SandBoxie: Immediate Recovery Exclusions

Does anyone know why there are by default only these two file extensions excluded from immediate reovery? Why would there not be a lot more, especially those of common malware? Just curious.

 

I think it depends on what kind of user you are ... if you are a javascript developer it's kind of hard to exclude .js files on default.

Same goes for other extensions I think.

 

Okay thanks, but what about common malware extensions such as .vbs, .chm. hta and a bunch of others?

 

Well I am not 100% sure but I think they let it open for you to decide, it doesn't really matter since everything is still sandboxed unless you choose to save it.

.vbs = Visual Basic .. doesn't have to be malware

 

I guess the scenario I'm thinking of involves someone, whether deliberately or not, downloading an infected file(s). With common virus extensions excluded from Immediate Recovery, at least the recover option will not be automatically invoked if any of the file's extensions match those of the excluded, thus reducing the chance of infection because if the files did recover they are now no longer sandboxed.

Now I don't know if I'm making sense, because maybe I don't understand fully how this function works. I could be missing the boat entirely here

True.

 

Well I still think they did that deliberately.

Sandboxie isn't really for "novice" users, it isn't hard to get but the default settings work fine so no real need to add more extensions even if there's malware being contained in one of those files or malicious scripts (format C: lol).

 

I understand your point. But keep in mind that Quick Recovery and its spinoff Immediate Recovery are invoked only when, in the process of deleting a sandbox, there are files found in any of the Quick Recovery folders. By default the Quick Recovery folders are Desktop, Favorites and My Documents. http://www.sandboxie.com/index.php?RecoverySettings#quick
So your sandboxed session, i.e. your theoretical malware, would have to contain files in one of those three folders in order for Quick Recovery/Immediate Recovery to be invoked.

 

Firstly it depends on what folders you have listed, secondly if you never download something with any of the extensions listed at Immediate Recovery it will never be saved outside the sandbox.

 

Yes, but I have added a folder to Quick Recovery that I call "Downloads", where all my downloaded files go to. I suppose I'm just thinking of somewhat added security where mistakenly (or deliberately) downloading an infected file with an extension matching those that are excluded in Immediate recovery will not invoke the Quick recovery alert. Mostly I wonder why Tzuk includes only those two in the screenshot. otherwise I'm not concerned about it. This program is working brilliantly on my kid's computer so far

 

I think .part is a copy of any download which is saved if the download is interrupted and FF can take it up again from where it was interrupted.

The .part is auto deleted when the download completes.

So in effect you really don't want SB auto recovering any unfinished downloads.

Not really sure on that though?

 

"I think" <-- use that too often....

that he put those 2 in mere as example

but why would you mistakenly download a .js .vbs or any file? unless you visit weird sites that have actual links to those files .. but then again you would still get the "Save as" dialog

and EVEN if you save it you still have to execute it for the malware to become active so you can still delete it

 

No worries about myself doing this, though one never knows

Of course. It's just the point of keeping it off the drive in the first place is what I'm getting at.

 

well if you never use files with extensions such as .vbs or .js, then I would add those to the list just to make sure
but I think it will never happen in the first place XD since you have to appoint folders in Quick Recovery and only files saved in those folders are eligible.

 

Wat01114, you raise an interesting question in your opening post. Why not ask it in the Sandboxie's forum?

 

well the thing is

both are of incomplete downloads

.part = Firefox
.jc = Flashget

 

After some experimenting, I may have this figured out Let's say for the purpose of demonstrating, I don't want files with extension .exe to be downloaded to the default folder, in this case "Downloads. I ensure Downloads directory is excluded from the Quick Recovery section, I have the checkbox "Enable Immediate Recovery" checkbox enabled in the Immediate Recovery section, and add .exe file types in the "Excluded" window. This way even though I download a file with .exe extension, it does not land in the Downloads folder and I'm not alerted on it for recovery purposes when I close the sandbox or delete the contents.

This feature is working more or less the way I thought it would. Good news!

 

Good for setting up rules for example: kids using a computer

 

Exactly! Mine are pretty good and trustworthy now, but they are getting increasingly 'Net savvy and curious as they age

 

Wat0114,
I'm curious...when you download a file or program from the internet while sandboxed, what is your process?

 

Nothing out of the ordinary; select the file and save it to my default directory. I do realize this "Exclude from immediate recovery" feature is no great security feature, as all someone has to do is select one of the folders in the "Quick Recovery" to recover it, but for my purposes, it is fine for the short term at least.