Set default PDF app to PDFXCView, and zip app to 7zip in Sandboxie?

Discussion in 'sandboxing & virtualization' started by HMP, Nov 10, 2019.

  1. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Hi,
    1. Default apps:
    .pdf:
    I want to open pdfs in my sandbox using PDFXCView. I've assigned it under file association outside sandboxie, but there is no entry on Default Programs to add it. In Sandboxie, there is no way to add PDFXCview in All Applications settings. But even if I add Adobe reader to a sandbox, pdfs still always load an unregistered version of Foxit Phantom Reader (which asks me to re-enter serial number), even though I've disabled Phantom as default pdf reader from within Phantom's settings outside Sandboxie.
    .zip:
    I want to open zip files within sandbox using 7zip, but even though I've seen 7zip as enabled in sandbox's applications with two dashes (--), every time I open zip files within sandbox, I see error 'cannot open the files as archive'.
    How can I resolve this?
    2. AV & AntiMalware Scans:
    What's the safest way to run scans on files downloaded into sandbox?
    Should I Explore Contents and run unsandboxed scan apps within sandboxed files?
    Or should I try to run Scan apps as sandboxed on files within same sandbox?
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi HMP, What you want to do is force Pdf-xchange-viewer and 7Zip to run sandoxed every time you click to open PDF files or Zip files.

    So, you need to go to Sandbox settings>Program start>Force programs, and add the executable of the program you want to Force.

    I also use 7Zip, in the case of 7 Zip, this is how the settings window should look after you make 7zip a Forced program.

    7zip.jpg

    In the case of Pdf-xchange-viewer, you do the same. Try using separate sandboxed for each program. Sandboxing/isolation works better that way as by doing it, it allows you to tailor sandbox settings for each sandbox according to the dedicated program.

    You add programs by clicking "Add program" (Look in picture above). After you do that click, the window belows opens up.

    2.jpg

    There you have 3 different ways that can be used to force programs. 1. If the exe of the program is written on the left of the screen, in the window of programs that were recently started, just click it, that will make the program forced. 2. Write the exes name where it says to enter the name, and 3. Search for the exe by clicking Open/Select File.

    Note: What you see in All applications has nothing to do with what you want to do. When you select a program from All applications what you are doing is enabling special settings for that program in the sandbox. Sometimes this settings are necessary and sometimes they don't do nothing. For example, in my 7 Zip sandbox, I don't enable those settings. I ignore them as I find they are not needed.

    Bo
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I missed this one. Regarding the AV scans. Some antivirus work better than others along SBIE. So, some will have no issue whatsoever scanning inside the sandbox folder. Others, might not scan at all within the sandbox. So, you have to play it by ear. You know how your AV works and behaves when it scans files and folders. If it works the same when it scans the sandboxed folder then that means is OK, otherwise then it might mean that there could be a conflict.

    Bo
     
  4. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Thanks, I set PDFxchange to run as forced program, but when I browse directories under Sandbox Control, and navigate to the pdf file, I right-click to 'run sandboxed' and it runs the corrupt version of Foxit Phantom Reader. Even if I run the parent folder sandboxed, then double click to launch the pdf file, it launches the corrupt version of Foxit Phantom Reader.
    How do I run pdf files from Sandboxie Control with the pdfxchange app?
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    First thing you want to do is set PDFxchange as your default PDF viewer. After that, when you click on a PDF, the PDF should automatically run sandboxed using PDFxchange in the sandbox where you set it it up to be a Forced program. You can also right click a file, and choose Run sandboxed. But you really dont need to do this with Forced programs.

    Forcing programs makes things automatic.Thats the purpose for forcing programs.

    Bo
     
  6. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    I understand, but in Default File Associations, .PDFs are already associated with pdfxcview. Why does it work un-sandboxed, but not sandboxed?
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Did you install PDF Viewer on your real system?
    png_2442.png
    Did you create PDFViewer sandbox?
    Did you force pdfxcview.exe in Sandboxie Settings?
    Did you force pdfxvwer.exe in Sandboxie Settings?
    Did you call PDF document?
    png_2438.png | png_2439.png | png_2449.png

    Edit: PDF Viewer Setup installed in Default sandbox.
    png_2446.png png_2447.png
     
    Last edited: Nov 11, 2019
  8. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Yes I did all 3. And regardless whether I set up PDFXCView to launch as forced program, pdfs only launch with Foxit Phantom.
    Additionally, I've noticed the icon disparity. When I click to save a pdf via my sandboxed browser, it shows the save as dialogue box with the PDFXCview icon next to it. And when I navigate to the saved file via Sandbox Control, it shows the PDFXCview icon.
    But if I open the file from sandbox control it launches Foxit Phantom. And if I launch the parent folder sandboxed, the file shows the Foxit Phantom icon and launches with Foxit Phantom. When I right click to open with, I tried navigating to pdfxcview.exe, but after confirming it, I couldn't see PDFXCview on the list of software to open with
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I made an Edit: to add
    Did you force pdfxvwer.exe in Sandboxie Settings?
    calling pdf from desktop, I need pdfxcview.exe & pdfxvwer.exe forced.

    RE: Foxit Phantom
    I don't have Foxit Phantom installed.

    png_2448.png

    RE: When I click to save a pdf via my sandboxed browser, [..]
    I save pdf downloads from browser sandbox to desktop.
    I open pdf in browser with browser pdf reader.

    We'll need user familiar with PDF Viewer and familiar with how you run pdf tools.

    I installed PDF Viewer just to test sandbox-ability.
    I can call pdf from desktop into PDF Viewer forced sandbox'd.
     
    Last edited: Nov 11, 2019
  10. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Tried adding pdfxvwr.exe to run as forced program, in sandbox. But no change.
    Called .pdf from Desktop un-sandboxed. It launched PDFXCView.
    Called same .pdf from un-sandboxed Desktop clicking to run sandboxed. It launched Foxit Phantom.
    *I've now noticed that if I don't enable Drop Admin Rights, PDFXCview runs sandboxed as expected, with/without being setup to run forced programs.
    However, if I setup sandboxed to Drop admin rights, .pdfs launch Foxit Phantom.
    But I need to have drop admin rights enabled.
    Any ideas?
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Test in new discrete Default sandbox....then maybe, try add Restrictions.
    I've only used 'Drop Rights' with my Firefox sandbox as habit, from years back.
    https://www.sandboxie.com/DropAdminRights
    I don't know what "Drop Rights" restricts in discrete PDX Viewer sandbox.
    I'm interested in viewing pdf from unknown source, sandbox'd and usually view pdf in default browser forced sandbox.
    Beyond simple viewing. IDK

    pdfxvwer.exe
    png_2451.png
     
    Last edited: Nov 11, 2019
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    That means you cant use Drop rights with PDFXCview. Sometimes Drop rights don't work well with some programs, this might be one of this type of cases.

    I just tested PDFXCview in a sandbox, it seems to work well with SBIE.

    The only exe you need to force is the one that appears running in the picture below.

    2.jpg


    Bo
     
  13. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Everything I said above, I tried both in isolation within a new sandbox and within existing sandboxes.
    But what I have in my sandbox setup is multiple firefoxes. If I download a malicious file, I'd want to contain it within the same sandbox as my general use firefox sandbox, and not interfere with my sensitive data freifox sandbox. So when testing files, I'd want them to launch within the general sandbox. I wouldn't want to force program the file because it would mean only one of my two firefox sandboxes would be able to open it, and that would be too restrictive.

    And does it work with Drop Rights enabled for you?
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, I didn't find pdfxvwer.exe.
    Sandboxie found pdfxvwer.exe.
    png_2451.png
    Initially, I only needed pdfxcview.exe.
    Then I called a pdf that did not open .. so, I went looking > Programs that were recently started.
    Since, Sandboxie found pdfxvwer.exe.
    I added pdfxvwer.exe.
    Then pdf that did not open....opened.
    $.02
     
    Last edited: Nov 11, 2019
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    When you force a program like your PDF Reader, as you click on PDF files, they open up sandboxed in the dedicated sandbox (the sandbox in which you set up the PDF Reader as a forced program).

    But, if you are running Firefox sandboxed, and you click to open a PDF while browsing, the PDF will run sandboxed in the sandbox you are running Firefox.

    Same thing with other programs, like EMail clients, for example if you click on a link, and Firefox is your default browser, Firefox will run in the sandbox you are using for running the EMail client. Or, if you open a PDF or Office file, they will also run in the email client sandbox.

    Regarding Drop rights. I installed the Reader in a sandbox. In my case, I was able to enable Drop rights without causing any issues.

    Sin título.jpg

    Bo
     
  16. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Are you talking about opening on the fly?
    Because I'm talking about saving through firefox and then launching it once saved, not clicking from firefox to launch immediately
     
  17. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    If you can launch pdfxcviewer with drop rights enabled, but I can't there must be a file association issue. Is there some registry hack I can perform to eliminate Foxit from loading? I tried uninstalling and re-installing but I need that program.
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    If you are navigating File/Windows Explorer and you click on a PDF, the PDF will run in the sandbox were you set the PDF Reader as a Forced program.

    That applies to the case of "saving through firefox and then launching it once saved, not clicking from firefox to launch immediately", the PDF should run in the sandbox were the Reader is set as a Forced program. Is this the way is working for you or not?

    Bo
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    What program you need?

    Sometimes Drop rights don't work well with some programs in some computers There is no good explanation why that happens, but it happens. If I was you, I would just forget about using DR with your PDF Reader. Is not really a big deal.

    Whenever I experienced some sort of file association issue in the past, and I had experienced that about 3 or 4 times during the past 15 years (maybe). It has always been with the PDF Reader (mine is Foxit portable) or whatever program I am using for Office.

    The way I fixed the issue has always been the same. I uninstall the programs (example. Whatever PDF Readers I have), reboot, run CCleaner registry cleaner, it usually finds a bunch of keys all pointing directly to the PDF Readers, clean them up, reinstall the Reader I want to use, and the file association issue gets fixed. You might want to try that if you have CCleaner.

    Bo
     
  20. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    After uninstalling & CCleaning Reg entries:
    Un-sandboxed: .pdfs launched PDXCView fine.
    Sandboxed with DMR enabled: no default enabled and 'open with' wouldn't show the PDFXCView option after I browsed to the exe. Even if I install SumatraPDF, I cannot load it as default, it shows up as the second option under 'open with' menu.
    I wish I could make it work.
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I dont understand what you mean when you say, "no default enabled and 'open with' wouldn't show the PDFXCView option after I browsed to the exe. Even if I install SumatraPDF, I cannot load it as default, it shows up as the second option under 'open with' menu." Can you explain.

    Keep things straight:

    The PDF Reader that opens your PDFs when you click on them to open when you are not running sandboxed, is the one that's gonna run sandboxed when you click on a PDF (this is what will happen if you set things up correctly by forcing the correct exe). The correct exe to force is the one that appears running in SBIE control in a picture I posted earlier.

    Regarding what program opens the PDFs, if things are working as they supposed to outside the sandbox, they should as well when running sandboxed. Things should work pretty much identically outside and inside the sandbox.

    You mention the option 'open with' a lot as well as opening PDFs via SBIE control, I really don't understand why you are doing that. Those steps are for Sandboxies free version, with the paid version (which now is free), you don't need to sandbox files manually. Sandboxing is automatic now, try doing things automatically.

    Also, remember what I told you yesterday, if things work properly for you without enabling Drop rights, then dont enable Drop rights. Sometimes Drop rights causes issue, this might be the case here. If DR dont work well with your PDF, there's nothing that can be done about it. Personally, I wouldn't put any mind on wondering why it doesn't. If it doesn't, it doesn't. :)

    Bo
     
  22. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Clarification: Right click to 'Open with'= When I download pdf via sandboxed browser, since running the pdf directly from sandbox control doesn't load my desired PDFXCView, but also notice that if I click run explorer sandboxed to find the file, which doesn't run PDFXCView when launched, so then I right click to 'open with' but unlike when running un-sanboxed, I have no options listed.
    All of this was done for diagnostic purposes.

    My goal for why I'm doing all of this is because I want to stay on Windows 7 as long as possible until I'm satisfied to move to Windows 10. I'm not ready and refuse to upgrade prematurely. So I'm creating a secure system to reduce the chances of being attacked by hack/ransom/malware. This is why I'm concerned about running sandbox without Drop Rights enabled. I hope you understand that I wouldn't go to this length of troubleshooting if it there wasn't an important reason behind it.
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    The Sandbox is the biggie in Sandboxie. Drop rights is just another notch of extra security.

    HMP, I am going to tell you what I always do when I set up sandboxes and hopefully that helps you. Whenever I am setting up a sandbox I try to restrict it as much as possible but without losing any usability. If I can use Drop rights, I use it, if I cant, I forget about it.

    Personally, I think huge about the default settings sandbox. I never seen anything break out of it. So, is nice to use DR, but I am confident enough of the power of the sandbox as it comes by default that I know using DR is not the make or break setting in Sandboxie. Besides, there are many other restrictions and settings you can use to tighten the security of the sandbox.

    So, I restrict it as much as possible but I never over restrict. And seems to me thats what you are doing here.

    This is what I recommend. If you want to use Drop rights. Get rid of all other PDF Readers you have installed in the computer. Till now I read you talking about 3 different PDF programs being in the computer- Personally, I think that's a bad idea as it can bring issues. And then install Foxit. I am suggesting to install Foxit because I know Foxit works nicely with SBIE and you should be able to use DR.

    Or, forget about DR and keep using what you are using as I believe according to what I understand you saying (things work as they are supposed to without enabling Drop rights). And:

    1. Use a separate sandbox for PDF Reader
    2. Restrict programs that are allowed to run in the sandbox.
    3. Dont allow any program to have internet access in the sandbox
    4. Protect your personal and sensitive files from being accessed by programs that run in the sandbox You block or hide them via Sandbox settings.

    Those 4 things on top of the sandbox will give you more than plenty protection.

    Bo
     
  24. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Okay thanks.
     
  25. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    23
    Location:
    UK
    Btw, Bo, have you managed to get an Antimalware or MBAM on a file launched through sandboxed explorer?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.