What is your security setup these days?

No, no assumptions. Over the years, this is a summary of some of what I learned about Software compatibility settings:

Software compatibility settings are designed by the people who develop Sandboxie to make programs work better along Sandboxie. Most of this settings work flawlessly the day they are introduced but at any time after, they can break. An update to SBIE or the other program can fix the incompatibility making the compatibility setting not needed anymore or break compatibility, and make the Software compatibility setting obsolete. To fix the now modified incompatibility, the setting require an update that might take months or years before they are done. Yes, I said years.

You know I love Sandboxie, right? Well, some people might think I have tunnel vision regarding SBIE but I am not blinded regarding the strengths and weaknesses of the program and maintaining the list of Software compatibility settings is one of its weakness. Those lists are loaded with old settings that haven't been updated in years. One example of that to prove my point, is Defense Wall. There is a setting for DW. DefenseWall was discontinued years ago, and that setting was old even when DW was still working. So, dont take for granted that the programs in the lists are automatically going to work with SBIE.

I know what I am going to write right now is gonna sound confusing but try to make sense of it.

The programs that get along the best with SBIE are either 1. Not in any list or 2. Are programs that are included in some lists but they work perfectly well along SBIE without enabling the settings.

Let me explain. For the ones that there are no settings and work great with SBIE (For example, Foxit, Libre Office), there have never been any Software compatibility settings designed for this programs because there has never been any need for them. This are programs that work perfect with SBIE with no need of workarounds, dont break SBIE or need special settings that require to open something in SBIE for them to work properly. For programs that work great along SBIE even without enabling existing Software compatibility settings (For example, 7Zip, Windows defender), they work great without enabling the settings perhaps because the incompatibility is/was minor, fixed as perhaps whatever they were supposed to fix, the fix is not needed anymore.

When you install Foxilt or Libre Office, there is no prompt from Sandboxe. If you turn Windows defender On in Windows 10, there is no prompt from Sandboxie. For 7Zip and Windows defender, you can ignore the Software compatibility settings. Programs that work best along Sandboxie fall under those 2 categories.

How about the programs that get along the worst with SBIE? Are they in any list? No, this are programs that dont have any Compatibility settings developed. Why? Because no settings in the World would get them working properly with SBIE without breaking SBIE or opening up too much in the sandbox.

So, how do we know what works best along Sandboxie? In my personal case, I find programs that work well with SBIE and dont switch. I dont use many programs but for the ones I installed (same I used in XP and W7), I dont have to use settings and for most of them, there are no settings.

Now, I am not using antivirus or anything like that but if I was, I would be using WD as I know it works great without opening anything in Sandboxie. No issue whatsoever and no need of any special setting. Nothing. You have ESET. As far as I know, ESET works very well with SBIE. Are the settings for ESET up to date? I don't know. Are they needed? I dont know. Perhaps they are good and help but perhaps they are doing nothing and can be disabled. To know that, you ll have to test, with and without them and see the results

If I was using other security programs along Sandboxie, what I would do is not rely in the lists and avoid programs that historically have conflicted with SBIE. Like, Kaspersky and Norton, they work today with this and that workaround and in 10 days compatibility is broken again, and a new workaround is needed. I don't want any of that. I would look for programs that have a good record with SBIE.

Bo

 

Sweet setup.

Am going crazy setting up a new Win 10 Pro. I'm on a second attempt It's an absolute horrible distribution IMHO by Microsoft in too many ways to even start on. Took better of a whole day just to dismiss that silly AI Cortuna. No need to bother this forum with the madness. Really feel for those people who dislike it to the core. Way too many interconnected processes that link to out and in again then do their dance seems like every other moment etc.

I dealt with the worse of viruses more manageable. Trying really hard to like Windows 10/Edge etc You see why my Avatar displays what it does. This 10 version should have been 9 so that they could refine and roll out a decent 10.

The AI might been ok. I am big AI enthusiast but too much Telemetry and transferring data ongoing defeats the purpose. But going to give a swing after a REFRESH.

I'm also going to give your layout a try. It seems much more tame and PRACTICAL.

 

My current security and privacy setup:

OS: Windows 7 x64
Built-in security: Standard User Account, User Account Control on max, various tweaks
Backup: Macrium Reflect (grandfather-father-son backup scheme)
Real-time anti-malware: Kaspersky Internet Security
On-demand scanners: Emsisoft Emergency Kit, Avira PC Cleaner
Browser: Firefox with uBlock Origin and cache on RamDisk
Banking: Safe Money (KIS)
Updates: SUMo
VPN: OpenVPN for Mullvad
Passwords: KeePass
Cleaners: CCleaner, Privazer
Encryption: VeraCrypt
Virtualization: VirtualBox
Anonymity: Tor Browser
Other tools: Autoruns, Process Explorer, Recuva

 

TH.

 

Windows XP Home (My PC)
Windows Firewall
Google DNS
PsExec
DEP Always ON
Trick POSReady 2009
Black Viper's List
No NET Installed
No Java
No Flash I.E.8
SMB Protocol Disabled
MBAE Premium
OSArmor

Firefox ESR - Custom Setting About:Config

UBO
NoScript
Canvas Defender
No Resource URI Leak
Super Start Speed Dial

New Moon - Custom Setting About:config

UBO
UBO Updater
NoScript
Super Start Speed Dial
Open About:Config

Basilisk52 - Custom Setting About:config

UBO
NoScript
No Resource URI Leak
Super Start Speed Dial

 

I was asking if your statements were based on evidence such as information from the developers or a testing method that could gauge a program's compatibility with Sandboxie. That would be good to know. But it seems that we are both doing pretty much the same thing. If the program works, keep it. When it doesn't, don't use it. I do that for programs both inside and outside of Sandboxie's compatibility list.

 

I made a lot of statements but basically all of them were about software that's included in the Software compatibility settings lists. Summarizing, I basically said: 1. Its not a given that software thats included in a list is compatible with Sandboxie and 2. You cant rely on the lists as many settings in there are old and dont work anymore. I think you want evidence to back that up, right?

Here:

Norton has settings and is listed.



A recent statement from Barb@invincea about Norton.

https://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=25428&p#p132332

Thats evidence, as hard as it comes.

About "a testing method that could gauge a program's compatibility with Sandboxie." There is really none. But the lesser amount of security programs you use, the better the chances that you wont have problems running successfully most software under SBIE. If you use 4 security software and I only use SBIE, my chances are a lot better than yours that I wont have a problem. In my case, Sandboxed programs open faster and the sandbox gets deleted immediately when I close the sandboxed program. No delays. But if you use 3/4 security software's, your sandbox might take 10/20 seconds to delete. If it takes a minute, you blame SBIE but is not Sandboxies fault, its your fault for using too much security. So, you have to test, read other peoples posts about their experiences on what works well and what doesn't, thats what I do. And when I find something that works, I stick with it.

Bo

 

Windows 10 x64 FCU Home Built-in security (02/04/201

Machine hardening:
- BIOS Password

System Hardening:
- SUA
- UAC Max with credentials prompts.
- Smartscreen set to warn.
- Deny elevation of unsigned executables.
- Windows Defender: customized via ConfigureDefender with High Setting
- Powershell scripts disabled
- Windows Features removed: Internet Explorer, XPS; SMB, Powershell, Legacy Features, Media Features, etc...
- several services disabled.

Network Hardening
- Windows Firewall with customized settings : all profile's connections blocked + disabled/added rules, using Binisoft WFC (see below) for fast rules creation.
- IPv6, homegroup, tunneling, -related features removed/disabled.
- Simple DNSCrypt

Privacy Hardening: (for the fun)
- unused Win10 setting related to privacy disabled.
- O&O Shutup 10: customized settings
- Softether VPN with VPNgate.

Browser
- Chrome x64 with various security tweaks (Appcontainer enabled, etc...)

3rd Party Security Softs:
In all machines:
- AppGuard v6 beta: set on Lockdown Mode + personal tweaks
- NVT OSArmor: almost all options in Advanced Settings are ticked.
- NVT Syshardener (portable): most options ticked.
- Adguard for Desktop: Custom filters + "stealth" features enabled.
- Binisoft Windows Firewall Control v5.3 (registered): Medium filtering + Secure Rules

In some machines (see my signature):
- ReHIPS v2.3: set on Lockdown Mode with customized settings
- NVT ExeRadarPro v4: set on Lockdown Mode with customized settings
- Sandboxie v5.24: set with customized settings

System Recovery
All machines
- Windows Backup.

In some machines:
- Rollback RX
- Macrium Reflect (paid)

 

Nice .

Been meaning to try NVT SysHardener ... and ConfigureDefender on my one WD-only machine.

 

Syshardener is cool stuff, basically it does all the manual tweaking i use to do before. Save lot of time.

 

NVT sure has been active. I'll load up Syshardener and see if I can figure it out and how it does on my Windows 7 x64 machine.

 

It seems that sometimes you can rely on Sandboxie's compatibility software list, and sometimes you can't.

Sandboxie closes in about a second with the programs I run.

 

Justenough, take care.

Bo

 

Thanks Bo, you too.

 

Removed Kaspersky Free for now as I have upgraded to Windows 10 1803; I want to see how the system runs with the new Memory integrity feature enabled. I've also installed Simple DNSCrypt.

 

Do you have any problem with that options?
On my PC that settings don't work, don't know why.



Is this connected to Secure Boot?

 

It depends on your hardware, from what I understand.

 

This is mine:
CPU: - Ryzen 5 1600
GPU: - Gigabyte RX 560 OC 4G
RAM: - G.Skill TridentZ 16GB DDR4 3200MHz
MBO: - ASRock AB350 Gaming ITX
SSD: - Crucial MX300 275GB M.2

No Secure Boot, no GPT (it's MBR) & no UEFI.

 

That pretty much covers your hardware but doesn't mention your security setup. Why post that in this thread when you could post here instead?

https://www.wilderssecurity.com/threads/brag-about-your-hardware-setup-here.368973/

 

his post is a reply to a previous post by @The Seeker

 

Gotcha!

 

I would like to know if anybody else, who is on v1803, have a problem with turning on Core isolation>Memory integrity or is it just me?

 

Best have a look here to see how your hardware matches up. Maybe run Coreinfo to check your CPU's capabilities.

 

Tnx, I download that Coreinfo, extract but when I run it it just open for sec cmd and close...

 

You need to open a command prompt and run it from there.