SandboxIE+NOD2.7

Discussion in 'sandboxing & virtualization' started by Stijnson, Apr 4, 2008.

Thread Status:
Not open for further replies.
  1. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    At the moment NOD32 2.7 is my AV. This AV has 2 modules called AMON (monitors all disk writing/reading) and IMON (monitors internet files reading/downloading etc).

    Does anyone if these modules continue to work properly (read: scan files) when a browser is sandboxed? I hope there are other NOD32 2.7 users here who can help me out.
     
    Stijnson, Apr 4, 2008
    #1
  2. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Yes of course they work like before.
     
    MikeNAS, Apr 4, 2008
    #2
  3. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Apparently not, because the number of files scanned by IMON doesn't increase when browsing sandboxed. Or is there a workaround for this?
     
    Stijnson, Apr 4, 2008
    #3
  4. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I installed latest Sandboxie and latest (I can't download 2.7 NOD via their web pages) NOD. I run Firefox inside of Sandboxie and Web access protection number of scanned objects working like it should.

    EDIT: It's nice that I don't have to restart computer if I like to use NOD :D
     
    MikeNAS, Apr 4, 2008
    #4
  5. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Yes, but that means that you are using NOD v3 (which works without AMON/IMON modules).
     
    Stijnson, Apr 4, 2008
    #5
  6. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Yeah maybe that is problem :argh:
     
    MikeNAS, Apr 4, 2008
    #6
  7. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I guess so :D
    So my initial question still stands...:)
     
    Stijnson, Apr 4, 2008
    #7
  8. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I test version 2.7 now. I inform results soon.
     
    MikeNAS, Apr 4, 2008
    #8
  9. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    It looks like that IMON scans sandboxed browser but scanned files number is always same. File: status changed correctly so that's why I believe everything is ok. Some wiser can correct if my opinion is wrong :D
     
    MikeNAS, Apr 4, 2008
    #9
  10. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    That's great MikeNAS. Could you also let me know how AMON behaves INSIDE the Sandbox? Does it scan all files, so also the files IMON doesn't?
     
    Stijnson, Apr 4, 2008
    #10
  11. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    File status changed? Can you explain what this means?
    I think Marcos at some point stated that IMON wasn't able to scan inside a sandbox, that's why I'm amazed about your findings.
     
    Stijnson, Apr 4, 2008
    #11
  12. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    AMON working correctly. Scanned files number is ok too.

    I mean that IMON actually see sandboxed browser web page address and files.
     
    MikeNAS, Apr 4, 2008
    #12
  13. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    So it DOES show the correct url in IMON, but the number of files scanned doesn't increase? Is that a correct assumption?
    This could also mean that the files aren't being scanned by IMON at all, just showing the correct url...Hmmm.
    Does AMON scan these files I wonder.
     
    Stijnson, Apr 4, 2008
    #13
  14. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    That's correct assumption. AMON scans sandboxed saved files.
     
    MikeNAS, Apr 4, 2008
    #14
  15. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Saved files being files downloaded and saved outside the sandbox? But what about the urls and links a user visits while browsing in a sandbox?
    Wouldn't this be harmful?
     
    Stijnson, Apr 4, 2008
    #15
  16. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    saved files = inside of sandboxie and of course outside too :D

    urls and links aren't harmful because all files are inside of sandboxie and if something comes to your sandboxed computer AMON scans that. And of course just empty your sandbox and everything is gone.
     
    MikeNAS, Apr 4, 2008
    #16
  17. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    All I needed to hear. Thanks Mike, you've been of great help! :thumb: :thumb:
     
    Stijnson, Apr 4, 2008
    #17
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...