How can I make a game execute always in a Sandbox in Sandboxie?

Discussion in 'sandboxing & virtualization' started by constantine76, May 28, 2011.

Thread Status:
Not open for further replies.
  1. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    How can I make a game execute always in a Sandbox in Sandboxie?

    I had an idea to sandbox all the games that my nephews use to safeguard my sister's pc. You know kids and all but I am not successfully with it. The games won't launch and I have a pop-up that I have to have administrative priveledges. The sandbox has 'Drop My Rights' enabled and all internet activity blocked. The games that I am sandboxing are not on-line games but they have the dreaded AskToolbar which I have removed. The program(game) also has a built-in AskToolbasetup.exe which I blocked in the firewall.

    Now as temporay remedy I have place the games to "always-run-sandboxed" via CIS ver5.4 sandbox "Partially Limited" same with all the outgoing blocks to hinder it from calling home.

    Now I will be transferring her to Outpost Pro soon since my sister doesn't like CIS(says, it's difficult to understand etc, etc.) and it doesn't have a sandbox. So the temporary remedy needs to be fixed.

    I am not a gamer so I do not know things about it(I'm an outdoor enthusiast and all I play are Solitare, Chess, Billiards but very very seldom).

    The Sandbox is created and I don't know how to set it up for games. Can you guys help me towards a safe set-up? I don't want to disable Drop My Rights as of the moment...

    Can you guys help me out on this please?
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    With the paid version of SBIE you can create a list of forced executables.

    Without the paid version, create a folder with all shortcuts for every game in it, and each actually opens in SBIE. Remove or hide all the other shortcuts so they must go into that one folder to start any game.

    Quick and dirty, but isn't that what you wanted?

    There are other options, but this is the easiest I could think of for SBIE.

    Sul.
     
  3. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Hi,

    U can try to disable "drop my right", so the "administrative priveledge" error won't come out
    And alternatively u can install the game inside sandboxie, so all changes are kept within sandbox. (Including ask toolbar)
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Sandboxie without drop my rights is still pretty much bulletproof unlike Comodo. If you're on a 64-bit system, try the latest beta.

    How is Outpost Pro easier than Comodo? I wouldn't recommend someone another HIPS if she can't understand one.
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Sullys answer is your solution for that.
    Run the game executable on the sandbox that you created, leave settings
    on default, making sure Drop Rights is not enabled. If it is, the game wont
    install. You can keep Internet access blocked.

    Bo
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Are your games connecting to the internet?

    If not there's no real reason to sandbox. If so... you're probably still safe but at least it's understandable.
     
  7. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    -- I have the paid version of SBIE. Is this in the Program Start>Forced Programs..? I have placed the shortcuts earlier in a single folder. It would not run unless the Drop My Rights have been diabled. Will try it again.

    --Install in a Sandbox? How can I do that?


    --Well it was what she requested. Shehas used Outpost Pro for about 6 months from a promotional license I got.It kinda grew on her in that time. When I replaced it she often would complain about setting rules. Personally I like Comodo way of settings rules(presets and all) but since she will be the user and she asked for Outpost then OP it is for her. (Have not grew on her yet..got confused) On the HIPS pop-ups she doesn't mind that since she reads them all and if she doesn't know she denies/blocks it for safety.

    -- Yes I did that. Thanks. I have a question about it though below.

    --The programs call home often and this is a question in my mind, it runs full screen and may connect to the internet in the background without me/my sister/kids knowing. So I'd like place outgoing blocks for it but in SBIE I'll set the block in Restrictions>Internet Access but I see that FF still opens. Plus you know kids today. The eldest was watching me set it up earlier and she was asking a ton of questions already.

    -------

    I observe that when the kids finish playing and they 'exit' the game FF opens although there is a setting in Restrictions>Internet Access. A warning pop-up error(which I disregard) shows from SBIE that the game is not allowed internet access. Isn't it that if I block all internet access FF should not launch? Am I right on this? There is also an existing block for it in Comodo (Block TCP Out From Any To Any).

    Thanks for the help guys:)
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    If you trust the game, install it on your system and force it, using the
    forced programs setting. That way it will always open sandboxed. You
    don't need the shortcuts since you have a registered copy of SBIE and
    you can force the game to open sandboxed.
    You could also install the game in a sandbox created for that and save the
    sandbox, not deleting it after the game gets closed.
    Personally, I don't play any games or have any experience installing them
    but if I was going to install one, I would probably just install it on my real
    system and use the force programs feature. I don't like keeping sandboxes.

    Bo
     
  9. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Just run the game setup sandboxed
    Be sure that u don't delete the content after sandbox season is done
    To run the game, u must run it from the sandboxie.
    So it might not be practical for a child
     
  10. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I don't understand the worry exactly. Is it to not install toolbars? Is it to not let a game online? In either case, if the game is small, right click the setup.exe and choose "run sandboxed". Create a sandbox that has no outbound comms allowed. Recover the shortcut to the desktop. When the shortcut is run, it starts sandboxed with no outbound comms.

    If the game is large, maybe you want to install it to the real system. Then, in sandboxie, under forced programs, browse to the game.exe and put it in forced programs. Now when program is started, it is forced into sandboxie. Again, you can create a sandbox with no outbound comms just for this purpose.

    If you want to go beyond this, there are plenty of options. A simple one is to disable the nic and create a password protected script to enable it. This won't fool the tech savvy, but for kids it works until they figure it out.

    I haven't messed with parental controls much, maybe there is something in there. And too, maybe in the latest Outpost there are the options you need. You can deny executables outbound access using that easy enough.

    So many ways to approach this really...

    Sul.
     
  11. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    -- I did this one and it's working fine now.

    -- This is interesting but I do not know how to do this one. Definitely this is good for the eldest.


    -- It's mys sister's request that it be sandboxed or games be restricted. This is actually a new system The same kids broke the former to it's knees with games. Trojans and stuff etc. So she is restricting their usage now. For online they have to go out and rent and not the house pc.


    :)
     
Loading...
Thread Status:
Not open for further replies.