Sandboxie Acquired by Invincea

Yes, as you have it now, the only program with internet access is Firefox.

Bo

 

as long firefox has access this is goal not possible but you can raise the level to gain for malware.

 

Thanks, Bo.

 

Thanks Bo. Now that I have had a few hours to think about it, it makes sense. I disabled internet access for keepass because it only uses it to check for updates, which I have turned off.

@Brummelchen I understand that. This is just an extra layer in my security. Firefox is also denied access to my personal documents.

 

pling_man, regarding what was written by Brummelchen, the key is not to install any malicious addon as they can hijack Firefox and use it to phone home. So, be careful with the extensions and plugins you install.

Bo

 

Thanks I will. I have removed Flash plugin because I think its too risky. I only have a short list of others I use that I trust.

Currently, I have these settings in my default sandbox. Is there any advantage to creating a separate sandbox instead?

 

Regarding Flash, this in how I handle it. In one of my computers, I require Flash everyday, I use it everyday, so I have it installed in that PC. Since I only use Flash in Firefox, I only install the plugin for Firefox and not the Active X for IE. At no time, I ll run any content with Flash out of the sandbox.

In my other PC (W7), I hardly ever require Flash. So, in that computer I don't install Flash in the system but I keep a sandboxed installation of Flash that I save in My Documents. In the rare occasions that I need Flash in the W7, I copy this folder (that I saved in My Documents) and place it inside C>Sandbox>User. And I am ready to go. All this doing takes less than a minute.

Before I started handling Flash that way in the W7, I used to make a new install of Flash in a sandbox (make sure the sandbox its not set to delete on closing). And then run Firefox in it. Both programs interact perfectly well using them that way. After I finished using Flash, I deleted the sandbox manually.

I think you forgot to add something, you said, "I have these settings in my default sandbox", but I don't see the settings and you ask about whether there is an advantage with creating a separate sandbox.

A clear cut rule about Sandboxie. The more you separate programs from each other and the system the better. Isolation, sandboxing works better that way. When you do that, you getting all the juice out of Sandboxie. Using dedicated sandboxes allows you to restrict them more and you do it according to the Leader program. So, thats what you want.

Bo

 

My pleasure, Page .

Bo

 

It's so far running without any problems. BTW, I noticed that Invincea is now also featured on VirusTotal, very interesting because it doesn't use signatures to identify malware. I wonder if SBIE will eventually also offer a simplified version of the behavior blocker.

 

As that has been said n times: Will never happen neither now nor the future.

 

Hi Rasheed, 5.13.8 is working nicely here as well. A few days ago, I did notice it (Invincea being listed at Virus total).

Have you seen this? Should make you happy.



Bo

 

No, I didn't even see this, very cool. I was running Vivaldi "sandboxed" by SpyShelter the last few weeks, but I will now switch back to Sandboxie.

Yes, I know it's not likely. But apparently they are so confident that they are even listed on VT. So if it's so good, then a dumbed down version that's either integrated with SBIE or as a standalone tool would be quite interesting.

 

When I saw the settings for Vivaldi, I knew you ll like it.

Check this links, they are about X at Virus total.
https://www.invincea.com/2016/08/in...chine-learning-engine-featured-on-virustotal/
http://blog.virustotal.com/2016/08/virustotal-invincea.html

Bo

 

Sandboxie Release candidate 5.14 has been released.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=58&t=23084#p121863

Bo

 

Q: does 'Allow direct access to Firefox phishing database' satisfy all Firefox built-in phishing and malware protection.

e.g., Block reported attack sites, Block reported web forgeries, Block dangerous and deceptive content, Block dangerous downloads, Warn me about unwanted and uncommon software.
5.14 RC

 

By default, when you open Firefox, the phishing database gets updated automatically. When you allow Direct access to Firefox phishing database what you doing is allowing the update of the database to be saved out of the sandbox. If you don't allow access to the database, then next time you run Firefox outside the sandbox the size of the update will be larger than what it is when you allow access to the database. Thats the difference of allowing or not allowing access to the phishing database.

So, regardless how you set access to the phishing database, attack sites, etc, will be blocked unless you untick the options for that not to happen in Firefox>Options>Security.

I personally prefer not to allow access to the phishing database and untick all options for blocking attack sites, etc, in Options>Security.

Bo

 

Okay, so direct access to 'phishing database' equals newer phishing and malware protections. I'm asking because recent Firefox seems to have expanded protections. Block reported attack sites, Block reported web forgeries, Block dangerous and deceptive content, Block dangerous downloads, Warn me about unwanted and uncommon software.
I'm not aware whether old phishing database template encompasses newer Firefox added malware protections.

 

You are OK. Firefox saves this database in files cert8 and blocklist, and in the Safe browsing folder in your Firefox Profile folders in AppData.

If you navigate to your Firefox Profiles folders and look at the time stamp of cert8 and blocklist, its likely the time stamp is as of sometime today. While the rest of files there will have the date of last time you updated addons or Firefox itself. Or last time you opened Firefox unsandboxed.

Same with the Safe browsing folder, you ll see files created there....today....if you are allowing access to the phishing database. If you are not allowing access, you ll have no new files there and the mentioned files (cert8 and blocklist) will have the date of last time you ran Firefox out of the sandbox.

Bo

 

Okay, "cert8" is .db file, whats in the db file? and "blocklist" is XML with add-ons blocklist.
Okay, phishing database = cert8 + blocklist + safebrowsing.
Guess, I need to ask Mozilla where the Block dangerous downloads & Warn me about unwanted and uncommon software database resides. I'm assuming phishing and malware repository is not cloud based.
Thanks

 

Read here for cert8, click Files.
http://kb.mozillazine.org/Profile_folder_-_Firefox#Files

Bo

 

Security certificates....?
Okay, bottom line. What ever is available regarding phishing and malware protection is allowed to write outside sandbox by direct access to phishing database.

 

Thats it.

Bo

 

I need some help getting Chrome to work in Sandboxie.

I have run Chrome outside of Sandboxie and set up some passwords for a couple of websites. I have tested this by visting the website and the username and password fields are automatically filled in.

But when I run Chrome inside Sandboxie the fields are empty. What is going on? I would have thought read access was all that was needed.

Under Settings/Applications/Web browser/Google Chrome I have set:

* Force google chrome to run in this sandbox
* Allow direct access to Google Chrome phising database.

 

Perhaps you need to allow direct access to Google Chrome passwords in Sandbox settings. There is a setting for that there.

Bo

 

Nice to hear Bo. I've been off trying other things but looks like I'm stuck on Windows for a while yet. Good to know SBIE is back to doing what I need. Feel much safer!

Keep up the good work my friend.

Cheers