Settings for Sandboxie and SD ?

Sandboxie settings using Shadow Defender ?

Hi,

I want to use the combination of SBIE and Shadow Defender.

How to configure these programs to optimally perform ?

Which are your settings to the best security and privacy ?

I heard that even malwares can by-passed the virtualization software. I can understand if we 'commit' with SD an infected file or 'recover' with SBIE such file. How to be protected for this issue due to a malware misunderstandings ?

 

Re: Sandboxie settings using Shadow Defender ?

You'll then need a anti virus if you are not sure of a file, or if the file is small enough you can upload it to www.virustotal.com.
And bypassing a virtualization software is very rare for malware.

 

I have been using SB with SD. I have an exception directory so anything I download is saved when reboot due to SD, and also saved directly to real directory so I don't have to recover with SB. I open exlusions in SD and SB for my bookmarks as well, so they are not gone.

Ohterwise, when I reboot, the contents of the sandbox are gone due to SD not keeping anthing except the downloaded files and bookmarks.

Security based on virus scan alone may not be very good security. Not that it is a bad idea, but if that is all you rely on in your situation, you might be in for trouble one day.

Sul.

 

hi sully
how u set adirectory in sandboxie so that any downloaded file is saved directlywithout the need for the quick recovery warning

 

In SB, Resource Access>File Access>Direct Access -- place your exclusion to your download directory here. Mine reads c:\Documents and Settings\Sul\My Documents\MyDowloads.

You can set it for all programs, or just one program like Firefox or something. It allow direct access, read/write/modify/delete, to the directory you list.

So now, SB has direct access to a real place not a sandboxed place. You start Firefox normally, save to that folder. You start Firefox in SB, save to that folder. Both ways, the file is written directly, no recover needed.

I like this method because I can open browser in SB, download to that folder. Maybe it is a .pdf or something. I open it with Foxit in SB. But maybe I also want to navigate directly to that directory and open it outside of SB. This can be done while the sandbox is still open because recovery is not needed.

I also use SRP to place the directory and anything that starts within it to be a Basic User. I also have that directory set as a forced folder for a different Sandbox. This sandbox I call downloads, and it is denying outbound network access to anything within it.

So I dload something. I then open that directory, and execute the item. It will open in SB by default with no network access. I view it or whatever. If it should ever escape SB (assuming it is a bad thing), then the SRP restriction would take over and limit it to only a Users rights. If I want to start it for real, I will drag it out to somewhere else and then execute it. Sometimes I may drag it into another folder that SRP has restrictions on, and run it there outside of a sandbox, but still restricted. Or sometimes I may just drag it to the desktop and then start it with DropMyRights. Or drag it into a vmWare box. All kinds of things that are easy to do.

Sul.

 

Sully,

I'd like to know your opinion about my question posted above.

"I heard that even malwares can by-passed the virtualization software. I can understand if we 'commit' with SD an infected file or 'recover' with SBIE such file. How to be protected for this issue due to a malware misunderstandings ?"

 

thanks sully

 

I have not followed the POC much in that area. Rmus probably has. Either way, it is not something I will worry about. My image has an MBR backup in it. When I use SD, I don't intend to commit. I played with both SD and Rnil, and thought it out. For me, rather than risk anything, I just make exceptions. Then I stay in shadowed mode all the time. If I really want to install something, I will put the install in a folder, and collect those I want. Then at some point I will reboot without being shadowed.

I use SB in the same way I suppose. I don't really care if everything is delete, as long as my one spot for downloaded files remains untouched.

I guess after messing with them for awhile now, I will use SD which locks me down pretty tight, and SB which keeps my internet facing apps segregated. I will also use either LUA or SRP in Admin. Should something ever escape, any of those layers, I will put my image back in place.

Actually I am looking at Macrium Reflect paid version for my imageing rather than the free. It does have the ability to do incremental or differential backups, and supposedly they now have a boot menu option that takes you into some sort of PE, which I do now with BartPE via a ramdisk. So in terms of restoring my image, it takes less than 5 minutes now. Buying Macrium might lead to some better methods. ONe thing I questioned them about recently was if there would be a way to script an automatic image restoration on next boot. I figure this way it would be much like rollback software, but a little different. The responded with something like 'not yet, but we have considered doing that'.

So, how these virtualization attacks take place, I don't know. Whether or not they do escape, and whether or not they affect the MBR, I guess for myself I don't care. Unless there is someone who says 'dude, your images will be worthless in this case', I suppose I won't worry much. SD and SB along with LUA/SRP/DMR/Images will be enough for me.

Besides, if I have to worry about a program like SD or SB being compromised, as strong as they are, I think it might be time I moved over to *nix and learn some real geek. If it comes to that, I don't think I care to support peeps anymore, nor make applications to easy the users of MS systems. The only thing left at that point will be gaming. And what do I care if I put an image on every time I want to game. I could tweak the OS size to where it restores in a few minutes anyway.

Erm, perhaps that does or does not answer your question lol. Quite frankly, when I have read of things escaping SB or SD or Returnil or any of those types programs, I get this feeling that all the information on security is a moot point anyway, and just accept that some @$$hole somewhere someday will find a way to screw it up for the rest of us, so what is th difference at that point? Look out, I might actually order something and send a check in the mail to be safe

Sul.