Sandboxie restriction advice

Oh... I don't use Hitman/Hitman Pro. I thought it was just meant to be used as a global scanner, and not just to scan 1 file as well, for example.

So, the problem is that when you choose to scan some file with Hitman, by right-clicking that file, Hitman will start sandboxed. I hope I got it right, this time?

If that's the case, then right-click Sandboxie's tray bar icon and choose Disable Forced Programs (something like that in English). You should have a few seconds to start the scanning.

-edit-

Someone has requested such feature to be added to Sandboxie, so that users are able to exclude certain processes from ever being sandboxed, while the others still are.

-http://www.sandboxie.com/phpbb/viewtopic.php?t=9508&sid=2b3be029bcaaecdaca569c909713c76f

I guess you could also express that wish.

 

No, if you mean by selecting the deletion method via Eraser's GUI, it won't do anything. There is a discussion in one of the Sandboxie threads here about altering the deletion command in the sandbox.ini and some people were able to change the default deletion method that way.

BTW, are you using Eraser 5? (an older version), because I was unable to get the most up-to-date Eraser 6 to work so downloaded older 5. The secure deletion method is set up for 5 (not sure why) for 6 the default command doesn't work. Maybe there is a reason why -- maybe 6 does work with Sandboxie (anyone?).

 

Thank you very much!

As far as I understand, this feature is at low priority. I suppose I'll have to do an on-demand scan on single files on desktop, and if malicious, I'll delete it manually.

Thanks again for providing me with good information!

 

Your problem is that you have enforced and excluded a "namespace", the desktop. You should probably not choose the desktop as your download location or create exclusions (direct access) for it.

A namespace such as desktop has certain special features. One of them is the context menu. A lot of strange things might happen becuase it is a namespace.

The other issue you will forever run into is that when you use a context menu, you usually get your menu built depending on what you have right clicked on. Whether your download directory (that is both forced into one box and given direct access to other boxes) is on desktop or at c:\downloads, the act of right clicking does bring up Hitman context menu, but because when you execute it you are actually executing and passing the directory as a variable (%1), which is the forced directory, it will always start sandboxed, just as it should.
EDIT: not that it will always, as you do have options, but describing what will happen normally

Instead, create a shorcut that passes the directory to scan. If you continue to use the desktop as a forced folder, then you cannot place that shortcut there. But if you were to use c:\downloads as your forced folder, you could place a shortcut on the desktop for Hitman to scan it, something like "c:\program files\hitman folder\hitman-program.exe" -scan c:\downloads --- or whatever the correct command is, I don't know.

Sul.

 

Aha! I see where you're going.

So I did solve this, thanks to Sul's inspiring post. I created a shortcut on desktop. The shortcut including commandline was quite simple; "C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe C:\Users\Gabe-Gamer\Desktop\".

Now it scans the specific sandboxed area while Hitman being outside the sandbox and being able to remove malicious files without problems. All that is required to do the on-demand scan is a simple double-click or mark the shortcut and hit ENTER.

Thanks again, Sul! I think sandbox combined with the on-demand scanner is as tight as it can get now!

 

Nice one! I would never have thought about it, in all honesty.

 

I am using Eraser 5.3.
And why won't selecting the deletion method via the Eraser GUI do anything?
I believe that the delete command is invoked by SBIE, but the Eraser preferences, i.e. 1, 3, 7 or 35 passes, are selected in the Eraser GUI. Why do you say they aren't?

 

You can't set the method in Eraser's GUI because Sandboxie is using the command line version of Eraser. The recommended line to put in is:
"C:\WINDOWS\system32\Eraserl.exe" -folder "%SANDBOX%" -subfolders -method Random 1 -resultsonerror -queue

If you want to change the desired method just change "Random 1" in the string to the new method. Eraser 6 won't work because the command line parameters were changed and are now not suitable for an automatic process.

 

Thanks for the info, Kid.
Do you know what to change the "Random 1" to if a user wants to utilize any of the other methods (3, 7 or 35 passes)?

 

"DoD_E" is the 3 pass Dod, "DoD" is the 7 pass Dod , "Gutmann" is the 35 pass. "Random x" is x passes with random data. Be aware that 3 passes is considered more than adequate to erase any personal data. The higher the number of passes, the longer it will take to complete.

 

can't find where to download eraser 5.3

 

The last update to version 5 was 5.8.8. It's available here: http://sourceforge.net/projects/eraser/files/Eraser 5/5.8.8/

Is there a reason you need 5.3?

 

i remember having the same problem with 5.7
but i see the problem can be fixed like in your 58th post.

 

Another thing you could do is restrict file access to 'read only'

Open sandbox setting > Resource Access > File Access > Read only > Add >
and then navigate to Local disk C and select.

That way, if you're hit by a malware, it can't write files to your C drive.

At least that's how I understand it.

Also, I'm attaching a pic of all the sand boxes I've added.

You can force your CD/DVD drive and any thumb drives to open sandboxed.

An interesting forum to visit is...
-http://ssj100.fullsubject.com/-
they have alot of Sandboxie related tips and tricks.

 

Great thread. Just a question for viewing and saving PDF files from within browser that is sandboxed, shoud I allow Acrobat.exe to have access to internet and also start/run access? I note SBIE popups when no internet access is given but still able to view and save PDF files. Is it more secure not to allow Acrobat internet access and still have pretty much normal funcitonality and thanks.

Gary

 

You don't need to allow Internet access to view PDF files from within the web browser. It's the web browser that actually downloads the PDF and then the PDF reader simply opens it.

The warnings you see from Sandboxie are most likely for Adobe Reader not being able to initiate the updates verification process. Something you can do manually, anyway.