Sandboxie Pro questions

Discussion in 'sandboxing & virtualization' started by Hungry Man, Sep 2, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man
    Online

    Hungry Man Registered Member

    I'm now using Sandboxie Pro but Digsby won't seem to work with it. I get an error that it can't access digsby-app.exe.log.

    I've tried giving direct, read-only, and even full access to the entire C:\program files\ digsby folder but nothing.

    I may also have other questions >_>
  2. Page42
    Offline

    Page42 Registered Member

    What? You're using the paid version? WTG!

    Okay, your question... does this help?

    Or this?
  3. Hungry Man
    Online

    Hungry Man Registered Member

    Haha, yes, paid.

    Unfortunately that person is having a separate issue =\

    EDIT: Ah, reading teh edit.

    EDIT2: Just as a test I gave "full access" to the C drive. That solved it - but obviously it's not a great solution. I tried full access to the Digsby folders but it didn't work.

    More experimenting to do.

    EDIT3: Direct access to C\ works too. Not Read-Only. I guess that means it's writing something.

    EDOT4: narrowing it down...
    Last edited: Sep 2, 2011
  4. Hungry Man
    Online

    Hungry Man Registered Member

    Solved :D I needed to add both the program files folder AND the virtualroot folder created by Comodo, which is also sandboxing digsby.
  5. 1chaoticadult
    Offline

    1chaoticadult Registered Member

    Why would you double sandbox Digsby? I don't get it?
    Last edited: Sep 2, 2011
  6. Hungry Man
    Online

    Hungry Man Registered Member

    I had it sandboxed already by Comodo. Now I have it sandboxed twice I guess o_o

    I'm still deciding whether or not to remove Comodo or if I should simply use both at the same time.

    I made another topic about this =p

    http://www.wilderssecurity.com/showthread.php?t=306775
  7. 1chaoticadult
    Offline

    1chaoticadult Registered Member

    I personally think its unnecessary but its your choice.
  8. Hungry Man
    Online

    Hungry Man Registered Member

    It seems that if I run Java in a Sandboxed Chrome I need to allow Java to run in that sandbox and can't use a separate sandbox for it.

    By sandboxing further with Comodo I keep Java isolated. Or at least that's how it seems.
  9. wat0114
    Offline

    wat0114 Guest

    Although an older thread, there are many informative posts in it on how to configure Sandboxie securely. Even if you just read the posts by ssj100 and an excellent one by Sully here who gives a nice example explaining the config file entries for his configuration, you will gain valuable insight on the product.
  10. Hungry Man
    Online

    Hungry Man Registered Member

    Thank you.
  11. wat0114
    Offline

    wat0114 Guest

    You're welcome and I hope it helps.

    BTW, I don't use Sandboxie any more, as you know ;) but I checked my saved config file and I don't have java in it anywhere, even though I have chrome.exe sandboxed via FQP (fully qualified path). Clearly I'm no expert on the product, so I can't offer any explanation as to why.

    Code:
    [Web_Browser_Sandbox]
    ConfigLevel=7
    AutoRecover=y
    Template=Chrome_Preferences_DirectAccess
    Template=Chrome_History_DirectAccess
    Template=Chrome_Bookmarks_DirectAccess
    Template=Chrome_Force
    Template=IExplore_Favorites_RecoverFolder
    Template=IExplore_Favorites_DirectAccess
    Template=IExplore_Force
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    RecoverFolder=L:\user_name\Downloads
    RecoverFolder=C:\Users\user_name\Downloads
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,off
    Enabled=y
    BoxNameTitle=y
    ForceFolder=C:\Users\user_name\AppData\Local\Google\Chrome\Application\chrome.exe
    ForceFolder=C:\Program Files (x86)\Internet Explorer
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,chrome.exe,iexplore.exe,googleupdate.exe,GoogleCrashHandler.exe,SuRun.exe,rundll32.exe
    ProcessGroup=<InternetAccess>,chrome.exe,iexplore.exe,GoogleUpdate.exe
    NotifyStartRunAccessDenied=y
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    ClosedIpcPath=!<StartRunAccess>,*
    
  12. Hungry Man
    Online

    Hungry Man Registered Member

    Did you ever run Java?

    EDIT: I'm currently trying to sandbox other programs - specifically ones that ever need admin or ones that touch the internet.
  13. wat0114
    Offline

    wat0114 Guest

    You know, I can't remember if I did or not the few days I used SB with Chrome sandboxed?? For kicks I will fire up the vm and try it out.
  14. Hungry Man
    Online

    Hungry Man Registered Member

    Haha, alright. Let me know if you manage to separate the two. I don't think it's possible but I've managed to sandbox java alone with Comodo.
  15. wat0114
    Offline

    wat0114 Guest

    Confirmed, I had to allow java.exe both start/run access and Internet access, and jp2launcher.exe only start/run access.

    *Edit" tried separating the two but it won't work just as you encountered. It seems java entries have to be included in the chrome sandbox.
    Last edited by a moderator: Sep 2, 2011
  16. Hungry Man
    Online

    Hungry Man Registered Member

    Yeah, I figured. That's why I like using Comodo too.
  17. Hungry Man
    Online

    Hungry Man Registered Member

    If someone sends me a link in Digsby can I make it open in the Chroem sandbox?
  18. Sully
    Offline

    Sully Registered Member

    One option you might choose to employ is to create a sandbox for a browser(s), and anticipate it will not be deleted very often. You can then install java or flash, or whatever, into that sandbox. Now you have easily kept java/flash usable but segregated. When/if you delete this box, you would have to install java/flash again, but that is not too extensive really.

    I have been installing java on my system because I have been using some web interfaces to different products like routers and NAS, which require java for some specific features. However, only certain sandboxes (really that means certain browsers for me) are allowed to use it. Until there is a true breakout of sandboxie by something, I don't know that dual sandboxing is really going to benefit you.

    Right now I have been using Integrity Levels on my browsers, along with sandboxie. As an admin with UAC off, it is problem free, and from everything I have ever tested it against, it poses no security risk as long as you understand what is going on within the sandbox (like keyloggers etc). My sandbox rules prevent this anyway, just noting that you still have to be aware of what happens within the sandbox if you use default settings.

    There are so many ways to utilize 3rd party tools in conjunction with what is available in the OS. I try to get along without 3rd party tools, especially noisy ones that ask a lot of questions or need many answers or that are really resource intensive. Some like geswall or other tools, which do things differently than sandboxie. But for me, sandboxie, configured to my desired specifications, is currently offering everything I need in security with the only thing left for me to deal with being executing a downloaded file in the real system.

    Hungry Man, you might take a look at Busters Sandbox Analyzer.

    After you get your feet wet, you may well decide to keep sandboxie. I would recommend you dig a little deeper into the .ini file and syntax. You can do more in there than in the GUI, IMHO.

    Sul.
  19. Hungry Man
    Online

    Hungry Man Registered Member

    I'll look into it Sully, thank you.

    Definitely still configuring and tweaking. I'm sure I'll move onto more than just the GUI soon.
  20. Sully
    Offline

    Sully Registered Member

    I know that you run tools to inform/protect your, most of which would monitor things globally. I did not want such things running, but did want to maintain system integrity, so I changed how I do things and compartmentalized how I use sandboxie. I use many sandboxes, each for a specific program and purpose. I really like knowing how things are going to interact, or rather not interact, both in sandboxes and in the real system.

    I would encourage anyone playing with sandboxie paid to try different sandboxes for different purposes/programs, and see what they can come up with. Using one or many sandboxes is neither good nor bad, rather using what you need is best.

    Sul.
  21. Hungry Man
    Online

    Hungry Man Registered Member

    I don't like the idea of switching sandboxies, that's the main issue. I'd much prefer a single dedicated sandbox for each program. I want to forget I have Sandboxie installed in a sense - or at least have the ability to.
  22. bo elam
    Offline

    bo elam Registered Member

    That is pretty much how I feel. Using SBIE for just about everything, can
    be done with very little thinking required. In a way, it becomes automatic.

    Bo
  23. Hungry Man
    Online

    Hungry Man Registered Member

    Yeah, I want my sandboxes to be set up with ease of use in mind but as long as each one has its own configured settings I think the security benefits will be very great.
  24. bo elam
    Offline

    bo elam Registered Member

    Just take your time. You don't need to create or configure all your sandboxes
    in one day. Do it along the way.

    Bo
  25. Hungry Man
    Online

    Hungry Man Registered Member

    Oh, for sure. I think I've got it set up as well as I need it to be.

    Just still learning =p
Thread Status:
Not open for further replies.