlobalSettings]
ProcessGroup=<InternetAccess_DefaultBox>,iexplore.exe,firefox.exe
ProcessGroup=<restricted>,iexplore.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe,firefox.exe,PDFXCview.exe,
DivXsm.exe,mplayerc.exe,winamp.exe

Under - [DefaultBox]
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*
ClosedIpcPath=!<restricted>,*

I think the above settings will allow IE and FF to run and connect to the net and the restricted setting allows all apps in that line to run sandboxed but not connect out unless they are in the Internet access line. <-QUOTE}

It's quite hard to build more effective rules than those are. Of course if you don't need something then don't allow it.

Maybe it's possible to have one sandbox with different restricted groups.
This way I can set different folder access rights to each group in the sandbox.
Will try it out later.

My current sandboxIE settings are very similar to those Franklin posted and you really cannot get tighter rules that.

I currently have 2 sandboxes: 1 for online banking/shopping etc in which only IE7 can run and has internet access and all other file/folder access is also blocked. The defaultbox is configured to give only IE7 internet access and only certain apps have permission to run sandboxed (ie. Foxit PDF reader, WMP etc). This defaultbox is used in general browsing and only certain folders have access rights.

{QUOTE-> I currently have 2 sandboxes: 1 for online banking/shopping etc in which only IE7 can run and has internet access and all other file/folder access is also blocked. The defaultbox is configured to give only IE7 internet access and only certain apps have permission to run sandboxed (ie. Foxit PDF reader, WMP etc). This defaultbox is used in general browsing and only certain folders have access rights. <-QUOTE}What does the .ini file look like?

Thanks for all the replies guy. I've got a couple of questions on some of the functions.

What is the difference between ClosedFilePath and ClosedIpcPath?

Also, in what order does sandboxie read the ini file? I'm trying to draw an analogy to linux firewall config files where if you want to set up a web server for example you would do something like
Block all in
allow 80 in

So then you can set your sandbox to allow nothing by default and allow selectively.

Also what does the \Device\ paths represent?

Well, can anybody tell how to configure AIroboform with a default sandbox where firefox and other browsers are in forced programs...I tried everything and the only working precedure I found is to right click and run sandboxed from startmenu roboformtaskicon.exe...Must be a way to have it automized...
-----------
added: seems as I solved it...had to download roboform-firefox 3.0.xpi. After this OK....

Hurst,

for Outlook I use the following:

ForceProcess=outlook.exe
OpenFilePath=outlook.exe,%Local Settings%\Application Data\Microsoft\Outlook\
OpenFilePath=outlook.exe,%AppData%\Microsoft\Outlook\
OpenProtectedStorage=y


Works fine for me.

However, I have not figured out how to run an anti virus outlook plugin - If anyone has, let me know...

{QUOTE-> Hurst,

for Outlook I use the following:

ForceProcess=outlook.exe
OpenFilePath=outlook.exe,%Local Settings%\Application Data\Microsoft\Outlook\
OpenFilePath=outlook.exe,%AppData%\Microsoft\Outlook\
OpenProtectedStorage=y


Works fine for me.
<-QUOTE}

What if we changed it to

ClosedFilePath=*,*
ClosedIpcPath=*,*
ForceProcess=outlook.exe
OpenFilePath=outlook.exe,%Local Settings%\Application Data\Microsoft\Outlook\
OpenFilePath=outlook.exe,%AppData%\Microsoft\Outlook\
OpenProtectedStorage=y

Will that lock the sandbox down to only allow outlook to function?

Under - [GlobalSettings]
ProcessGroup=<restricted>,outlook.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe

Under - [DefaultBox]
ClosedIpcPath=!<restricted>,*

Those lines should allow Outlook as the only app able to run in the sandbox.

The problem is that outlook sometimes likes to call winword.exe or msn messenger.

With Outlook Express you can stop msn messenger being auto started through Tools - Options - Genera tab and unticking Auto login to messenger.

Might be the same for Outlook?

Don't know about winword.

Hey guys,

I'm still in the dark on the difference between closedipcpath and closedfilepath.What is the difference?

Also what is the \device\ items used with closedfilepath?

Also has anyone found a way to get outlook to work in a way that it just writes to the pst files automatically but is otherwise fully isolated?

If we can get enough information together, we can create a guide out of this, which what I aim to do.

Thanks for all the help.

SBIE forums is a better place to solve your question,many knowledgeable people over there. ;)

{QUOTE-> SBIE forums is a better place to solve your question,many knowledgeable people over there. ;) <-QUOTE}

How active is the forums?

{QUOTE-> How active is the forums? <-QUOTE}

just like Wilders.

Since SBIE seems to be the main resident security application used by many of us, it is important to have it be as secure as possible. That being said, would any more knowledgeable than me please take a look at my config and let me know hoe tight and secure it is? If you notice anythign that could be improved please say so.

{QUOTE->
[GlobalSettings]

FileRootPath=C:\Program Files\Sandboxie\Sandbox\%SANDBOX%
ProcessGroup=<InternetAccess_Opera>,opera.exe
ProcessGroup=<InternetAccess_IE>,IEXPLORE.EXE
ProcessGroup=<InternetAccess_Amazon>,amazonmp3downloader.exe
ProcessGroup=<InternetAccess_Miranda>,miranda32.exe
ProcessGroup=<InternetAccess_Main>,opera.exe

[UserSettings_1B080328]

SbieCtrl_UserName=n8chavez
SbieCtrl_ShowWelcome=N
SbieCtrl_NextUpdateCheck=1555555555
SbieCtrl_UpdateCheckNotify=Y
SbieCtrl_BoxExpandedView_DefaultBox=Y
SbieCtrl_AutoApplySettings=Y
SbieCtrl_SettingChangeNotify=N
SbieCtrl_HideWindowNotify=N
SbieCtrl_WindowLeft=200
SbieCtrl_WindowTop=150
SbieCtrl_WindowWidth=660
SbieCtrl_WindowHeight=453
SbieCtrl_Hidden=Y
SbieCtrl_ActiveView=40021
SbieCtrl_EnableLogonStart=Y
SbieCtrl_EnableAutoStart=Y
SbieCtrl_AddDesktopIcon=N
SbieCtrl_AddQuickLaunchIcon=N
SbieCtrl_AddContextMenu=Y
SbieCtrl_AddSendToMenu=N
SbieCtrl_ReloadConfNotify=N
SbieCtrl_EditConfNotify=N
SbieCtrl_ColWidthProcName=250
SbieCtrl_ColWidthProcId=70
SbieCtrl_ColWidthProcTitle=310
SbieCtrl_TerminateWarn=N
SbieCtrl_HideMessage=2203,connect C0000034
SbieCtrl_HideMessage=2102
SbieCtrl_BoxExpandedView_Opera=Y
SbieCtrl_ExplorerWarn=N
SbieCtrl_BoxExpandedView_Main=Y
SbieCtrl_BoxExpandedView_Miranda=Y
SbieCtrl_BoxExpandedView_IE=Y
SbieCtrl_ProcSettingsNotify=N
SbieCtrl_BoxExpandedView_JRiver=Y
SbieCtrl_BoxExpandedView_Amazon=Y
SbieCtrl_BoxExpandedView_removeable=Y

[Miranda]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=D:\Downloads
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
BoxNameTitle=y
AutoDelete=y
NeverDelete=n
DeleteCommand=C:\Program Files\BCWipe\BCWipe Delete -PS Mine -NoSwapFile "%SANDBOX%"
ForceFolder=C:\Program Files\Miranda
ForceProcess=miranda32.exe
ClosedFilePath=%Personal%\
ClosedFilePath=C:\Program Files\WinPatrol\
ClosedFilePath=C:\Program Files\Looknstop\
ClosedFilePath=!<InternetAccess_Miranda>,\Device\RawIp
ClosedFilePath=!<InternetAccess_Miranda>,\Device\Ip*
ClosedFilePath=!<InternetAccess_Miranda>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_Miranda>,\Device\Afd*

[Opera]

ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=D:
RecoverFolder=%Personal%
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
LingerProcess=trustedinstaller.exe
Enabled=y
AutoDelete=y
NeverDelete=n
DeleteCommand=C:\Program Files\BCWipe\BCWipe Delete -PS Mine -NoSwapFile "%SANDBOX%"
ForceProcess=opera.exe
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\cookies4.dat
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\contacts.adr
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\notes.adr
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\urlfilter.ini
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\wand.dat
OpenPipePath=amazonmp3downloader.exe,%Personal%\
OpenPipePath=SandboxieRpcSs.exe,%Personal%\
BoxNameTitle=y
OpenFilePath=opera.exe,%AppData%\Opera\Opera\Profile\opera6.adr
OpenFilePath=opera.exe,%AppData%\Opera\Opera\mail
ClosedFilePath=!<InternetAccess_Opera>,\Device\RawIp
ClosedFilePath=!<InternetAccess_Opera>,\Device\Ip*
ClosedFilePath=!<InternetAccess_Opera>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_Opera>,\Device\Afd*
ClosedFilePath=C:\Program Files\Looknstop\
ClosedFilePath=C:\Program Files\WinPatrol\

[Amazon]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=D:\Downloads\MP3s
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
BoxNameTitle=y
AutoDelete=y
NeverDelete=n
DeleteCommand=C:\Program Files\BCWipe\BCWipe Delete -PS Mine -NoSwapFile "%SANDBOX%"
ForceProcess=amazonmp3downloader.exe
ClosedFilePath=%Personal%\
ClosedFilePath=C:\Program Files\WinPatrol\
ClosedFilePath=C:\Program Files\Looknstop\
ClosedFilePath=!<InternetAccess_Amazon>,\Device\RawIp
ClosedFilePath=!<InternetAccess_Amazon>,\Device\Ip*
ClosedFilePath=!<InternetAccess_Amazon>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_Amazon>,\Device\Afd*
OpenPipePath=D:\Downloads\MP3s\

[IE]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
BoxNameTitle=y
AutoDelete=y
NeverDelete=n
DeleteCommand=C:\Program Files\BCWipe\BCWipe Delete -PS Mine -NoSwapFile "%SANDBOX%"
ReadFilePath=C:\Program Files\WinPatrol\
ReadFilePath=C:\Program Files\CCleaner\
ClosedFilePath=%Personal%\
ClosedFilePath=C:\Program Files\Looknstop\
ClosedFilePath=C:\Program Files\WinPatrol\
ClosedFilePath=!<InternetAccess_IE>,\Device\RawIp
ClosedFilePath=!<InternetAccess_IE>,\Device\Ip*
ClosedFilePath=!<InternetAccess_IE>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_IE>,\Device\Afd*
ForceProcess=iexplore.exe

[Removeable]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.part
AutoRecoverIgnore=.jc!
RecoverFolder=D:\Downloads
RecoverFolder=%Personal%
LingerProcess=acrord32.exe
LingerProcess=jusched.exe
LingerProcess=syncor.exe
LingerProcess=devldr32.exe
LingerProcess=wuauclt.exe
LingerProcess=trustedinstaller.exe
BoxNameTitle=y
AutoDelete=y
NeverDelete=n
DeleteCommand=C:\Program Files\BCWipe\BCWipe Delete -PS Mine -NoSwapFile "%SANDBOX%"
ForceFolder=I:\
ClosedFilePath=Rohos mini.exe,C:\Program Files\WinPatrol\
ClosedFilePath=Rohos mini.exe,C:\Program Files\Looknstop\
ClosedFilePath=C:\Program Files\WinPatrol\
ClosedFilePath=C:\Program Files\Looknstop\
ClosedFilePath=\Device\Afd*
ClosedFilePath=\Device\Tcp*
ClosedFilePath=\Device\Ip*
ClosedFilePath=\Device\RawIp
OpenFilePath=Rohos mini.exe,I:\
<-QUOTE}

{QUOTE->
So then you can set your sandbox to allow nothing by default and allow selectively.
<-QUOTE}
This is from Blocked File Access (ClosedFilePath) window:
"If a file or folder matches any other File Access setting, but also matches any Blocked Access setting, the Blocked Access setting will take precedence."

Doesn't this complicate things a little?

ClosedFilePath=C:\Program Files\*
would block access to all programs in this path.

But if I want to open a path only for e.g. Firefox, I can't use
OpenFilePath=C:\Program Files\Mozilla Firefox\*
because the previous ClosedFilePath settings overrules this one.

So to allow access to Firefox folder, I have to deny every single folder in Program Files ???

Or is this just a lack of understanding :doubt:

Cheers

{QUOTE-> This is from Blocked File Access (ClosedFilePath) window:
"If a file or folder matches any other File Access setting, but also matches any Blocked Access setting, the Blocked Access setting will take precedence."

Doesn't this complicate things a little?

ClosedFilePath=C:\Program Files\*
would block access to all programs in this path.

But if I want to open a path only for e.g. Firefox, I can't use
OpenFilePath=C:\Program Files\Mozilla Firefox\*
because the previous ClosedFilePath settings overrules this one.

So to allow access to Firefox folder, I have to deny every single folder in Program Files ???

Or is this just a lack of understanding :doubt:

Cheers <-QUOTE}

No your reasoning is oke,but in OP's place i would follow the setup config. explained many times here,centered around the restricted rules by Wraithdu.

{QUOTE-> explained many times here,centered around the restricted rules by Wraithdu. <-QUOTE}
Oh, I see, it's a searching thread, not a learning thread. ::)

However, does this mean if I have this two lines:
ProcessGroup=<restricted>,Start.exe,...
and
ClosedFilePath=!<restricted>,*
there is no need to add any other ClosedFilePath locations?
Because no program which is not in the ProcessGroup 'restricted' is allowed to access files from 'the real system'.

Cheers

For Wraithdu's rules, which section does the ClosedFilePath relate to in the sandbox settings? File, Registry, what? Forgive my idiocy but between the forums here and at SandboxIE, all these configuration suggestions are spread out all over Gods creation, and just when you think you've gotten something down, a couple pages later in a thread or in a completely different thread that may be a few pages back, somebody corrects the suggestion with something else. It's a pain in the ass to put it bluntly.

All I want to do is set up 5 sandboxes.

(Default box). IE7 that is able to update bookmarks and open PDF files instead of having to save them, and also to play embedded videos/music (I use WMP solely). I do not want anything else to have internet or any other access to data, or be able to run in this box unless it is needed to perform the functions I wish of this box.


2. Firefox that is able to update bookmarks and extensions, and open PDF files instead of having to save them, and also to play embedded videos/music (I use WMP solely). I do not want anything else to have internet or any other access to data, or be able to run in this box unless it is needed to perform the functions I wish of this box.

3. UTorrent that does nothing but run and upload/download to and from my specified download folder. No other internet access, no access to any other data/files.

4. Media that does nothing but play files already downloaded, specifically using WMP 11. Nothing else runs in it, nothing gets internet/data access (possible exception being giving WMP internet access so it can retrieve information about files playing. But if that's too risky, then no internet access).

5. Test box strictly for testing installs of smaller programs/games, accessing only what it needs.

If anyone will kindly just give an example setup to achieve this I would greatly appreciate it. I just need a good balance of functionality with security since this will likely be my only real-time security app coupled with Returnil Free. (slight possibility of adding Threatfire, but these 3 will be it).

Long time since there has been a discussion about sandboxie, This is my config;
Default box, Firefox, thunderbird, IE (I only use IE for updates).
Can anyone see where I can tighten the grip?

{QUOTE->
[GlobalSettings]

ProcessGroup=<InternetAccess_FIREFOX>,firefox.exe
ProcessGroup=<InternetAccess_ThunderBird>,thunderbird.exe,thunde~1.exe
ProcessGroup=<InternetAccess_DefaultBox>,fact.exe
ProcessGroup=<InternetAccess_IEXPLORER>,iexplore.exe
ProcessGroup=<restricted1>,iexplore.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe
ProcessGroup=<restricted2>,firefox.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe,thunderbird.exe
ProcessGroup=<restricted3>,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe
BlockDrivers=y
BlockWinHooks=y
BlockFakeInput=y

[DefaultBox]

ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
Enabled=y
AutoDelete=y
NeverDelete=n
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*
OpenFilePath=thunderbird.exe,%Local AppData%\Thunderbird
OpenFilePath=thunderbird.exe,%AppData%\Thunderbird
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\places*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\bookmark*
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
CopyLimitKb=3000000
CopyLimitSilent=y
BoxNameTitle=y

[UserSettings_47BE0530]

SbieCtrl_UserName=kyle clothier
SbieCtrl_ShowWelcome=N
SbieCtrl_NextUpdateCheck=1555555555
SbieCtrl_UpdateCheckNotify=N
SbieCtrl_HideWindowNotify=N
SbieCtrl_WindowLeft=253
SbieCtrl_WindowTop=108
SbieCtrl_WindowWidth=660
SbieCtrl_WindowHeight=450
SbieCtrl_Hidden=Y
SbieCtrl_ActiveView=40021
SbieCtrl_BoxExpandedView_DefaultBox=Y
SbieCtrl_AutoApplySettings=Y
SbieCtrl_SettingChangeNotify=N
SbieCtrl_BoxExpandedView_IEXPLORER=N
SbieCtrl_ReloadConfNotify=N
SbieCtrl_EditConfNotify=N
SbieCtrl_ColWidthProcName=250
SbieCtrl_ColWidthProcId=70
SbieCtrl_ColWidthProcTitle=310
SbieCtrl_BoxExpandedView_Winamp=Y
SbieCtrl_ExplorerNotify=N
SbieCtrl_EnableLogonStart=Y
SbieCtrl_EnableAutoStart=Y
SbieCtrl_AddDesktopIcon=Y
SbieCtrl_AddQuickLaunchIcon=Y
SbieCtrl_AddContextMenu=Y
SbieCtrl_AddSendToMenu=Y
SbieCtrl_ExplorerWarn=N
SbieCtrl_BoxExpandedView_FIREBIRD=N
SbieCtrl_BoxExpandedView_ThunderBird=Y
SbieCtrl_BoxExpandedView_FIREFOX=Y
SbieCtrl_TerminateWarn=N

[FIREFOX]

ClosedFilePath=%Personal%\
ClosedFilePath=!<restricted2>,*
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\RawIp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Ip*
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Afd*
ClosedIpcPath=!<restricted2>,*
Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
AutoDelete=y
NeverDelete=n
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\places*
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\bookmark*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\places*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\bookmark*
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
ForceProcess=firefox.exe

[IEXPLORER]

ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\RawIp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Ip*
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Afd*
ClosedFilePath=!<restricted1>,*
ClosedFilePath=%Personal%
ClosedIpcPath=!<restricted1>,*
Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
AutoDelete=y
NeverDelete=n
ForceProcess=iexplore.exe
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms

[ThunderBird]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
OpenFilePath=%AppData%\Thunderbird\*
OpenFilePath=seamonkey.exe,%Local AppData%\Mozilla\Profiles\*\Mail*
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\Mail*
OpenFilePath=thunderbird.exe,%Local AppData%\Thunderbird
OpenFilePath=thunderbird.exe,%AppData%\Thunderbird
OpenKeyPath=seamonkey.exe,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\SeaMonkey*
OpenKeyPath=seamonkey.exe,HKEY_LOCAL_MACHINE\Software\Mozilla\SeaMonkey*
OpenKeyPath=seamonkey.exe,HKEY_CURRENT_USER\Software\Mozilla*\SeaMonkey*
OpenKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\Software\Mozilla Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_CURRENT_USER\Software\Mozilla Thunderbird
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Udp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Ip6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\RawIp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Udp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Tcp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Ip
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Afd*
BoxNameTitle=y
<-QUOTE}

The Firefox box is short on the Internet Access Settings and has quite a few unneeded lines.

[FIREFOX]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
AutoDelete=y
NeverDelete=n
ForceProcess=firefox.exe
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Udp6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Ip6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\RawIp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Udp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Tcp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Ip
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Afd*
ClosedIpcPath=!<restricted2>,*
ClosedFilePath=%Personal%\
RecoverFolder=%Desktop%
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\places*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\bookmark*

Not Needed or canceled out by other settings:

ClosedFilePath=!<restricted2>,*
RecoverFolder=%Personal%
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\places*
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\bookmark*
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
OpenProtectedStorage=y

[ThunderBird]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
OpenFilePath=%AppData%\Thunderbird\*
OpenFilePath=thunderbird.exe,%Local AppData%\Thunderbird
OpenFilePath=thunderbird.exe,%AppData%\Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\Software\Mozilla Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_CURRENT_USER\Software\Mozilla Thunderbird
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Udp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Ip6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\RawIp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Udp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Tcp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Ip
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Afd*
BoxNameTitle=y

Not needed:

RecoverFolder=%Favorites%
OpenFilePath=seamonkey.exe,%Local AppData%\Mozilla\Profiles\*\Mail*
OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\Mail*
OpenKeyPath=seamonkey.exe,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\SeaMonkey*
OpenKeyPath=seamonkey.exe,HKEY_LOCAL_MACHINE\Software\Mozilla\SeaMonkey*
OpenKeyPath=seamonkey.exe,HKEY_CURRENT_USER\Software\Mozilla*\SeaMonkey*

[IEXPLORER]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
AutoDelete=y
NeverDelete=n
ForceProcess=iexplore.exe
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Udp6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Ip6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\RawIp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Udp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Tcp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Ip
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Afd*
ClosedIpcPath=!<restricted1>,*
ClosedFilePath=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms

Not Needed:

ClosedFilePath=!<restricted1>,*
RecoverFolder=%Personal%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe

DefaultBox lists fact.exe as the only program that can access the internet, yet there are settings in the box for Firefox, IE, and Thunderbird. So I cant see what you want there, so I didn't edit it.

This line in Global is not used anywhere so you can delete it, unless you have a reason for it.
ProcessGroup=<restricted3>,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe

Thunderbird box has no ForceProcess but that may be the way you want it - up to you.

Thank you mitch,

Please forgive my ignorance for asking this question. If I open FireFox sandboxied ,surf the net, then delete the contents of the sandbox ,is my system protected? With the as downloaded config.

{QUOTE-> Please forgive my ignorance for asking this question. If I open FireFox sandboxied ,surf the net, then delete the contents of the sandbox ,is my system protected? With the as downloaded config. <-QUOTE}
what ever you delete from the sandbox is secure delete,no history,cookies or coffee;D

{QUOTE-> Please forgive my ignorance for asking this question. If I open FireFox sandboxied ,surf the net, then delete the contents of the sandbox ,is my system protected? With the as downloaded config. <-QUOTE}

Yes. Default settings are very secure. As long as you don't recover anything malicious, you are protected. But you could save some time configuring SBIE to automatically delete the sandbox.

I have it set to empty when FF is closed. Thank you all for the replies.

With Sandboxie really the problem is not confinement of the Sandbox but more how you save and what you save.Also IMO editing the config ini file is tricky,You have to know very well what SBIE intentions are before closing or opening any path.

{QUOTE-> Yes. Default settings are very secure. As long as you don't recover anything malicious, you are protected. But you could save some time configuring SBIE to automatically delete the sandbox. <-QUOTE}
But couldn't some keyloggers steal your data before you close your browser?

Thanks

{QUOTE-> But couldn't some keyloggers steal your data before you close your browser?

Thanks <-QUOTE}

in theory, yes... sandboxes don't necessarily stop bad things from running within the sandbox, they stop it from being able to affect the system outside the sandbox... if a compromise happens within the sandbox and you enter sensitive data into an app running in that sandbox then that sensitive data can still be stolen... that's one of the reasons why sandboxing alone isn't complete protection...

Show me a website that automatically installs and executes a key logger?

{QUOTE-> in theory, yes... sandboxes don't necessarily stop bad things from running within the sandbox, they stop it from being able to affect the system outside the sandbox... if a compromise happens within the sandbox and you enter sensitive data into an app running in that sandbox then that sensitive data can still be stolen... that's one of the reasons why sandboxing alone isn't complete protection... <-QUOTE}
Doesn't it help mitigate the keylogger issue by using Sandboxie's GUI to designate your browser as being the only sandboxed program that can access the internet?
http://www.sandboxie.com/index.php?ResourceAccess#internet

{QUOTE-> Show me a website that automatically installs and executes a key logger? <-QUOTE}

why is it that every time i say something is possible in theory people ask for links to examples? and why do people think it's ok to hand out links to live malware to strangers?

let's take another approach - we know there is such a thing as drive-by downloads, and we know from that that it is possible for a web page to cause the download and execution of arbitrary code on a suitably vulnerable system... since keyloggers are just code there's no reason they can't be downloaded and executed by visiting a web page...

{QUOTE-> Doesn't it help mitigate the keylogger issue by using Sandboxie's GUI to designate your browser as being the only sandboxed program that can access the internet? <-QUOTE}

it helps mitigate it to some degree (maybe even a large degree) if you have sandboxie setup that way, but consider this - there is such a thing as a keylogger implemented in javascript that runs inside your browser... sandboxie's execution/connection whitelisting capability won't do anything to help you there...

and besides which, there's also things like phishing pages and social engineering to get your sensitive data which sandboxing, again, does not help you with... sandboxes contain intrusions, they don't (and in some cases can't) necessarily do much about extrusions...

{QUOTE-> in theory, yes... sandboxes don't necessarily stop bad things from running within the sandbox, they stop it from being able to affect the system outside the sandbox... if a compromise happens within the sandbox and you enter sensitive data into an app running in that sandbox then that sensitive data can still be stolen... that's one of the reasons why sandboxing alone isn't complete protection... <-QUOTE}
Exactly. However, with SandboxIE you can, or rather, you should empty the sandbox in between sensible/normal browsing.
Or use different sandboxes for different purposes.

I believe Peter does this as a method, and i think it's the best way to use it.

{QUOTE-> Exactly. However, with SandboxIE you can, or rather, you should empty the sandbox in between sensible/normal browsing.
Or use different sandboxes for different purposes.

I believe Peter does this as a method, and i think it's the best way to use it. <-QUOTE}
mira pedro si escierto,but what about if you are the type of person that likes to save alot of stuff?ofcourse it will be save in your regular os,then what?
probably is better run sandboxie with a good antivirus,maybe.que piensas?

If its a java based keylogger won't noscript protect against it???

I also have DefenceWall that will stop a key logger.

{QUOTE-> it helps mitigate it to some degree (maybe even a large degree) if you have sandboxie setup that way, but consider this - there is such a thing as a keylogger implemented in javascript that runs inside your browser... sandboxie's execution/connection whitelisting capability won't do anything to help you there...

and besides which, there's also things like phishing pages and social engineering to get your sensitive data which sandboxing, again, does not help you with... sandboxes contain intrusions, they don't (and in some cases can't) necessarily do much about extrusions... <-QUOTE}

I'll try to explain it this way. Everything that you have stated is completely correct and would apply if the goal was protection against "current session" keyloggers. You have to think of Sandboxie as protection against "past session" keyloggers. Current session keyloggers are easy, as Pedro has stated, all you need to do is start with an empty sandbox and go immediately to your bank site and 'exit and empty' thereafter when you are finished. The assumption is that your system and the bank site are clean. That assumption quantifies your risk factor.

In this respect Sandboxie even with merely its' default settings (I think this is WilliamPs' question) will give you adequate protection. Most securityware offers this same level of protection. After all, if you start with a clean system and go immediately to your bank site, and that site itself is clean - what is there that is going to get you?

But what if you were doing this for the hundredth time? Could any other security product give you slam-dunk protection against any keyloggers picked up in the past? As you say, there are many ways for an exploit to happen. Since Sandboxie has completely flushed all of this past activity away, and done so in a total fashion, the likelihood that your system remains clean for todays bank visit remains high.

{QUOTE-> mira pedro si escierto,but what about if you are the type of person that likes to save alot of stuff?ofcourse it will be save in your regular os,then what?
probably is better run sandboxie with a good antivirus,maybe.que piensas? <-QUOTE}
SandboxIE is a tool. It won't stop you from doing what you want to do.
It makes sure you save only what you want, install what you want, and so on. It's not smart to tell you what's bad or not.

An AV is also a good tool. If it's a known trojan for instance, the AV will tell you "this is a trojan". Then there is no doubt, unless it's a FP. If you suspect it is a FP, contact the AV company.
{QUOTE-> If its a java based keylogger won't noscript protect against it??? <-QUOTE}
This is about SandboxIE, NoScript is not relevant.

{QUOTE-> SandboxIE is a tool. It won't stop you from doing what you want to do.
It makes sure you save only what you want, install what you want, and so on. It's not smart to tell you what's bad or not.

An AV is also a good tool. If it's a known trojan for instance, the AV will tell you "this is a trojan". Then there is no doubt, unless it's a FP. If you suspect it is a FP, contact the AV company.

This is about SandboxIE, NoScript is not relevant. <-QUOTE}
i already knew that amigo,my point is that for average people i think it is good idea to run both,for extra protection.

Then i agree. :)

On one computer I tried adding Internet Explorer as the only program allowed to access the internet. When I do this IE won't work. If I remove it from the settings IE will work again.

{QUOTE-> On one computer I tried adding Internet Explorer as the only program allowed to access the internet. When I do this IE won't work. If I remove it from the settings IE will work again. <-QUOTE} Check that you added it correctly as iexplore.exe, many times a mistake happens as people add an "R" at the end as in iexplorer.exe.

{QUOTE-> I'll try to explain it this way. Everything that you have stated is completely correct and would apply if the goal was protection against "current session" keyloggers. You have to think of Sandboxie as protection against "past session" keyloggers. Current session keyloggers are easy, as Pedro has stated, all you need to do is start with an empty sandbox and go immediately to your bank site and 'exit and empty' thereafter when you are finished. The assumption is that your system and the bank site are clean. That assumption quantifies your risk factor.

In this respect Sandboxie even with merely its' default settings (I think this is WilliamPs' question) will give you adequate protection. Most securityware offers this same level of protection. After all, if you start with a clean system and go immediately to your bank site, and that site itself is clean - what is there that is going to get you?

But what if you were doing this for the hundredth time? Could any other security product give you slam-dunk protection against any keyloggers picked up in the past? As you say, there are many ways for an exploit to happen. Since Sandboxie has completely flushed all of this past activity away, and done so in a total fashion, the likelihood that your system remains clean for todays bank visit remains high. <-QUOTE}
From one Sandboxie fan to another...great explanation, Mitch. ;)

Thank you Mitch. I had it wrong. What do I have to put in for firefox?

{QUOTE-> Thank you Mitch. I had it wrong. What do I have to put in for firefox? <-QUOTE}
If you use Sandboxies' "Add By File" and navigate to the exe file in question, you can avoid spelling errors. ;) But in any event Firefox would be firefox.exe.

{QUOTE-> I'll try to explain it this way. Everything that you have stated is completely correct and would apply if the goal was protection against "current session" keyloggers. You have to think of Sandboxie as protection against "past session" keyloggers. <-QUOTE}

the question didn't make that distinction but if you want to make that distinction then yes there is a very big difference in what a sandbox can do for you between the current session and old, destroyed sessions...

but there are also things that can survive session destruction because they aren't technically inside the sandbox but are part of your setup... it's not a keylogger per se (though one possible application is to facilitate man in the middle attacks that can be used to capture everything you send over the internet, or to automatically reload your system with drive-by downloaded malware such as a keylogger as soon as you try to connect to any site)... i'm talking, of course, about pharming attacks, especially drive-by pharming where javascript or flash connect to your router and change the DNS settings... since the router isn't inside the sandbox, the changes to the DNS settings don't get reverted when you destroy the sandbox session...

{QUOTE-> the question didn't make that distinction but if you want to make that distinction then yes there is a very big difference in what a sandbox can do for you between the current session and old, destroyed sessions...

but there are also things that can survive session destruction because they aren't technically inside the sandbox but are part of your setup... it's not a keylogger per se (though one possible application is to facilitate man in the middle attacks that can be used to capture everything you send over the internet, or to automatically reload your system with drive-by downloaded malware such as a keylogger as soon as you try to connect to any site)... i'm talking, of course, about pharming attacks, especially drive-by pharming where javascript or flash connect to your router and change the DNS settings... since the router isn't inside the sandbox, the changes to the DNS settings don't get reverted when you destroy the sandbox session... <-QUOTE}

All true, and that is where your other security programs (or Windows settings) would be used that would target any weaknesses in your setup. If a user considered those exploit avenues to be likely, the user can add to his setup. Sandboxie is a pretty nice "Baseline" security product though. :)

{QUOTE-> Sandboxie is a pretty nice "Baseline" security product though. :) <-QUOTE}

agreed... just in case anyone got the impression i don't like sandboxie, i actually do like it... in fact i like it better than other sandboxes i've tried... i just keep in mind that like everything there are limitations to what it can do and by making myself aware of those limitations i'm in a better position to find ways of compensating for those limitations...

{QUOTE-> All true, and that is where your other security programs (or Windows settings) would be used that would target any weaknesses in your setup. If a user considered those exploit avenues to be likely, the user can add to his setup. Sandboxie is a pretty nice "Baseline" security product though. :) <-QUOTE}
Agreed Mitch, but maybe that last line could read:

Sandboxie is an excellent "Topline" security product though. :)

Because of pure laziness I havn´t read the hole thread, but I configure sandboxie in the following way:


1. Every application runs in its own sandbox (media- and network applications)

2. Blocking network access for my media applications and only allowing network access for one application in each sandbox for my network applications.

3. Blocking file access for my network applications and only read access for my media applications regarding my data harddrive (Z:\).

4. Blocking file access for all my sandboxed applications regarding cmd.exe, cscript.exe, wscript.exe, regedit.exe and notepad.exe.


/C.