What is your security setup these days?

Yes, I've set it up out of the sandbox but Chrome still won't download to the desktop in Sandboxie. It's not a problem with Internet Explorer.

 

- removed Trusteer Rapport, it's the 4th BSOD in 3 weeks.
- disabled UAC: if i trust Chrome to protect me from "exploits in the wild" what do i need UAC for?
- tweaked the most dangerous attack vector; the one sitting 18 inches away from the monitor.

 

Wow BSODs. Thats worse than my issues with Rapport. I thought my issues were bad. I just freezing and crashing with both Chrome and IE9. I say good riddance.

 

Okay, then it seems to me that it can only be a matter of handling the download via Sandboxie and the Enable Immediate Recovery setting, which upon download, produces the Immediate Recovery dialog. Select the destination folder by clicking on "Recover to Any Folder", then browse to desired location.

That's what I would recommend.

 

Blue Screen Viewer said that a Rapport process and nkktrlpa.exe (or somesuch) could not live together.
this time, about 30 minutes ago, the BSOD was so severe Windows did not even generate a Minidump.

 

oh man..I had to give up trusteer earlier this week.. what are you planning on replacing it with?

 

Removing Mamutu. I may add it back in eventually.

EDIT: Just removed it.

Also set up a sandbox for CCCP Media Player. Removed sandbox from Comodo. Comodo is now only sandboxing two vaio services.

I'm keeping CIS installed for the cloud scanners, so that it can sandbox the two vaio services, for the firewall, and for Defense+.

 

LOL Hungry Man. Resist the urge to not install it back

 

nothing actually.
Trusteer was just a little extra security that i did not mind, until by computer started not liking it.

 

>_> as in install it back? lol

I'm finally taking my own advice. I've had my fun installing software and seeing how it works. I'm in school now =p I can learn there.

I think I might look at applocker. We will see.

 

Up to you my friend. Applocker is your friend hehehe.

 

Applocker sounds.... invasive =p I don't ever want to have to "toggle" my security on and off. But I would like to restrict some applications from being able to read/write to certain areas.

I don't want anything being able to access certain registry keys or files/folder that belong to my security software or browser or really anything that they don't need access to.

 

I don't toggle security off and on lol. I haven't turned off applocker since I started using it. I have no clue what you mean. If you are toggling applocker off and on then you don't have it setup correctly IMO. I'm not gonna convince you to use applocker. Either you do or you don't, but I'm happy using it.

 

Just moved my firewall alerts to Very High. Just to try it out...

What rules do you use for applocker? I basically want to block access to certain files/folder for all programs except the ones I say are ok.

 

My rules are specific to my laptop in a way. Here is one thread https://www.wilderssecurity.com/showthread.php?t=272761 way you can setup applocker, look at MrBrian's posts. I basically use wat's method which is essentially auto-generate rules for exe and scripts, use default rules for MSI and DLLs but also create specific rules for dll files needed to run as well. Best thing to do it setup your rules and then use audit only mode to see what files applocker says wouldn't run if the rules were enforced. You also ask wat aka the applocker troll and he will help ya I'm sure

 

Oh wow! when did you get sandboxie pro?

 

A few days ago. Liking it quite a bit. Still working out kinks.

So anyone know if I can basically restrict certain files from being written to except by specific programs?

 

create a sandbox specifically for "each program" and use the resource access settings per-sandbox.

or you could do this manually for every process (see screenshot):

 

I like that but what I'm trying to do is block EVERY program EXCEPT for one from accessing certain files/ folder.

For example: Comodo apparently stores some config files in userland. I want Comodo to be the only software to access them - perhaps CCleaner as well.

 

Can I run Chrome at LowIL without problems?

EDIT: I guess so... doing it now! haha

 

Just try it

 

Seems to be working fine.

Hm... I ran it but processexplorer shows it as medium.

 

Hungry you r having lot of fun with sandboxing my friend

 

Yes, definitely!

Very frustrated with Chrome though... I'm trying to set it to low integrity but it won't work.

 

are you running the broker and child processes with low integrity level?