Sunbelt - What I wrote in post#521 applies to 4.6.1861 when it was paid, as well as to the current free 4.7.4 and 4.7.5. HIPS is mini hips - checks buffer overflow and executable code injections. The unchecked Behavior blocker in those filehippo shots (Compu KTed's filehippo link) is the parent-child thing. There is no registry protection, unless some invisible, related to applications. Oh, and some of their default rules illustrated on that site stink as much as Kerio's default rules
Does that RamDisk rely on images or files in locations cleaned by CCleaner? I haven't used CCleaner. Can you instruct it to ignore certain locations or files?
The delete command line for CCleaner is in Sandboxie settings and can be removed. I've set the sandbox container folder path to the mounted Ram Disk which is formatted to Fat32. I get a popup from CCleaner when sandbox session ends and have options there as well.
Also noticed this when browser session ends and want to log off. There is some delay. Forgot to unmount the RamDisk. Now no problem on log off.
Haven't tried this, but seems I need to create an image file in advance of adding a RAM disk. Looks like I just created a volatile disk. Flags selected are: (R) removeable: the disk is mounted as a removable disk. Windows will not create the Recycled or System Volume Information folders on the disk. It will also be possible to eject the disk via Windows Explorer’s context menu. (W) wipe: the memory allocated for the disk will be securely erased on dismounting the disk. This option is recommended if you have got sensitive data stored on the disk. Just wondering though if the Windows system partition is cloned in memory then there would be no need for Ramdisk or secure delete.
I haven't used this particular RamDisk software before. So far, this is what I've noticed. Regarding the warning about CCleaner, the RamDisk software does create files in the temp folder that remain in use for as long as the RamDisk is active. That location can be changed from the tools menu to one that CCleaner doesn't wipe. The image files are not necessary to create an empty RamDisk. They're used if you want contents created in the RamDisk on every reboot. SandBoxie will automatically create the sandbox on reboot. The System Volume Information folders are created by the system restore service. If you shut off the service or disable it for the RamDrive, the most it will create is an empty folder. It's not necessary to make the RamDrive removable. As for the recycle bin, that can be disabled as well. The RAM is very limited on my virtual systems. At the moment, I'm trying that RamDisk on the stripped 98/XP dual boot image which has 512MB. I've created a non-removable RamDrive of 100MB, FAT32, and configured the sandbox to use it. So far, it works as it should, no error messages, no shutdown issues.
I decided to not go with the image file(s) plus I ended up with some error in the program even after uninstalling CCleaner in my testing. CCleaner and Ramdisk program work fine together when I created an empty RamDisk. I just have to unmount the Ramdisk before logging off or I get the end program popup and a delay if I don't. The system is operating on 3GB of ram because more ram helped when running a VM. Would eventually like to strip the OS to barebones (more than it is) to reduce the attack surface. System Restore is disabled on all drives. A resource hog and unreliable IMO. Will continue to test and see how it goes.
After some further experimenting, I managed to duplicate the error you show in post 530. On my test unit, the wipe function of the RamDisk software caused this. It's apparently not getting enough time before Windows tries to dismount the sandbox. If you're also using the erase feature of SandBoxie, the RamDisks wipe component is unnecessary, duplicating what SandBoxie is already doing. While quite limited, my testing so far shows better results when using a RamDrive that loads at boot instead of loading at logon. With the later loading RamDrive, SandBoxie is trying to create folders in the RamDrive before it's mounted. Since this drive is a RamDrive, one quick pass with any erasing utility is more than sufficient.
You must be referring to the option in Ramdisk program. (add boot disk) I suppose I can turn off wipe memory on dismount or just stop CCleaner from deleting the sandbox. (3 passes - can be set lower) Mount as removable is still checked. Could also reduce size since I don't need much for the sandbox.
That's the option I'm having good results with. Wiping the sandbox when it's on a RamDisk isn't all that necessary. When the PC is powered down, everything in RAM disappears, including the RamDrive. If you are going to wipe it, one pass is plenty. The removable option doesn't really serve any purpose when the RamDrive is used for a sandbox.
Back with more results. Disks mounted on logon worked fine in testing. Unchecked ' Mount as Removable ' and ' Wipe Memory on Dismount ' . There is no more ' end program ' popup as you mentioned in your testing. Stuck with for now CCleaner deleting sandboxes. Tried the option ' Automatically Starting Applications ' and as soon as I log on to a user account the sandboxed browser is ready to go.
Well, success. With some precautionary undertakings I installed the HD as the primary slave in the XP Home computer. Managed to circumvent a potential issue with not being able to access BIOS because of unknown password. Windizz brought the HDD up just fine, though I got a dialog box saying I need to reboot for it to install drivers or something. I ignored that till I got all my files back. All partitions showed and I had NO permissions issues, and the IDE cable was an 80pin one allowing me to utilize the cable select option. I didn't even have to change jumper settings. All in all plain sailing for someone who hasn't installed Drives before. Got some work to do now rebuilding my desktop and setting up email again. I'm already missing my XP Pro . No group policy on XP Home. Mmmm I wonder if windows will let me boot from the XPPro drive. The hardware configuration is fairly close in respect to allowed changes before you have to re-activate. Im also missing excel.
Yes Right Yes the box is checked. You can only do this in the paid Version. Im on the Free. Right Now this is what I had trouble with a day or two ago. Between "Internet Access", and "Start/Run Access" I couldn't get things to work properly and I didn't have time to carry on with it. No matter what I did, IE was still able to access the net. Somethings not right for sure and rather than a band-aid approach, Im going to sort the spider rather than the web. What I'm inclined to do is just uninstall SBIE and then makes sure my default browser is FF...choke IE as much as possible...reinstall SBIE and see how I go. If I disliked IE before, guess how much now?
You can accomplish the same thing by changing the default handler settings in folder options>file types. A while back I posted a registry tweak that added DropMyRights to the context menu. I haven't tried it yet but I bet the same tweak can be modified to launch things in SandBoxie. If all else fails, make a backup image and give the trial version of XPLite a try. If I recall, even the trial version can remove IE.
Are you sure about that? Was a while back and thought I tried removing IE on the trial version and it didn't work. I could go and try it again to make sure I'm giving right info. Was in the process of rebuilding OS using nlite, but there is a lot of work and time using that program to remove Windows components. Still don't know if it can remove IE altogether.
I could download the trial version again and test it in the next few days. Been using the full version for some time so I could be wrong. A couple of things you might consider doing before you try it. Make backup copies of the system32 folder in a format that allows you to extract individual files. 7z archives work good. Some applications use IE components. Quite often, copying the specific file needed to the applications folder will solve the problem. I've never used nlite, no idea how it compares. XPLite looks very much like the Add/Remove components interface but with many, many more options.
I had a bit of time so I downloaded the trial version. You are right. Removing IE is restricted to the full version. I think I had the abilities of XPLite and 98Lite mixed up.
If you haven't already, check this. Go into Control Panel > Add or Remove Programs > Add/Remove Windows Components and make sure Internet Explorer is not checked. Did you also try this Sandboxie command for your desktop shortcut? "C:\Program Files\Sandboxie\Start.exe" c:\Program Files\Mozilla Firefox\firefox.exe // Put command line in the Target field under Shortcut tab.
KeyPer, thanks for your help. First, I only dealt with 1/2 your post further up. I have to do other things and I'll come back to that when I can. I'm not familiar with the command line. You need to give full precise step by step instructions for me to follow, but wait till I reread your post and I'll let you know then. I did uninstall then re-install SBXE and no. Same deal. Regarding your post just above, I just checked Add/Remove components and IE isn't checked. At a closer look at these 2 sections I am confused about how they interact. ( That is, Set program access defaults AND Add/Remove Windows Components) FOr example, if I enable/disable IE in that custom section of setting defaults, the IE shortcuts appear /disappear respectively and yet it says about access to those icons in the Add/Remove components. Confusing. Meantime, I've got to get Thunderbird up and running. Im NOT happy with how it tries to phone home and and how some of the feature creep is enabled by default. This is from an older Version 17 installer I pulled from my XP Pro install. I can't even begin to think how much worse it is now on what? 31 or something.
I think the Program Access and Defaults deals more with setting non-microsoft components although MS components are included and the Add/Remove Windows Components for example turning off IE browser. I believe though, your still able to run the browser. The radio button for Firefox when checked and then click OK does not stick, but 'use my current Web browser' setting and 'Enable Access to this program' are checked. (Set Program Access and Defaults > Custom) Under Non-Microsoft radio button (not checked) Web Browser: Firefox Enable Access: Firefox Remove Access: Internet Explorer // Should see these listed. You could check to see if Internet Explorer should check to see whether it is the default browser. Open Windows Registry to: HKEY_CLASSES_ROOT\http\shell\open\command (Default) // Do you see Firefox listed? HKEY_CLASSES_ROOT\https\shell\open\command (Default) // Do you see Firefox listed? Select the Internet Explorer should check to see whether it is the default browser option. Under IE6 that is found under Tools > Internet Options > Programs tab. // Don't select this option. // If your working with IE6 there could be a difference in how Windows handles the browser settings. I updated from IE6 to IE8 so keep that in mind. // If your planning on keeping IE6 on the OS you might consider locking it down further with a Software Restriction Policy. Just a thought.
Thanks for checking. Wanted to revisit XPlite again to take a closer look. Looks like the trial version will give you a list of what it can remove. (Hide Professional Options) Going through the list I noticed it will remove Windows 'Universal Plug and Play Device Host' service. Show Professional options list is what I'd be more interested in and what it removes. Also looks like it uses System Restore. System Restore is disabled as indicated by XPlite screenshot. Would there be any problems leaving it disabled and removing Windows components? Screenshot that follows after removing a component shows this. WFP was set, but I didn't reboot the machine and it still removed components. Should one first set WFP, (off or disabled?) reboot machine and then start removing components?
If the hardware is close, it might boot normally. The only thing you have to lose is some time. It might be difficult to find, but there is a utility called COA (Change of Address). If I recall right, it could transfer installs from PC to another. MS blew a gasket over this utility. It's not necessary that the image be of SP3. Both service packs 2 and 3 are downloadable as stand-alone installers. I've been using a Dell reinstallation CD that's SP1 and a key from the sticker on the PCs case to create starting points. It's worked on both physical PCs and VPC images. I put SP2 and SP3 on a separate ISO that VPC treats like a CD.
@Compu KTed I can put up screenshots of all of the options available on XPLite if you want. Regarding the restore point prompt, I wouldn't trust system restore. I'd make a full system backup with an external utility. Regarding the file protection, I'd shut it off before making major changes. Not sure if XPLite does this on an as-needed basis.
@noone_particular Thanks , but that won't be necessary. I checked TweakHound who did a review of XPlite and shows some screenshots. Used System Restore in the past, but for me it was to unreliable. Did current full system backup (bootable disc) so should be good to go. WFP your saying set it to ' off ' instead of ' disabled ' in settings then reboot machine and start making changes? Don't know why I would need Universal Plug and Play service so that hopefully should be safe to remove. Some minor components can be removed through the Add/Remove Windows Components.
