Sandboxie Questions

What steps should I take to configure it. Ive already limited it to only allowing my browsers to run and connect to the internet, what else should I do?

How much will I be compromising security by allowing bookmarks and history to be saved?

Thanks in advance guys!

 

You might want to go to Resource Access - File Access - Blocked Access and add "sensitive" locations. I personally block access to my to my entire D: (data) partition but you can include My Documents or files like mytaxes or whatever. Just keep in mind that whatever is running in the sandbox (good or bad) cannot have access to the location/s.

Edit: Oh and I allow saving of bookmark and history for firefox. You may also want to go into the applications section and see if anything running needs "added" for compatibility reasons.

 

Thanks SSJ and Innerpeace, thats exactly what I was looking for!

 

Regarding steps 10 and 11 in ssj100's configuration list, I would also suggest you consider the type of deletion you want. As explained here http://www.sandboxie.com/index.php?DeleteSettings and here http://www.sandboxie.com/index.php?SecureDeleteSandbox, Sandboxie's default deletion command is the Window's standard RMDIR. If you aren't concerned about secure deletion of your sandboxes' contents, or if you aren't concerned about malware possibly being automatically backed up in System Restore, then RMDIR is fine. Otherwise, you may want to use a secure delete command explained in http://www.sandboxie.com/index.php?SecureDeleteSandbox

If you already have CCleaner on your system, then it also can be configured to secure delete the contents in all or some of your sandboxes.

 

Thanks for the links Doodler. I can understand how eraser would securely delete something, but how does it help with system restore? Afaik, if the sandbox is undeleted at the time of the creation of the restore point, then whatever contents will be restored if you restore from that particular restore point. Or atleast this is how I understand it. Even if you were to delete something with Eraser if you restore to a point when the sandbox was undeleted then whatever you deleted will be restored as well, even if you use eraser or something similar.

EDIT: Thanks for the stuff on secure deletion, ive been looking for something like this!

To my knowledge the only work around to system restore is to set one of the folders as a temp so that sys restore wont back it up when you restore it.

Could someone confirm this for me?

 

Dregg Heda, Yes.

To prevent clashes with system restore, rename TMP or Temp.

 

There are a number of threads in Sandboxie's forum about System Restore and secure deletion of sandboxes. This is just one example: http://sandboxie.com/phpbb/viewtopic.php?t=4177&highlight=restore

Guest10's post sums it up: "Once a file in a sandbox folder is securely deleted, System Restore will have nothing to backup."

 

Ive read the entire thread, and there seems to be some confusion as to how system restore works and how secure delete relates to this.

For me the only this would make sense is this: Whenever a restore point is made system restore notes all the files on the system. Then when a particular file is deleted system restore checks if it is required in any of its restore points, and archives those files which are required for restore, perhaps by ensuring said files are not overwritten, or perhaps by some other means. Whenever a particular restore point is restored, the necessary files are activated. Perhaps secure delete, by completely overwriting the files prevents windows from archiving said files when they are deleted, hence they cant be activated even if there is a restore point which was made when those files were still on the system. Does this make any sense?

Any other ideas? Edit:Anyone else can shed some light on this?

Whatever the case I dont use system restore so it doesnt really matter to me.

 

Out of curiousity what if anything are you using instead of System Restore? The reason I ask is that I too do not use System Restore but instead am relying on my backup software.

John

 

Yea same here jp!

My guess is that if the sandbox is undeleted when you make the image, whatever malware is in it will be saved in tact in the sandbox when you restore. If you delete the sandbox before making the image then I assume that your image wont have the malware on it. And hence no malware on your restored system. I doubt secure delete would affect this.

 

^^ but which comes first ... the chicken or the egg ... har har

System Restore ignores TMP or Temp files and monitors for Vista this list of file extensions, so for the Sandboxie container destination file to be anywhere else leaves you at risk - this is the only way I know of to prevent any mishaps with System Restore catching anything nasty inside a sandbox at the time of a system snapshot. Maybe I'm wrong, does anyone else know of another solution? I haven't heard of any other solutions other than turning System Restore off completely.

Just doesn't make good sense to rely on the sandbox to be completely clear at the time of a restore snapshot, who knows when a snapshot happens?

How to avoid: example; create either destination; C:\TEMP\SANDBOX or C:\TMP\SANDBOX

goto: Sandboxie Control - Sandbox - Set Container Folder, link to where you made new temp destination. Bingo!

------------------------------------------------------​

Also for multiple accounts.

Set Container Folder

The Set Container Folder command selects the container (or master, or parent) folder which will contain all other sandboxes. The default location is X:\Sandbox\%USER%\%SANDBOX%, where X: stands for the drive where Windows is installed, typically C:.

The special variable %SANDBOX% is replaced by the name of the sandbox.

The special variable %USER% is replaced by the name of whichever user account (or logon) is using that sandbox. Note that a sandbox created in one user account is visible and can be used by other accounts in the system.
However, if the container folder includes the %USER% special variable, then the user accounts don't actually share the same sandbox. Each account has a seperate instance of the sandbox.

^^ from Sandboxie site.

 

Didn't know that - great tip - thanks Keyboard Commando...

philby

 

A while back I considered changing my destination folder to C:\temp\sandbox or c:\tmp\sandbox. But, I ultimately decided against it because I frequently use some special programs to clean out my system's temp and tmp folders and I figured sooner or later I was going to slip up and delete my sandboxes.

Instead, I use CCleaner's secure delete and, as I understand it, that process results in the applicable sandboxes being emptied before System Restore (which I do use occasionally) has an opportunity to back up their contents.