SandboxIE+NOD2.7

[Stijnson]

At the moment NOD32 2.7 is my AV. This AV has 2 modules called AMON (monitors all disk writing/reading) and IMON (monitors internet files reading/downloading etc).

Does anyone if these modules continue to work properly (read: scan files) when a browser is sandboxed? I hope there are other NOD32 2.7 users here who can help me out.

[MikeNAS]

Quote:

Originally Posted by Stijnson

At the moment NOD32 2.7 is my AV. This AV has 2 modules called AMON (monitors all disk writing/reading) and IMON (monitors internet files reading/downloading etc).

Does anyone if these modules continue to work properly (read: scan files) when a browser is sandboxed? I hope there are other NOD32 2.7 users here who can help me out.

Yes of course they work like before.

[Stijnson]

Quote:

Originally Posted by MikeNAS

Yes of course they work like before.

Apparently not, because the number of files scanned by IMON doesn't increase when browsing sandboxed. Or is there a workaround for this?

[MikeNAS]

Quote:

Originally Posted by Stijnson

Apparently not, because the number of files scanned by IMON doesn't increase when browsing sandboxed. Or is there a workaround for this?

I installed latest Sandboxie and latest (I can't download 2.7 NOD via their web pages) NOD. I run Firefox inside of Sandboxie and Web access protection number of scanned objects working like it should.

EDIT: It's nice that I don't have to restart computer if I like to use NOD

[Stijnson]

Quote:

Originally Posted by MikeNAS

I installed latest Sandboxie and latest (I can't download 2.7 NOD via their web pages) NOD. I run Firefox inside of Sandboxie and Web access protection number of scanned objects working like it should.

EDIT: It's nice that I don't have to restart computer if I like to use NOD

Yes, but that means that you are using NOD v3 (which works without AMON/IMON modules).

[MikeNAS]

Quote:

Originally Posted by Stijnson

Yes, but that means that you are using NOD v3 (which works without AMON/IMON modules).

Yeah maybe that is problem

[Stijnson]

Quote:

Originally Posted by MikeNAS

Yeah maybe that is problem

I guess so
So my initial question still stands...

[MikeNAS]

Quote:

Originally Posted by Stijnson

I guess so
So my initial question still stands...

I test version 2.7 now. I inform results soon.

[MikeNAS]

It looks like that IMON scans sandboxed browser but scanned files number is always same. File: status changed correctly so that's why I believe everything is ok. Some wiser can correct if my opinion is wrong

[Stijnson]

Quote:

Originally Posted by MikeNAS

I test version 2.7 now. I inform results soon.

That's great MikeNAS. Could you also let me know how AMON behaves INSIDE the Sandbox? Does it scan all files, so also the files IMON doesn't?

[Stijnson]

Quote:

Originally Posted by MikeNAS

It looks like that IMON scans sandboxed browser but scanned files number is always same. File: status changed correctly so that's why I believe everything is ok. Some wiser can correct if my opinion is wrong

File status changed? Can you explain what this means?
I think Marcos at some point stated that IMON wasn't able to scan inside a sandbox, that's why I'm amazed about your findings.

[MikeNAS]

Quote:

Originally Posted by Stijnson

That's great MikeNAS. Could you also let me know how AMON behaves INSIDE the Sandbox? Does it scan all files, so also the files IMON doesn't?

AMON working correctly. Scanned files number is ok too.

Quote:

Originally Posted by Stijnson

File status changed? Can you explain what this means?
I think Marcos at some point stated that IMON wasn't able to scan inside a sandbox, that's why I'm amazed about your findings.

I mean that IMON actually see sandboxed browser web page address and files.

[Stijnson]

Quote:

Originally Posted by MikeNAS

AMON working correctly. Scanned files number is ok too.



I mean that IMON actually see sandboxed browser web page address and files.

So it DOES show the correct url in IMON, but the number of files scanned doesn't increase? Is that a correct assumption?
This could also mean that the files aren't being scanned by IMON at all, just showing the correct url...Hmmm.
Does AMON scan these files I wonder.

[MikeNAS]

Quote:

Originally Posted by Stijnson

So it DOES show the correct url in IMON, but the number of files scanned doesn't increase? Is that a correct assumption?
This could also mean that the files aren't being scanned by IMON at all, just showing the correct url...Hmmm.
Does AMON scan these files I wonder.

That's correct assumption. AMON scans sandboxed saved files.

[Stijnson]

Quote:

Originally Posted by MikeNAS

That's correct assumption. AMON scans sandboxed saved files.

Saved files being files downloaded and saved outside the sandbox? But what about the urls and links a user visits while browsing in a sandbox?
Wouldn't this be harmful?

[MikeNAS]

Quote:

Originally Posted by Stijnson

Saved files being files downloaded and saved outside the sandbox? But what about the urls and links a user visits while browsing in a sandbox?
Wouldn't this be harmful?

saved files = inside of sandboxie and of course outside too

urls and links aren't harmful because all files are inside of sandboxie and if something comes to your sandboxed computer AMON scans that. And of course just empty your sandbox and everything is gone.

[Stijnson]

Quote:

Originally Posted by MikeNAS

saved files = inside of sandboxie and of course outside too

urls and links aren't harmful because all files are inside of sandboxie and if something comes to your sandboxed computer AMON scans that. And of course just empty your sandbox and everything is gone.

All I needed to hear. Thanks Mike, you've been of great help!