Sandboxie with Shadow Defender

[marse.robert]

Hi all,

I need some advice how to run Sandboxie and Shadow Defender in tandem.


Thank you in anticipation


Marse

[Osaban]

Some people think it is overkill. I tend to think that it depends on the circumstances. If you are testing malware or you know you are visiting very infected websites/plugging in friends flashdrives it might be safer to use them in tandem.

Sandboxie in my experience is excellent when surfing the Internet, Shadow Defender is probably a better alternative for malware coming from other sources than the Internet. A practical aspect of using Sandboxie on its own is that one can download and save files without having to "commit" and reboot. From experience I have occasionally lost some stuff in the past using SD.

I should think that Sandboxie and SD are great to use for banking and credit card transactions online, making sure that Sandboxie is tightly configured to block keyloggers.

[AlexC]

Quote:

Originally Posted by marse.robert

Hi all,

I need some advice how to run Sandboxie and Shadow Defender in tandem.


Thank you in anticipation


Marse

marse.robert, there's nothing special about it, you just need to get familiarized with both applications. However keep in mind that if your system is already infected with some keylogger/screenlogger/trojan, etc., no matter how tight you configure Sandboxie, the security of your data is compromissed. And the same applies if during a browsing session you download malware to a "real" location (non-sandboxed): the system will remain infected until the next reboot, when Shadow Defender do is job (assuming that that location isn't also excluded from Shadow Mode).

A good strategy, IMO, is to submit the downloaded files to Virus Total (you can use VirusTotal Uploader to make that task easier -http://www.softpedia.com/get/System/OS-Enhancements/VirusTotal-Uploader.shtml-), and have a on-demand AV for larger files that cannot be subtimed (for instance, Avira or Avast installed without the real-time shields).

[kjdemuth]

I've been using SD and sandboxie now for a few years. The only thing that you have to worry about is tightening up sandboxie and remembering to commit files you want to keep. What I do is have sandboxie internet restricting everything except Chrome and adobe. Adobe of course has it's own sandbox. I also have drop my rights and restriction on what can run and start. I added an excluded "Save" folder on shadow defender. This also is a sandboxed folder. All downloads go into this folder. This way I won't forget and not commit it to the system. It's excluded from SD but is still sandboxed. This way I can keep an eye on it even though it makes it passed SD.

[Blues7]

Quote:

Originally Posted by kjdemuth

I've been using SD and sandboxie now for a few years. The only thing that you have to worry about is tightening up sandboxie and remembering to commit files you want to keep. What I do is have sandboxie internet restricting everything except Chrome and adobe. Adobe of course has it's own sandbox. I also have drop my rights and restriction on what can run and start. I added an excluded "Save" folder on shadow defender. This also is a sandboxed folder. All downloads go into this folder. This way I won't forget and not commit it to the system. It's excluded from SD but is still sandboxed. This way I can keep an eye on it even though it makes it passed SD.

That's pretty much exactly how I envisioned using the two together if I were to do so on a regular basis. (Substitute Firefox in my case.)

I just haven't (yet) made the decision to do so as things are working so well in their current configuration and I'm reluctant to have to reboot and come out of shadow mode to keep EAM and MBAM updated.

It's nice having the option to do so, however, at the click of a mouse.

[kjdemuth]

Yeah I hear you. It was a problem for me too. Thats why I moved away from database AV. I have panda pro and Ccmodo firewall running real time. Nothing really needs updating other than Comodo firewall occasionally. By itself SD, sandboxie and comodo firewall should be enough. I wanted something that didn't need updating and was light. PCAV pro fit the bill nicely. I'm one of those folks that are on the fence about going AV free. I hear that there is a support group for people like me.

[Blues7]

Quote:

Originally Posted by kjdemuth

I'm one of those folks that are on the fence about going AV free. I hear that there is a support group for people like me.

I've done it for months at a time, then I find that I just can't help myself and get addicted to certain apps...When you find that group let me know. Maybe you can be my sponsor.