Does anyone know a Sandboxie alternative? Need something enterprise-level that can be centrally-controlled.
Tested BeyondControl but it was too complicated for the purpose. Really need to have an ability to sandbox browsers, email client(s), Adobe reader, etc. Something nice, lightweight, easy for user and admin to use and not necessarily free.
Any pointers?

-{ Quote: "Does anyone know a Sandboxie alternative? Need something enterprise-level that can be centrally-controlled.
Tested BeyondControl but it was too complicated for the purpose. Really need to have an ability to sandbox browsers, email client(s), Adobe reader, etc. Something nice, lightweight, easy for user and admin to use and not necessarily free.
Any pointers?" }-

www.appranger.com

-{ Quote: "www.appranger.com" }-
Perfect match.

-{ Quote: "Perfect match." }-yeap;)

AppGuard does apply policy limitations, also easy to use in a corporate environment

-{ Quote: "AppGuard does apply policy limitations, also easy to use in a corporate environment" }-hey i forgot about appguard too:thumb: thanks for refreshing my mind kees:)

GeSWall ::) - finally a sandbox that I can actually live with after getting more general understanding of sandboxes. ;D

-{ Quote: "GeSWall ::) - finally a sandbox that I can actually live with after getting more general understanding of sandboxes. ;D" }-cool:thumb: did you check the youtube video test review;D

-{ Quote: "cool:thumb: did you check the youtube video test review;D" }-

Yes, I checked it out on their official homepage, the review from Matt Rizos - I thought that it would give me a better idea, and it did start my guesses on how to easily access options, that's, directly through the "G"-button. That's something he didn't mention or show, but I made that guess and was right when I tested it personally. ;)

-{ Quote: "Yes, I checked it out on their official homepage, the review from Matt Rizos - I thought that it would give me a better idea, and it did start my guesses on how to easily access options, that's, directly through the "G"-button. That's something he didn't mention or show, but I made that guess and was right when I tested it personally. ;)" }-cool:thumb: same with DW and SB but without the symbols;D

Somewhere I could send feedback directly to them, or is a dev. active on these forums? I'm thinking about the option, when an application is already untrusted (all the time), that the context-menu when you right-click should not be "Run Isolated" anymore, but "Run without Isolation". This would save me A LOT of hassle, since I now can't save my bookmarks of Opera unless I go into the console, go through the rules, go into the properties of Opera, and THEN I can once again run it as non-isolated after changing the rules from Always Isolate to the appropriate - temporarily. This is a very troublesome process - since now I've to do this EVERYTIME - that could be easily solved through more flexibility in the software's options.

Raven, I miss something: why don't you save Opera bookmarks running it " normally ", i.e. Isolated, and then right click on the saved bookmarks, and " Label as trusted " ?

-{ Quote: "Raven, I miss something: why don't you save Opera bookmarks running it " normally ", i.e. Isolated, and then right click on the saved bookmarks, and " Label as trusted " ?" }-

Will that result in what I saved initially, e.g. a bookmark file with new entries in it, to indeed be saved with everything "working"?

EDIT: I'm unsure since when I save the file, it indeed doesn't get a "G"-mark or anything like that - all I get is a notification like shown in the attached screenshot.

I also like GeSWall but was never happy with the Front-end of the program. I seem to flip flop with SBIE and GeSWall.

Ice

-{ Quote: "Somewhere I could send feedback directly to them, or is a dev. active on these forums? I'm thinking about the option, when an application is already untrusted (all the time), that the context-menu when you right-click should not be "Run Isolated" anymore, but "Run without Isolation". This would save me A LOT of hassle, since I now can't save my bookmarks of Opera unless I go into the console, go through the rules, go into the properties of Opera, and THEN I can once again run it as non-isolated after changing the rules from Always Isolate to the appropriate - temporarily. This is a very troublesome process - since now I've to do this EVERYTIME - that could be easily solved through more flexibility in the software's options." }-
I have no problems saving bookmraks in Opera. Do you have a default install of Opera? It,s not a portable version I hope.

BTW the feature u wish is on the to-do list of GesWall.

Would "ZoneAlarm ForceField" be considered to be a Sandbox? I have never used it before. I am only familiar with the name.

-{ Quote: "Would "ZoneAlarm ForceField" be considered to be a Sandbox? I have never used it before. I am only familiar with the name." }-for the browser only:)

-{ Quote: "for the browser only:)" }-

How does it compare? Is it really full isolation and does it support all browsers or just IE and FF? (I guess it only supports those...) From what I recall, they're using a method similar to what Prevx are planning or so - simply blocking things like unauthorized screenshots, keylogging, etc. (?) but leaving other things untouched in order to be more seamless.

-{ Quote: "I have no problems saving bookmraks in Opera. Do you have a default install of Opera? It,s not a portable version I hope.

BTW the feature u wish is on the to-do list of GesWall." }-

I'm using the regular version - desktop or whatever to call it. ;D Just confused by the pop-up... so, does that "redirect"-message mean that the file is redirected and indeed saved without restrictions to the location I chose?

EDIT: And now I've learnt about the quick process of adding rules. ;D I've now added Allow-exceptions for the files where I save my bookmarks. :D

EDIT2: I'm getting the very same notification - what's going on? :(

EDIT3: ... and just to note - I did check if the files had been modified, any of the two that I use, and they were not. :-\

EDIT4: Okay, so I finally managed to get the files saved (at last! ;D) - I was confused at first that I couldn't just select a directory, but only files for example, then I started my "computer-brain" and made it the directory instead since I saw the same thing being used for the pre-defined rules. ;D Still wondering why the exceptions are labeled untrusted (they're isolated) anyway - is it just to keep me safe no matter what? :D What happens if I try to use the isolated files, importing or exporting - whatever :D - keeping that "isolated status"? Does it work normally or not?


Thanks for the information BTW. :)

-{ Quote: "How does it compare? Is it really full isolation and does it support all browsers or just IE and FF? (I guess it only supports those...) From what I recall, they're using a method similar to what Prevx are planning or so - simply blocking things like unauthorized screenshots, keylogging, etc. (?) but leaving other things untouched in order to be more seamless." }-i beleve it is for IE only and yes it sucks why?it slow down my systems here with xp or vista i personally tested this app but all pcs are diferent but here it slow me down alot even if running alone :)

-{ Quote: "i beleve it is for IE only and yes it sucks why?it slow down my systems here with xp or vista i personally tested this app but all pcs are diferent but here it slow me down alot even if running alone :)" }-

I had the same experience with the same OS's. Forcefield if I remember correctly adds a spyware/virus detector? To protect against drive by downloads, keyloggers etc. The problem with it was the slow down. SBIE and GeSWall have no slow downs that I can see.

Remember SafeSpace? That product had promise. I get the itch now and then to install it.

Ice

-{ Quote: "I had the same experience with the same OS's. Forcefield if I remember correctly adds a spyware/virus detector? To protect against drive by downloads, keyloggers etc. The problem with it was the slow down. SBIE and GeSWall have no slow downs that I can see.

Remember SafeSpace? That product had promise. I get the itch now and then to install it.

Ice" }-

Definitely not my bag when I tested it, but probably any proper sandbox application gets the job done - only thing that matters is that it should suit the particular user.

-{ Quote: "I also like GeSWall but was never happy with the Front-end of the program. I seem to flip flop with SBIE and GeSWall.

Ice" }-
Both are good programs. My lucky day will come when Geswall works with 64 bit.:)

-{ Quote: "Both are good programs. My lucky day will come when Geswall works with 64 bit.:)" }-

Hehe... another reason I'll stay with 32-bit WinXP. ;D

-{ Quote: "I had the same experience with the same OS's. Forcefield if I remember correctly adds a spyware/virus detector? To protect against drive by downloads, keyloggers etc. The problem with it was the slow down. SBIE and GeSWall have no slow downs that I can see.

Remember SafeSpace? That product had promise. I get the itch now and then to install it.

Ice[/QUOTEsafespace yeah;D ]

-{ Quote: "I'm using the regular version - desktop or whatever to call it. ;D Just confused by the pop-up... so, does that "redirect"-message mean that the file is redirected and indeed saved without restrictions to the location I chose?

EDIT: And now I've learnt about the quick process of adding rules. ;D I've now added Allow-exceptions for the files where I save my bookmarks. :D

EDIT2: I'm getting the very same notification - what's going on? :(

EDIT3: ... and just to note - I did check if the files had been modified, any of the two that I use, and they were not. :-\

EDIT4: Okay, so I finally managed to get the files saved (at last! ;D) - I was confused at first that I couldn't just select a directory, but only files for example, then I started my "computer-brain" and made it the directory instead since I saw the same thing being used for the pre-defined rules. ;D Still wondering why the exceptions are labeled untrusted (they're isolated) anyway - is it just to keep me safe no matter what? :D What happens if I try to use the isolated files, importing or exporting - whatever :D - keeping that "isolated status"? Does it work normally or not?


Thanks for the information BTW. :)" }-
I am away from home. I wil check and reply later. What is your opera version and OS?

-{ Quote: "I am away from home. I wil check and reply later. What is your opera version and OS?" }-

Windows XP Professional SP3 ("Performance Edition", but shouldn't matter I think) fully updated with Opera v9.64 (latest stable) build 10487.

Here's a question that's very important to me... does Allow-rules go before Deny-rules?

An example...

Opera has pre-defined directories of its own which it's allowed to access. If I create a global-rule to deny creation in the Program Files-directory (root - which means it includes all sub-folders), would that create any problems for Opera, or does its Allow-rules kick in?

Alternatively, since Opera is my main isolated applicated, could I instead create a deny create rule for Opera without getting problems?


With "problems", I don't include software that I download to install and trust, cause I always re-run them as non-isolated just incase.



Why would I want this kind of rule? I saw a good example through Matt Rizos' review; rogues. Rogues might still create things under Program Files, and I simply want to save myself from the hassle of eventual infections of those and other malware with similar approach in their installation - even if I don't think I'll get infected by them myself.

There are two type of rules. Global rules and Specific Application rules.
Application Specific rules over-ride Global rules( allow/ block doesn,t matter).

-{ Quote: "There are two type of rules. Global rules and Specific Application rules.
Application Specific rules over-ride Global rules( allow/ block doesn,t matter)." }-

Thx for the answer - I realised the answer lies in personal testing in my particular situation, so I had already began. Gonna fiddle around with some settings (rules in GeSWall's case ofc ;)) as time goes by and ideas pass my mind to make the hardening as effective but seamless as possible. :)

EDIT: It's indeed the other way around, isn't it? Global rules have highest priority? :what:

No Application- specific rules have highest priority.

-{ Quote: "No Application- specific rules have highest priority." }-

Okay, cause this is not what seems to be when I for example do like this... I've an allow-rule for the folder where I put my backup for bookmarks for Opera, and this is specified specifically for Opera - an Application-rule. Then if I make a Global-rule to Deny Create on my G:-drive, which is my so called "file-drive", Opera has dead-stop access even to that folder, which does reside on the G:-drive.

I can see some kind of logic why this is not working, but I don't think it's good or flexible because of that. :(

You are right. Here application rule is not over-riding global one. I don,t know the reason. Hmm.... u might post over their forums.

-{ Quote: "You are right. Here application rule is not over-riding global one. I don,t know the reason. Hmm.... u might post over their forums." }-

Nah, it's not too important for me with that rule anyway. If malware would write at that location, it would still be isolated, right? :)

Yes, it wil be.

BufferZone
Fortresgrand VirtalSabox

these are couple of more sandbox application
my personal choice would be bufferzone
you can also use

Symantec.Software.Virtualization.Solution for applications


i'll be interested to know if there's any othere sandbox applications

Gentlemen,
Thanks to all who responded. Looks like Managed EdgeGuard (enterprise version of AppGuard) may be the way to go. I have yet to see their management console and get some more details on client/server communication.
I have tested BufferZone and it rendered my machine completely unusable: any browser or protected application would take minutes to start, as opposed to seconds. I liked their idea and client UI is pretty neat, but it makes no sense if the product itself is unusable.
I also tried Virtual Sandbox, unfortunately it wasn't stable enough to concentrate on it; also it had troubles displaying browsers properly with it's own formatting.
I've tried other products as well, but none appeared to have been suitable for an enterprise. Most are targeting home users, which won't work in my case.
I will keep looking as well as spend some time on EdgeGuard. I will update the tread as things progress.

Thanks again!

Just curious what's your opinion about enterprize version of geswall and safespace?

i was at geswall website and was reading to compare the diference between free and paid versions of geswall;) and something got my attention and it is that the paid version has Malware termination options and the free version does not what is that?i tried the free version and it also terminates malware;D again what is that?thanks:thumb:

-{ Quote: "i was at geswall website and was reading to compare the diference between free and paid versions of geswall;) and something got my attention and it is that the paid version has Malware termination options and the free version does not what is that?i tried the free version and it also terminates malware;D again what is that?thanks:thumb:" }-

I think it's when you see an attack detection. In the free version, it'll just notify, but ofc still block all that's being made (afterall, it wouldn't really have to notify you about those actions at all since they're just blocked, but it's for the user's convenience). In the pro version, however, it'll let you terminate or ignore what's being made, through two separate buttons on the pop-up which reports attack detections. This means you can faster terminate something which is proven to be malware - simply more direct-options, rather than going through the console. That's it.

That's what I think it's, because I've not seen it in the free version, and I don't have this configurability in the free version, or other configurability seen in the pro version for that matter, in the tray-menu.

-{ Quote: "I think it's when you see an attack detection. In the free version, it'll just notify, but ofc still block all that's being made (afterall, it wouldn't really have to notify you about those actions at all since they're just blocked, but it's for the user's convenience). In the pro version, however, it'll let you terminate or ignore what's being made, through two separate buttons on the pop-up which reports attack detections. This means you can faster terminate something which is proven to be malware - simply more direct-options, rather than going through the console. That's it.

That's what I think it's, because I've not seen it in the free version, and I don't have this configurability in the free version, or other configurability seen in the pro version for that matter, in the tray-menu." }-cool:thumb: thanks

-{ Quote: "Just wanted to make a comment that Sandboxie is still running amazingly here. We haven't had an update in quite a while, but there just hasn't been any need for one, in my opinion. It just shows how stable, well programmed and solid Sandboxie is. No wonder Sandboxie is at the lead in this poll (I'm actually quite surprised it's in the lead to be honest and I guess it shows that registered Wilders users are not the average joe):
http://www.wilderssecurity.com/showthread.php?t=243628" }-

I dunno what other people consider me, but I do like the operation which an average Joe likes; keep it seamless, only prompt or make me take action when absolutely needed. ;)