Sandboxie Configuration Recommendations

Well, I don't think so either... just was explaining that you were searching in a wrong place. IMO, if you don't want Java, then don't install it, otherwise enable it in SBIE as well.

 

Fortunately up to now I faced the problem with Java + Firefox + Sandboxie only on a few websites (perhaps 2 or 3). So, at the moment I can live with it (as ratwing also wrote). If it happens more often, indeed I will have to allow java.exe to start in the Sandbox.

 

Concerning the posting of whitedragon551:

[Detailed informations about the Sandboxie Settings you can find here:
http://www.sandboxie.com/index.php?SandboxSettings ]

Personally I have one sandbox for two browsers (Firefox and IE) and various messenger programms (Windows Live Messenger, Yahoo Messenger, Skype).
But of course you can use a sandbox only for one of these applications (or you can create an own sandbox for every application).

You only have to consider that with the free version of Sandboxie you always can only open one sandbox at the same time. (With the paying version you can use more sandboxes at the same time.)

Concerning the below images:

Nr. 1:
Delete ---> Invocation ---> Automatically delete contents of sandbox (box checked)

Nr. 2:
Restrictions ---> Internet Access:
I allow Internet access only to the two browsers I mentioned (firefox.exe, iexplore.exe) and to the three messenger programs I mentioned. (Of course you will not have to add them to the list if you do not use/have these messengers or if you do not want to use them within the sandbox.)

Nr. 3:
Restrictions ---> Start/Run Access:
In my configuration the list is identical with that in "Internet Access" (plus wlcomm.exe which refers to the Windows Live Messenger and makes easier the use of the contact list in this messenger).

Nr. 4:
"Drop Rights" is activated (box checked)

Nr. 5:
"Ressource Access" ---> File Access ---> Blocked Access ("ClosedFilePath"):
Here I have blocked the access to my antivirus programms (Avira, Norton/Symantec), to my mail programm (Outlook Express) and to %Personal%\ (that is the folder "My Documents" [in German: "Eigene Dateien"]).
(\Device\Mup\ is added automatically by Sandboxie.)

Nr. 6:
"Ressource Access" ---> File Access ---> Read-Only Access ("ReadFilePath"):
Here I chose the complete folders "WINDOWS" and "Programs"

 

And the last picture (Nr. 6 / "Read-Only Access"):

 

so Peter when you select program files and windows in "Read-Only Access"
-will you have any problem when installing a new program or uninstalling them?

 

Yes, indeed this may happen. Surely my above configuration will not be really useful if you want to test new programs on your computer. I use my Sandbox basically only for safe surfing (or safe communication via messengers).

If I want to test new software, I do it always outside of the sandbox, using (= activating) Shadow Defender in order to protect my system.

Sandboxie could also be used for testing software, but I think this would require a completely different configuration (perhaps simply creating an own sandbox for software testing and using it with the default configuration).

 

Peter123,
Sorry for the confusion.
My fault.
The lock up of the browser and having to use Task Manager to close it is identical to what happens to me when I check that box.

 

Peter,

Thanks for posting your settings. I have a question, why do you block access to your anti-virus programs?

 

Thanks Hugger.

The JAWS boxs are unchecked on Sandbox's as well.

 

@Peter 123.

Other than #6 that is exactly how my browsing box is set up.

in #5:
"Resource Access" ---> File Access ---> Blocked Access ("ClosedFilePath"),

I always make sure that the folders excluded in ShadowDefender,are blocked here.

I update my Avira in ShadowMode,it must be excluded,for updates to reach the "real" system,so I add the blocked access to Avira in Sandboxie.

 

Hey all,
I tried to look this up on the thread but couldn't find an answer. When I start firefox, I'm missing some of my bookmarks. I emptied the sandbox and nothing helped. I'd love to use sandboxie but I can't seem to get past this problem. Any help would be appreciated.

 

Ive got the paid version. I have FF and IE to always and only start in a sandbox.

Anyone have uTorrent successfully adapted to Sandboxie?

 

Sandboxie Help Topics -> Firefox Tips

Reading docs is a good idea before starting.

 

While I dont' use firefox normally, I have found that when you use SBIE you have to keep one thing in mind, especially if forcing processes.

You install Firefox, set bookmarks, configs etc. Then you start it in SBIE. Now SBIE will have the exact same settings. You always have to think about when you change somthing in Firefox when sandboxed, if you want to keep it you need to start Firefox outside SBIE and make that change. The revers is true too, where if you change something in the un-sandboxed Firefox, you need to delete the sandbox and the next time you start Firefox sandboxed, those new settings follow over to the sandboxed Firefox.

I suspect that if you set up a default sandbox, all those bookmarks should come across the first time you run it sandboxed. I would be curious myself to know if it didnt', and how I might reproduce this. I know a lot of people who now use SBIE with Firefox.

Sul.

 

No problem. Thanks for the clarification.

That's a measure of precaution so that no malware - which may get inside the sandbox while surfing - can "attack" my anti-virus program and so possibly disable or manipulate it.

And let me make clear that the anti-virus program (in my case Norton Internet Security 2010) works in the sandbox anyway without problems - even if you block the access to the folders in the way I do.

 

Not necessarily. Take at look at the following image (taken from http://www.sandboxie.com/index.php?FirefoxTips):

You can configurate your sandbox in the way that for example changes made in the Firefox bookmarks or in the Firefox profile while being in the sandbox, will be kept automatically on the "real" system ("Allow direct access to ..."). Personally I do not use these features, but it is possible.

 

Hey thanks thats really helpful. I'm glad we have a forum here and a thread about configuring a program which you can asks questions from knowledgeable people. I'm glad your here to help.

 

Thanks peter and sully. I was hoping that it was that easy. Now I can try and use sandboxie again.

 

Yes, thanks. I realize that. I was just pointing out that when you use SBIE, it is easy to forget that you made changes to the real program, and then when you start it in SBIE, you don't see those changes. For example, if I downloaded an updated version of FF or something, outside of SBIE, then ran it, then started the new version in SBIE, it will not normally show the changes etc, because the box already has the old versions data. This is probably one of the main issues I hear about from those whom I have setup on SBIE. Usually a quick reminder to them that they should delete the contents whenever things are not as they expect them to be (regarding versions, settings, etc) fixes the issues at hand.

Sul.

 

I have six sandboxes:

1. Routine browsing
2. High-security browsing
3. Forced folders
4. Testbox 1
5. Testbox 2
6. Testbox 3

Details
Regarding 1: Sandbox settings are default except for blocked access to My Documents (where I keep confidential information).

Regarding 2: Sandbox settings are customized...blocked access to My Documents...Internet Access limited to just IE, Start/Run restrictions, Drop Rights activated. I use this sandbox for internet transactions.

Regarding 3: I force my disk drives and usb ports to open in this sandbox. That way if an infected flash drive is installed, the malware will be contained. And it's easy to temporarily override the forced folder feature (right-click Sandboxie Control > Disable Forced Programs). The sandbox is hardened similarly to #2.

Regarding 4 - 6: I use these for testing new apps and for installing some software that I plan to use fairly frequently for a long, long time, but that I don't want installed on my real system (why clutter it up?).

Lastly, I customized Ccleaner, which was already installed on my system, to secure delete 1, 2, and 3.

 

@Doodler:

"Regarding 4 - 6: I use these for testing new apps and for installing some software that I plan to use fairly frequently for a long, long time, but that I don't want installed on my real system (why clutter it up?). "


Very nice!!! thanks for the idea!!


I followed the same basic scheme,however I allowed CCleaner to delete the "Desktop downloads" folder,in my single test box.
That way I am able to keep a stable of on-demand scanners,to be run within a Sandboxed instance of WindowsExplorer,while selectivity deleting,securely,from the test box,the content copied in to it to my download folder.

With out having to download these on-demand scanners to my real system...Bravo!!

rat

 

Hi,

how should a program running sandboxed write to this folder? It never can't, as long as you do not open this folder by OpenFilePath for example.
If the program writes to this folder the files will be created/deleted in the sandbox, but without affecting the AV software - even without blocking the folder.
The same for read-only access to c:\windows and c:\programme.

 

I am stuck wondering why stronger settings need to be made to sandboxie?
(not to doubt the great settings and changes they work very well...)

Is there anything out there has defeated being sandboxed? I dont see how that could be possible. If a program with i-net access attacks in the sandbox....doesn't is just create a copied file into the sandbox which would be deleted with automatic deletion or something similar. IMO at worst you could have an infected system only temporarily....so if you dont venture around to bad sites and go immediately to your internet banking I dont see why it would be a problem.
Read only access to "real" windows folders is confusing...because sandboxed it doesnt write there anyway? Some of the videos show people clicking on the recover button...which is the worst thing you could do to stay protected...

Just friendly thoughts and ideas...

 

@ cruchot and showtime33:

Maybe that with my configuration I am indeed more than necessary cautious. I simply "learned" this configuration by others (who know much more about security risks etc. than I do) and adopted it. (If I find the time, I will confront these "experts" with you arguments. )

But anyway, personally I see no reason to loosen my strict configuration, as concerning the activities for which my sandbox(es) are intended (that is mainly: surfing in the web [including also online purchases, online banking etc.], sometimes downloading a file or a program, occasionally chatting) all works fine and smoothly. (With some exceptions as sometimes the problem with Java I mentioned above. But that's not sooo important for me.)

Of course someone who wants to use a sandbox e.g. to test a new software within it, will not be happy with my configuration. (I mentioned it already.)

But that's an important factor: Which unpleasant things can happen (caused by malware) during the time the sandbox is open? I think most of the restrictions described above are intended to prevent something harmful which could happen during this time (e.g. activity of keyloggers). Personally I feel better when I do not have even temporarily an infected system.

But malware could do so while the sandbox is open. Because as long as there is no restriction (made by the user) "Read-Only Access" ("Nur-Lese-Zugriff"), programs (= malware) can write in any files and folders (temporarily).

At least this is my conclusion of the description for this feature. I don't now know the correct words in the original version, but the translation of the German version means: "The following files and folders cannot be modified by programs within the Sandbox: ..." ("Die folgenden Dateien und Ordner können von Programmen in der Sandbox nicht verändert werden: ...")

And by default, there are no "following files". So by default (as long as you do not add by yourself certain files or folders there) all programms in the (open) Sandbox have access to all files and folders on your computer and could modify them (at least as long as the sandbox is not closed respectively its contents not deleted).

That's at least the way in which I understand the concept of Sandboxie.

 

Errrr... huh? That'd completely defy any purpose of the sandbox whatsoever. No, you can't modify anything outside of sandbox until you've explicitely allowed that. If something tries to modify stuff outside of sandbox, the file will be copied over to sandbox and modified there, NOT outside of the sandbox.