Is the default SandboxIE enough?

Discussion in 'other anti-malware software' started by dja2k, Sep 11, 2007.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I am not that familiar with the rules for SandboxIE but I have been playing around with the settings and have managed to find some more rules to add....

    ClosedFilePath=!firefox.exe,\Device\Afd*
    ClosedFilePath=!firefox.exe,\Device\Tcp
    ClosedFilePath=!firefox.exe,\Device\Udp
    ClosedFilePath=!firefox.exe,\Device\RawIp


    I added those right after the default

    OpenKeyPath=firefox.exe,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla Firefox

    rule. I am only interested in being able to recover files I download to another drive, so that said, I only have the path to that download folder under the recovery options.

    Anyways, are the default rules plus those other four enough or have you SandboxIE users come up with some more?

    dja2k
     
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Some of the beta testers are having a look at some extra ini settings with plans ahead for Sandboxie being able to set these extra ini lines through it's gui.

    You could keep an eye on the "Anything Else" topics at Sandboxie's forum.

    Last page of a thread discussing those extra ini settings.
    Link
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    The only extra settings I have is to protect the My Documents area. I figure my firewall (OA) takes care of outbound.

    Pete
     
  4. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Yeah Pete I saw somewhere around here that you added a "ClosedFilePath" to the "My Documents" or something like that.

    dja2k
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    The exact line you need is

    ClosedFilePath=%Personal%

    Simple and effective.
     
  6. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Thanks again Pete

    dja2k
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA

    Thanks Franklin for giving me that information, it has been very helpful. I've learned how to secure the .ini file even more than default.

    dja2k
     
    Last edited: Sep 12, 2007
  8. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    Peter, can you please explain exactly what this accomplishes, where to enter it and if this is the exact entry less the quotation marks "ClosedFilePath=%Personal%"? Thank You!
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Ratchet


    Open the main window, and click on configuration. Then click on configuraton, and the click on edit configuration. Then copy and paste the line just as I typed it. After that close the txt file and click on reload configuation.

    ClosedFilePath=%Personal%

    What this does is block access to My Documents from with the then sandbox.
    If you download a file and specify a folder in the sandbox it will block it. Also see this screen shot. I opened windows explorer in the sandbox and clicked on My Documents. This prevents anything that might come to you via malicious download can't access anything in My Documents.

    Pete
     

    Attached Files:

  10. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    Got it, thank you!
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Doug Knox, the guru of windows tweaks via vbs * reg files fame, has a nifty little compiled tool that lets you RENAME My Documents/My Computer etc.

    I wonder if something as simple as a name change would throw an intrusion/spy off the track in the same way, or not.

    BTW, my thanks to for the tips on Sandboxie. I'm getting to really like this program more each day.
     
  12. 37morris8

    37morris8 Registered Member

    Joined:
    May 17, 2007
    Posts:
    7
    ============================================================
    no have a look at eEye.com mic got a fix for it if you got vista & word. IE7 not good may be Firefox better.
     
  13. 37morris8

    37morris8 Registered Member

    Joined:
    May 17, 2007
    Posts:
    7
    ============================================================
    no have a look at eEye.com mic got a fix for it if you got vista & word. IE7 not good may be Firefox better.PS I rename computer to PC ok so I give it a go
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    If you are running Sandboxie, why bother. Renaming it might mess something else up.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Well, having GREAT faith in Doug's experience with Windows, i went ahead against caution. I'm pleased to report there are absolutely no ill affects whatsoever.

    Being the Customizing fanatic i am coupled with my fierce distaste of $M's mockery of artistic values, or lack thereof themselves, i press on when it comes to decorating the screen. :cool:

    We can now SAFELY rename a few System Icons courtesy the tool and do away with the repetition.

    I haven't tested Sandboxie yet to see if it regards the name change but i suspect it will still consider My Documents as just that, and so on.
     
Loading...
Thread Status:
Not open for further replies.