Hello,

For more than a couple of months I am out naked with security setup as per my signature. Now I am testing Shadow Defender and I am thinking to drop sandboxie in favor of Shadow Defender, but since I am depending on firefox and its recent history, I am asking if I can exclude entire firefox profile from shadow mode, or is this involves some risk?

Thanks

Well nevermind I think I will keep only bookmarks and browsing history, in order to be on the safe side.

Hi Mike

I use both of them. Use SBIE all the time and SD when the occasion fits.

Pete

Hi Pete, is it safe to add entire firefox profile to exclusion lists?

About SBIE, I noticed a small delay in launching firefox and incompatibility with some programs like snagit, babylon. Also I have the impression that certain web pages load slower but I am not sure.

Hi Mike,

I run SD on two computers all the time. Why would you want to exclude FF?

Take Care
Rico

-{ Quote: "Hi Pete, is it safe to add entire firefox profile to exclusion lists?

About SBIE, I noticed a small delay in launching firefox and incompatibility with some programs like snagit, babylon. Also I have the impression that certain web pages load slower but I am not sure." }-

Yes with SBIE, there will be a slight delay, as you are loading into the sandbox. I am running Firefox right now as I type, within SBIE, and I had not problem capturing an image with Snagit. You aren't trying run Snagit sandboxed are you.

Pete

I wouldn't exclude the entire firefox profile from shadow mode. way way to Risky it is one of the places where Malware can be.

Arran, thanks for reply.

Rico I want to exclude entire firefox profile in order to have same cookies, history addons etc. but I understand that it is kind of risky, so I settle with history and bookmarks under "places.sqlite"

Pete, the only way for me to use snagit on sandboxed firefox is to run it sandboxed as well, so I will have 2 snagit applications runnig, each one with different snapshots, until I delete sandbox and lose everything from the sandboxed snagit.

-{ Quote: "

Pete, the only way for me to use snagit on sandboxed firefox is to run it sandboxed as well, so I will have 2 snagit applications runnig, each one with different snapshots, until I delete sandbox and lose everything from the sandboxed snagit." }-

That's strange indeed. Snagit is just capturing the screen so it shouldn't matter whether Firefox is sandboxed or not.

Well you are right, I was talking about the text capture feature.

Hi Mike,

Currently I have 9 FF add-ons + many bookmarks. And still have not excluded FF in SD. Add-ons + bookmarks were obtained, while not in shadow mode. They will survive, if obtained that way. I'm also very careful to obtain the bookmark or add-on then get offline & promptly enter SM. I also have excluded my "Desktop," I can download a program in SM test it, reboot the programs gone, but the download survives.

Rico

-{ Quote: "Well you are right, I was talking about the text capture feature." }-

Ah, never tried that.

I wonder about this in my testing with SD, why should you not exclude a browsers preferences/history/cookies/.dat stuff from SD? The thoughts that it is too risky apply to what? To the fact that you are creating or modifying files in those excluded dirs?

My tests right now, if as admin, show I can exclude certain browser directories/files, but since I still use SRP to demote the browser to user anyway, it cannot modify/create anything a User cannot, so it seems a mute point. Running as a LUA, it is the same case. I can allow profile type things, bookmarks, history etc, but because of LUA/User status, manipulation of .exe or other such would be forbidden. That seems to me the best part of it all so far, is that I can use SD to exclude areas like MyDocs, and true a virii might get written there, but because I am shadowed all the time, only those excluded areas can get the files, but the system not the virii.

Indeed, running combination (from admin) as LUA and using Sandboxie to force folders, it seems a very ideal way to nearly mitigate every threat while still opening holes for exclusions to setting per program.

Interested to hear opinions why exclusions would be dangerous or risky, as I am only dabbling in the shadow type programs.

Sul.

Would it be better to run say Firefox portable from say www.portableapps.com and then commit the relevant data folder before reboot? You could even clear all history etc first, run CCleaner (http://www.ccleaner.com/) to remove all temporary windows files, then just commit the whole Firefox portable folder.

Surely a portable version with less ties to other system directories would be easier to manage. Or is there still some risk?