Now that i have a Sandboxie license I think it is time to get rid of the AV for on demand scanning only.

I know this has been discussed in various topics in the past, but both programs have added better usage and have come on in leaps and bounds these past 12 months or so.

So what are your settings that you use to have both programs co-existing together on your computers.

:thumb:

Hi, all

I have used Both together up until very recently.

Both have lived upto what they are designed for.

As to the need or not of AV real time scanner, IMO, there will be lots of different opinions. My view is

Sandboxie and DW are adapting isolation or reducing right technology to protect you. They contain any possible malwares, but do not kill them. Their (malwarws) presence is lasting until you are off these apps.

What would happen if both have some sort of cracks allowing these malwares to sneakthru ? You will not know it until your machine acts funny or some files begins to disappear. Then what do you do? using AV on demand scanner ? too late. You may be able to get rid of malwares, how about those essential files ? seeking help of undeltete apps ? not so sure.

I would use any decent AV real time scanner with them.

Both are excellent apps, but remember , not that mighty.

no...actually all files(so malware too) downloaded from untrusted apps are automaticaly tagged as untrusted and unless YOU turn them into trusted they can do no hard..download any program through a isolated browser,download manager e.g and then try to install it..you'll see it fail.
yea AV's are redundant

Hi,

What if I want to
unsandbox or trust these downloaded files and intall them onto the disk, and if
those files do have some sort of malwares, will Sandboxie or DW come to rescue ? If so, how ?

-{ Quote: "Hi,

What if I want to
unsandbox or trust these downloaded files and intall them onto the disk, and if
those files do have some sort of malwares, will Sandboxie or DW come to rescue ? If so, how ?" }-

This is exactly the only danger he is going to face. If he downloads an installer which he isn't suspecting to have anything malcious, but it instead it does and he decides to install it (without sandboxing or adding to untrusted), he is going to get infected.

Same story for malware hidden in usual files. Say jpeg, pdf with included exploits. Will you remember to run them untrusted or sandboxed? If yes, fine. If not, you 're busted. The other danger is that SB and DW can't always say that what you run is malware. I mean, they don't flag you "this is malware". So you may run something and appear to be running harmesly. And so decide to run it without sandboxing. Then you are busted.

I would at least keep an AV on demand or have Threatfire.

-{ Quote: "Say jpeg, pdf with included exploits." }-
JPEG files may contains only buffer overflow exploitation code against specific applications. Hardware DEP with OptOut is just for it. PDF files are perfectly opens as untrusted/sandboxes, why more?

-{ Quote: "JPEG files may contains only buffer overflow exploitation code against specific applications. Hardware DEP with OptOut is just for it. PDF files are perfectly opens as untrusted/sandboxes, why more?" }-

I only said if FORGETS to run them untrusted or sandboxed. Of course he can untrust everything. His PDF reader, his media player (for malicious media files), his word processor/office program and so on. So he won't forget.

Using ThreatFire free with GeSWall Pro or Avira free with DefenseWall is enough protection really.

For ease of toilet flushing you could opt for a combo of DW and SBIE (e.g Avira - with chech at write only), DW - SBIE

I agree with Fuzzfas, somehow it feels better to have an AV remove all the known malware.

-{ Quote: "Hi,

What if I want to
unsandbox or trust these downloaded files and intall them onto the disk, and if
those files do have some sort of malwares, will Sandboxie or DW come to rescue ? If so, how ?" }-

Hi Perman

I only download exe files from sites I totally trust. JPG files can be another matter, so what I do is remove them from the browser sandbox to my desktop. From there I right click them and run them in a special sandbox, that contains them, but allows no internet access. Then I can make sure it's just a picture file with nothing else. I do monitor with OA, and SSM to be sure nothing strange happens.

I've been running this way with no AV or AS scanners with no issues for over a year.

Pete

PS. I do agree the advisability of this a function of the skill level of the user. I wouldn't recommend it for a total newbie.

Pete

-{ Quote: "Hi Perman

I only download exe files from sites I totally trust. JPG files can be another matter, so what I do is remove them from the browser sandbox to my desktop. From there I right click them and run them in a special sandbox, that contains them, but allows no internet access. Then I can make sure it's just a picture file with nothing else. I do monitor with OA, and SSM to be sure nothing strange happens.

I've been running this way with no AV or AS scanners with no issues for over a year.

Pete

PS. I do agree the advisability of this a function of the skill level of the user. I wouldn't recommend it for a total newbie.

Pete" }-agree with peter,me too i dont run any antivirus/antispyware apps for more than a year now without any problems:thumb:

-{ Quote: "Hi Perman

I only download exe files from sites I totally trust. JPG files can be another matter, so what I do is remove them from the browser sandbox to my desktop. From there I right click them and run them in a special sandbox, that contains them, but allows no internet access. Then I can make sure it's just a picture file with nothing else. I do monitor with OA, and SSM to be sure nothing strange happens.

I've been running this way with no AV or AS scanners with no issues for over a year.

" }-

Well, with either OA or SSM (even more if you have both), the AV can in deed become futile. Because in a setup of DW + SB, everything is very idiot-proof as far as protection goes and it's also without pop ups, very silent, very smooth. The only danger in fact comes from the extreme silense in the previously mentioned cases. An AV (even on demand) or classical HIPS or Threatfire, can "bark" in case you have shot yourself in the foot by trusting something you shouldn't have.

I installed google Chrome as it runs fast in a sandbox also,and the download directory has full acces to disk,but i made it untrusted with Defense Wall.
Also even if Defense wall can protect IM clients i run them in sandboxie as i did this long before using Defense Wall and i'm used to it.
DEpends what you do if u want tips,but till now when the programs meet they don't conflict.
Ilya knows that many of us use both and i'm sure he made things go smooth

Same as peter other then SSM and OA.run them sanboxie from the desktop is safe.This can be done daily weekly for as long as it takes to earn its way aboard so to speak. Before the final write to the disk they can be uploaded to VT for a further opinions.Also one should look at the executable,thats being installed Example a 1Exe would be a flag that something is off if I was trying to install MBAM.

I was intending on keeping my AV for on demand scanning, as in my first post.

On second thoughts though i will most likely use my AV as per Kees1958 instructions.
Following his advice i set my sons laptop to check at write only along with defensewall and his laptop performs fine and i am very happy with his set up.

Yep, just think off the odds when Avira and DefenseWall would let you down

http://www.wilderssecurity.com/showpost.php?p=1382577&postcount=1

http://www.pcsecuritylabs.net/news.php?readmore=20

http://www.av-comparatives.org/

http://security.nl/artikel/22931/1 (sorry have to translate thi sto UK/US)

Actually there is no such thing as "forget" to run them untrusted with DW..they are auto untrusted if downloaded from a threatgate... you have to set them to trusted to install-equal to pulling the trigger when looking at a gun lol.
If unsure you can mail them to a virus analyst (kaspersky is my favourite) or threatexpert and see if they are harmful or no..the one i said (kasp) will have the answer mailed to you in less than 2 hours.and no AV can do that for you.i still believe they are redundant

-{ Quote: "What would happen if both have some sort of cracks allowing these malwares to sneakthru ? You will not know it until your machine acts funny or some files begins to disappear. Then what do you do? using AV on demand scanner ? too late. You may be able to get rid of malwares, how about those essential files ? seeking help of undeltete apps ? not so sure.

I would use any decent AV real time scanner with them.

Both are excellent apps, but remember , not that mighty." }-

Honestly, what are the chances of that happening? And if they do, all the more reason to use a virtualization program like Shadow Defender. Then throw in an imaging app and you'd be good to go. No malware in the work could possible harm you now. There's no need to resort back to irrelevant and ineffective malware scanners anymore.

It's time to think differently about PC security.

-{ Quote: "e.g Avira - with chech at write only" }- ??? write only scanning? Avira can do that!?! :o Kees....damn you're good!

Edge you have a new real-time playmate...until you grow up. thanks for the tip Kees.


Mike

-{ Quote: "??? write only scanning? Avira can do that!?! :o Kees....damn you're good!

Edge you have a new real-time playmate...until you grow up. thanks for the tip Kees.


Mike" }-
kees you are freaking cool:thumb: thanks for advise