What is your Sandboxie setup?

My Sandboxie setup is to simply run my default browser sandboxed.

 

Nice thread. Since I am semi new to Sandboxie I will have to carefully read these posts.

Great idea for a thread though man!

Cheers!

 

sweater..you did not include program files in your new configuration?
read only

 

I think there's no need to. Many even just use the free sandboxie version as "condom" to their browser when entering the cyberspace surfing. to avoid std...just kidding..I mean infections...and are happy, protected and nothing to worry about. The additional tweaks, changes and configs are just there to further enhance what was already made in there ....

I just remove program folders in the Read only Access...cause when I add Documents and Settings folder on that area my firefox browser didn't open sandboxed. whatever i do, pop-ups showed up again and again. I thought at first it was my firefox that has a problem, but then I realized that it just happens after I touch something in sandboxie settings. So checking it out, tried to remove documents and settings in the read only access box (someone mentioned that setting in other threads...) and put only instead my documents... and like magic everything works smoothly in an instant. firefox opens like a breeze. what a relief... ....

So to avoid possible "complications" ....(whatever), I just decided to also remove program folder in the Read Only Access...

And by the way, I just use free Sandboxie and only turn it on in manual mode. In other words, use it only when surfing the waves of the net... coz I don't find anything of value of this running all the time in the background unless I use it with other things.

I guess one of the big advantage of this protection program was that it can be switch to run only on manual mode. That is use it only when there's a need.

 

Fair enough.
Sandboxie has been pretty effective with default settings.

 

Seems to be for me. It, along with EMET, MBAM PRO and some common sense suits me just fine.

 

Added program locations (path) of AppGuard, MBAM, Hitman Pro and drive D to Blocked Access.

 

Awesome!
Simple, yet effective is the key...

 

Can someone explain this further? I honestly don't understand haha

 

By allowing direct access to a folder, like downloads folder, Sandboxie protection is bypassed as changes on that folder are allowed. If you allow direct access to your download folder, you ll be able to download without needing to invoke immediate or quick recovery. Personally, I prefer to use quick recovery and don't allow direct access to my downloads folder. My downloads folder is forced.

Bo

 

Oh I get what allowing access means. I mean the difference between direct and full.

 

Quoting m00nblood, "Downloaded files and installed programs inside that sandbox won't have access to the folder." I think in essence that is the big difference.

Bo

 

I don't really get what that means.

So...

like if I have a chrome.exe sandbox Chrome.exe can access something with direct access but uh... some file i download and run can't access it? just the main process?

 

I think it means that if you are browsing on your Chrome sandbox and malware gets downloaded while browsing, malware will have access to your download folder if you allow full access instead of direct access. Also if you install Firefox in your Chrome sandbox, then Firefox will also have access to your downloads folder if you have allowed full access.

Bo

 

I think I maybe get it... good enough I suppose. Thanks.

 

This is my sandboxie setup:
- Automatically delete sandbox when program closes
- Forced folders (e,f,g,h,i)
- Forced browsers (Chrome, IE, Firefox)
- Restricted access (Drop Rights)

It sounds too simple for me. Are there any things you would like to suggest to make my sandboxie aggressive, powerful and indestructible? Security setup is on my sig.

 

Don't make Sandoxie too aggressive or else you'll suffer the consequences ....example...Firefox couldn't access those block drives, folders when you want to send something on the net or something like that...firefox won't open when documents and setting folders are put in the Read only access...just like that.

Even, I guess, with just having AppGuard alone (haven't used this program, but I guess this is like DefenseWall HIPS?) ....could be good enough for ordinary surfers and then using sandboxie for browser protection. But it's up to you...

 

One thing I forgot to mention: I have "Automatically delete contents of sandbox" checked.

 

Question...

If I have word installed to a sandbox with only read access (default settings) and I double click test.txt in my */downloads/ folder will word be able to read to it? Will it know to open word? Will word be able to write to it?

What if I allow write access?



and sorry for all the questions =p I'd normally test this out myself but it won't work on Win8

 

AppGuard, Hitman Pro and Malwarebytes folders and my D drive are added to blocked access

Personal folders (downloads, documents, pictures) are read-only access

What do you think guys?

 

Word installed inside the sandbox wont change the file associations outside sandbox so double clicking documents outside sandbox won't open the Word installed inside the sandbox.

By default the Word won't touch the original doc outside the sandbox but it will create a virtualized modified doc inside your sandbox folder.

then it can modify the original doc

 

If I install word to the system but run it sandboxed will it be able to change the file associations?

thanks for the info so far

 

yes.
just install word to the system and force it to run inside sandboxie for convenience

 

Cool, thanks.

Where exactly are file associations stored/handled?

EDIT: I guess somewhere in the registry.

 

I don't know