Defensewall and Sanboxie

I saw some posts about this, but I would like to know how exactly you have install these great programs side by side for the most effective security? Example: What is trusted or untrusted? , C:\sandbox, or leave DW with default setting? Or run DW sandboxed? Or is there another way?

Thank you.

 

Never policy restrict a security application Rabiddog. IMO, best way to use these two together for avoiding redundancy (potential stability issues), is by simply letting DW untrust the sandbox.

/C.

 

Thats basically how I used them together.

 

Thanks for the information.
I saw on another forum that it was set up this way :

"Also, the concept of using SB and DW is very nice:
1. Sandbox all internet-facing applications
2. Configue DW to trust all internet-facing applications
3. Configure DW to untrust C:\Sandbox"

Does this sound correct?

 

I'd take a look though Kees1958 threads. He has lots of configurations using defensewall.

 

I have looked at many posts, but have not heard of a concise way to properly
set these two to work together at their maximum potential, with the least conflicts. Anyone?

 

If you look at it in terms of attack vectors ("drive-by-downloads") both cover a similar vector.

Personally I think sandboxie is the easier of the 2 to understand .

I would do this
1) Sandbox all internet-facing applications.

Then I would ask myself what do I want defensewall to cover ?
USB keys ?
Times I might forget to turn sandboxie on ( if using free version ) . ?

 

From what I read on DW's website, DW is sandboxing and virtualization in one. So wouldn't that make it a more secure program? Since Sandboxie is sandbox only? Sorry to get off topic.

USB and removable drives are not a concern to me. It's just one lonely computer attached to the internet.

 

That was you, nice to meet you.
I had Sandboxie configured to have all browsers and admuncher running in the sandbox, then installed Defensewall un-sandboxed with default settings and DW seemed to catch (put in untrusted mode) everything I "quick recovered".
Is your setup (1. Sandbox all internet-facing applications
2. Configue DW to trust all internet-facing applications
3. Configure DW to untrust C:\Sandbox")
more secure?

 

If you use this combo ;
What files would you save from the C\Sandbox , and mark as untrusted with DefenseWall ?

1)
If they are temp internet files ,would it not be easier just to delete the sandbox ?
2)
If its a file you mean to install , then don't you have to trust it manually in defensewall first ?

I don't see what Defensewall gives you extra ...

 

Probably it's not related, but, just to be sure and to eliminate any doubt, I'll ask:

If I have set Eraser to securely wipe the contents of a sandbox on closing of the sandboxed application, does making the sandbox untrusted (by DW) prevent in any way the secure deletion of the sandbox?

My expectation is that if Eraser is trusted it will wipe the sandbox anyway, regardless the sandbox being untrusted itself. Am I right?

 

Yes it does.

 

are you nuts yes DefenseWall will protect you in real time againts those file types ofcourse if they run as untrusted

 

I'd be interested to know if DefenceWall would protect against the image exploit.
Has anyone tested it against it ?

In my view , these sort of critical Microsoft exploits , can not really be prevented. As the jpg one involved a design mistake from windows 3.0
http://antivirus.about.com/od/virusdescriptions/a/wmfexploit_4.htm
its very hard to see how any security software would have been able to prevent something that worked in such an unexpected way.

Basically your asking the security developer X to have more insight into how MS works than anyone else .

 

Anything I have ever recovered from sandboxie(a sandbox) while using together with DefenseWall by using either immediate recovery or closing my browser then recovering the file, be it .jpg or otherwise have always remained untrusted unless I chose otherwise and manually change it.
I believe this is what you are referring to, correct?
Maybe something was conflicting with DW on your system in your testing?

 

Just tried again with immediate recovery as well as with recovering after closing my browser and again both times the .txt file remains untrusted.
I'd like to see where Ilya said this, perhaps you misunderstood him.

 

HI

if u are using DW to secure the invoked files from SB , u can also try "hide folder 2009" , by setting lets say "c:\my download " to "read only" and even add "hidden" to it , allow only trusted process to menage it (explorer.exe,firefox.exe).
so if a malware tries to to run from there after it been d/l and execute , it harm none.
also folders remain protected from any hacking attempts or malware infection.

cheers

 

Just did.
.txt file remains untrusted here.

 

That was me, and I'm now able to consistently reproduce it with any type of file. BUT, I think it's something strange in my setup that's behind the problem, so until I've done some more investigation I would say that this isn't a problem others are likely to see. But....I need to investigate some more and then contact Ilya if it is indeed something that needs fixing.

 

i can confirm that also , try DW on a clean no software installed VM , same poor dangerous and odd results as your sj1000

 

This is ball wrong. A true .txt file can't contain malware, if it is just an executable file with .txt extension- DefenseWall do cover this situation.

 

Ilya, cant wait to see the beta. If you can ever top that with 64 bit protection, you will be nominated for the Nobel Peace Prize as you will have gone full circle in creating protection.

 

Do you mean "all wrong"?

 

Just an FYI.

Ilya is on a short vacation in case no replies come back from your questions.

http://gladiator-antivirus.com/forum/index.php?showtopic=93152

 

Yeah, protection againt exploits / overflows is a thing that always puzzled me too.

Defensewall protects against them.............if an untrusted application is exploited?