sandboxie question

Yes it is actually sandboxed if it is downloaded to the sandbox folder.
Scanning it while it is in there is a different story, at least for me.
For a test I downloaded setup_av_free.exe (from the avast site, which takes you to cnet download.com).
Prevx issued a FP alert while downloading, saying the file was infected. (Sigh)
Right-click scanning (in the sandbox) with MBAM was successful and said the file was okay.
But I could not right-click scan with either HitmanPro or Prevx because of Sandboxie start/run access restrictions... meaning that I need to add those two programs so they can start... which I intend to do.
Which leads me to wonder why MBAM started in there without being added?

In addition, the file could not successfully be uploaded from the sandbox to either jotti or virustotal, which I suppose isn't that surprising, because I think that would be the same as "escaping" from the sandbox. (?)

Edit in: I was unable to upload the file because it was too big. A smaller file did upload from the sandbox, which presents a whole new question for me.

 

Because both prevx and hitmanpro require internet access to cloud scan. MBAM does not. Unless have your sandbox allowing internet access.

 

So they both actually need internet access and start/run access, don't you agree?
And what about the inability to upload to jotti or virustotal?
No SBIE error is given when attempting... the upload just sits there and hangs forever.

 

Good question. I ran a scan test with MBAM via the right click method also with a program I downloaded from filehippo and it scanned the file ok while in the C:\ Sandbox folder. Never tried anything else so far. Maybe one of the resident Guru techies can give us some further insight into this.
My main question is that if that downloaded program is actually sandboxed or not and after it is scanned is it safe for immediate recovery.

 

It is actually sandboxed.
Let me ask you, why do you think that it might not be?
When your browser is sandboxed, do you also wonder if it is actually sandboxed? (Not being sarcastic, just trying to make a point.)
As for it being safe after being scanned... it's as safe as any other program that you scan with the apps that you have on hand.

 

This situation actually presents another question...
If I give HMP and Prevx both permission to start/run and access the internet in a sandbox with Drop Rights in effect, are those applications hindered from doing what they do, due to Drop Rights?

I added both apps to the browser sandbox (both with internet and start/run access) and HMP will complete a right-click scan, but Prevx causes SBIE to throw up a SBIE2203 failed to communicate with Sandboxie Service error message.

Guess I'll have to post that on the Sandboxie forum.

If anyone else has experiences with these apps scanning downloaded files in a sandbox, me and lws would like to hear from you.

 

I am really asking this as I am just feeling my way around with sandboxie as I am new to the program. Best to ask when in doubt. For one thing I didn't see the # symbol which indicates if a program is sandboxed so it kind of got my curiosity going.

 

if you use Chrome you won't see the #.
could be true for other apps as well and i think it has to do with how the GUI is built.

but if you go in Sandbox Settings/Appearance you can enable Sandboxie to display a colored border around the window.
this way, you know instantly Sandboxie is working.

 

Right-click the downloaded file, select Properties, and look at the location path... it'll say something like C:\Sandbox\etc

 

Like Page said, the file it is sandboxed and most scanners or AV(Avast etc)
should be able to scan them. Some AV have had problems scanning those
files in the past but after sometime that gets fixed. Right now I don't have
a real time AV to do the test for you but I am able to scan the folder with
MBAM but not HMP.
If you using a real time AV, like MSE for example, the file gets scanned
as its downloaded so in my opinion you really don't need to scan it again.
Personally I never go into that folder, if some malware happens to be in
there, who knows what can happen if you click on the wrong file or exe.


Bo

 

Thanks for both your inputs. I am not using a real time AV at the moment. I have the Virus Total tool bar installed in firefox so I am able to scan a dowload with it initially. Then I can always use MBAM to do a further scan.

 

getting back to the original point of the post...

ill post a screenshot of it next time i encounter it, i would recognize a virus because i have alot of experience getting rid of them and i know for the most part how they work but ive never run into a page like this.

 

stephenjg, if you are browsing sandboxed when you get a pop up like the
one in the picture, just delete the contents of the sandbox or terminate
all programs and you ll be clean. Your system will not be harm.
I know it sounds simple but that's how it is when you use Sandboxie.


Bo

 

Dear Sul.

Thank you for helping me out. Thank you for searching and finding the thread for me. I took some time to learn the Sandboxie and now have come up with an Sandboxie.ini which I think fits my need.

This is the first time, it allowed me to use Sandboxie and enjoy it at the same time. Basically, really use the Sandboxie. Though, I am still learning and will most probably ask you some more questions later.

Once again thank you for your help!

Best regards,

KOR!

 

Hi Sul.

LOL! My first question.

My TouchPad and Mouse Driver on my Asus laptop is from Elan.

http://www.emc.com.tw/eng/st_tpn_sp.asp

However, it does not show up under:

Settings > Applications > All Applications

So that I can add it. The mouse driver doesn't work properly when I use Sandboxie.

I see Synaptic TouchPad and other mouse drivers in the list but not Elan mouse driver.

How can I add this?

Best regards,

KOR!

 

I run Sandboxie on-demand occasionally, so I wanted to put Sandboxie service to manual so it only starts when starting Sandboxie, however, even if I start Sandboxie Control as admin, it cannot start the service and I have to start it manually.

 

Thank you, i wasn't sure since a codec would technically install onto a program i wasn't sure.

 

I encountered a screen very similar to that last summer.
I click NO (or cacnel) and nothing happened, I went on my way thinking all was well.
Next morning, I booted up and I had a fake AV running almost instantly.
It was nearly impossible to remove.

That's when I dumped ESET and came up with the security config. you see in my signature.

I've only had one scary moment since (a lock screen that I couldn't shake)
I couldn't even shut down my computer, so I unplugged it !!!!

When it rebooted, everything was in the Sandboxie folder and I deleted it.
Problem solved.

 

Is there anyone who would be willing to talk in message form about this stuff, i just need to sit down and have someone go through my settings and make them as secure as possible and id really love to have someone test two sites, if i wasnt on my main pc id test them and not worry but this one if i lose id be very sad...

 

here's my setup for Chrome:

- Appearance/Display a border around the window (because Chrome does not show the # indicator)
- Delete/Delete Invocation: Automatically delete contents of sandbox
- ProgramStop/Leader Programs: i put Chrome there.
read the description to give you an idea of what this does.
- Restrictions/Internet Access: i only have Chrome in there.
- Restrictions/ Start-Run Access: again Chrome only.
you could add dllhost.exe to save to desktop
- Restrictions/Drop Rights: check the box to activate
- Applications/Web Browsers: i have everything checked in there for Chrome.

anyway, this should be a good place for you to start.
hopefully, more people will join to the discussion and share their hints and tips!

 

If you google (bing) --- ssj100 security -- you can learn a lot about configuring sandboxie there.

One of the best tricks is to go to -->Start --> Sandboxie --> Run Windows Explorer Sandboxed -->right click and choose 'Pin to taskbar' ...this makes it a little bit easier to open explorer sandboxed.

 

I have a question. Maybe a stupid one. Is there any trick to force folders in Sandboxie free?

I was thinking. If I open a certain folder with the a sandboxed Win. Explorer, will that folder be sandoboxed after that for every application in Windows?

 

No but you can buy the program for cheap 1 yr license. Stop trying to work around a wonderful program and support it.

 

Like post No.2 and others have said, if you recover the download, you also recover the infection.

What I do and I do not know if the experts agree, is recover the item to my desktop. THEN I scan it with AVG 2011, MBAM, Emsisoft AM or HMP to see if I have invited bugs into my parlour.

John

 

If you are using the free version of Sandboxie, it is a a very good idea
to open Windows explorer sandboxed. You can create a shortcut for a
sandboxed Windows explorer so in a way it is like having a forced
Windows explorer in the free version.
Your thinking its correct, you can go to most folders and open them
sandboxed after running a sandboxed Windows explorer. Doing so, you
can even open your USB drives sandboxed.
Your question is not stupid, actually is very smart and it shows that
YOU can take Sandboxie as far as your imagination allows you.

Enjoy the sandbox

Bo