Sandbox & Appguard: What a combo!

Sandboxie & Appguard: What a combo!

Thanks to this great post I got them both to be nice to each other. Thanks guys! Firefox(Nightly) and Chromium work without a hitch in Appguard's Lockdown mode.

I thought the only thing missing from Appguard was a decent virtual environment or a decent firewall and there's where sandboxie comes in.

I've run many leaktests in Appguard and the only ones that come back as failed is because there is no way to stop those programs from accessing the internet.

This combo should work nicely.

 

Great comb. One compensate the other. I'm running sandboxie and defensewall here.

 

good combo .......I'm using sandboxie with wsa here.....love the explosive duo....hmm....actually a 3 with mbam pro......

 

It's a fantastic combo,no doubts about that.

 

I've been using this combo for several months now and have generally been pleased. Right now I have an exception set up for the C:\Sandbox folder but have been considering relocating the sandbox folder to user space. It seems to me that this might actually be more secure; since there is no exception and if something were able to breach SB, AG would stop it. The bigger potential weak point is if you download something, recover it from your sandbox, and then reduce AG's protection to run/install the downloaded file and the file turns out to be malicious. I suppose in that instance you should try to install the file in a sandbox till you are sure it is safe.

 

You also can recover it to desktop prior to running it,Upload it or scan it with scanner of choices before executing it.Save it to desk and right click on and run it sandboxie anytoime you want until you feel its safe.

 

Looking forward to hear more about this. I have just added Sandbox to exceptions with read/write according djohns suggestions in my thread but dont understand if this means AG still protects my Sandboxed IE8 if something should breach through SB? I am not savvy enough to understand this.

Best Regards

 

I think its exlcuded from Appguards protection,But dont think you have much to worry about because AppGuard is your second layer of strong defense,epecially in lockdown mode.The method I suggested was suggested to me from KidShamrock to get SBIE and AppGuard to play nice together.

 

Re: Sandboxie & Appguard: What a combo!

Just wanted to add mention about sandbox/virtualization.
I am running Avast Antivirus Pro, which I have the sandbox function whereas I have placed firefox in the visualization sandbox. Firefox has no-script running and Ghostery, Webrep along with facebook block. This along with SpyShelter has been a rock solid protection for me... oh yes running Windows Firewall

 

So an IE session started from SB icon leaves no traces in AG log when I am set up with Sandbox in exceptions in AG. So how could AG be a second layer if something breaks SB? If breaking IE virtulization under SB - will AG recognize that same IE process being nonvirtual and lockdown its access as if that IE process aws started not sandboxed? That would be a weat security dream - or? If thats not possible - left with the question - which is safer SB or AG?

Edit; If its the majoritys opinion that Sandbox folder in user space is the safer solution. Are you guys set up like that?

Are you running SB in Experimental mode? Whats the worst that can happen since warning was "use at own risk".

Best Regards

 

I've worked out all the kinks between AppGuard and Sandboxie. There's also Hitman Pro for my scanning. I stay in High(Protection Level) and everything is working perfectly.

The great thing about this combination is that there is no real hit to your cpu/mem resources. I forget they are running sometimes. Both have a very light footprint. I love Defensewall but it does slow down.

I need to backup the appguard settings file and the Sandboxie.ini as this is damn near bulletproof.

 

Because AppGuard is still protecting the system from excutables.If malware jumps out and try to execute why wouldn't AppGuard sping into action and deny it.I would think its the same as trying to install with out a Sandbox browser.IMHO Sandboxie really doesn't need to be protected with Appguard,Sandboxie is strong enough with restrictions.

AS far as 64bit I cant say whats the worst that can happen and I am 32bit anyways.

 

I am nonsavvy. Isnt AppGuard protecting the system from malware trying to get in trough AG-guarded apps like IE, Outlook etc. So if SB is an exception from that guard and SB is breached how will AG pick that up when SB isnt restricted? Talking about Sandbox folder as an exception in Guarded Apps. The other setups I have read about - I dont yet understand what the difference would be.

I would love a setup that is confirmed working so that AG steps in if SB is breached - a layered protection. I read tzuks comments, but I dont understand if anybody knows for sure how to set this up. There are many suggestions around. What I use now - Sandbox excepted under Guarded Apps) works fine and fast - thanks djohn - but is it a layered protection?

Best Regards

 

I too use this combination and have relocated the sandbox folder to my data partition. This is partly so as not to have to make AppGuard folder exceptions and partly because, as I also use Shadow Defender, it avoids the double virtualization that would occur if the sandbox folder were located within the system partition.

Regarding software installation, an on-demand AV/AM scanner can also help. Although not perfect, AV/AM software can still have a role to play as part of a layered defence.