Do security programs reach inside SBIE?

Perhaps a stupid question... forgive me, it is a hard habit to shake.
Will an AV or a HIPS (just for two examples) flag a malicious file inside Sandboxie, without the AV or HIPS being given access by me in the sandbox?
In other words, if I download something that the AV has a signature for, will the AV flag it, even without me recovering the file from the sandbox?
I've seen VIPRE block list prevent a page from loading in a sandboxed browser, but bad site blocking and web filtering are firewall functions in VIPRE, or so I believe.

 

I don't think so, unless you've made resource access exceptions. Can be detected by HIPS on execution though (not sure about AV).
Network traffic isn't sandboxed, but can be whitelisted.

 

AV will definitely detect files which are saved/modified in your sandbox. SBIE just redirects file requests to its sandbox, BUT those redirected file requests have to go down to your file-system drivers (fat/ntfs) and these requests are handled by AV scanners. AV don't care where these files are located (if they're on your local disk/network/or in the sandbox folder). I'm not sure about actions on the infected files (e.g. delete/repair/moving to quarantine) -- it depends how it's implemented in your AV.

 

What I use to do was, block the virus, then delete the sandbox. If Vipre
puts the virus in quarantine, delete the sandbox and then delete the
virus that was quarantined.
Vipre will detect malware, sandboxed/unsandboxed but the location of the
detected file will be different. If sandboxed, the file will be in C/Sandbox.
Just remember, something gets detected, block it, delete it, quarantine,
afterward, delete the sandbox and the file if it was quarantined.

Bo

 

Yes, I asked this question on the Sandboxie website a few years ago. Sandboxie allows things into the sandbox but not out, so your scanners can go into the sandbox.

Acadia

 

Thanks, Acadia. But the question is also whether AVs can do this without being granted access by the user.

And by any chance, did you bookmark that thread?

 

You don't need to do anything, the virus is detected normally, because your
AV treats the Sandboxie folder in C as it treats any other folder. Vipre is
allowed to go into the Sandboxie folder and detect the file, delete it or send
it to quarantine.

Bo

 

Bingo! I should have thought of saying that, thanks bo elam. Your av goes into that "folder" just like any "normal" folder.

Acadia

 

Original question:

Do security programs reach inside SBIE?

From the Sandboxie FAQ:

Operating outside the sandbox, the anti-virus can reach into the sandbox folder, pull the virus file, and move it into quarantine.

My thanks to bo elam for PMing me the link to Sandboxie Virus FAQ, which contains the following...


Bo knows.

 

Thanks for that. Good information to have.

I can't wait for a decent free sandboxing program.

 

Avast must've been an exception then.

I thought Chrome's sandbox is enough for your Hungry Man.

 

For Chrome it is. Java and other internet facing apps can't benefit from that.

 

So Sandboxie and Comodo aren't decent enough for you? What about BufferZone?

 

Sandboxie isn't free. So no it won't due.

Comodo is decent enough for now, but apparently 6.x will introduce much better sandboxing/ customizing. I'm just waiting until then.

 

There is a free version of Sandboxie.

 

Yes, but it doesn't offer everything I'd like and I don't like having to right click and "open in sandboxie" I'd rather applications just be forced.

 

Okay, but not offering everything you like is not the same as not having a free version, is it?

 

Yup. True.

 

Sandboxie only costs €29,- though.
That's a lifetime license and for an unlimited amount of computers you own, for home usage that is. Pretty low pricing imo.