Discussion in 'other anti-malware software' started by Dregg Heda, Aug 17, 2009.
How can I configure OA paid to work seamlessly with DW and/or sbie? Thanks.
do you want run Online Armor + Defensewall+ Sandboxie ?
This is tooooooooooooo much !!!!
I used to use OA (paid) with DW HIPS, you can read about this here:
I have added Sandboxie & Defensewall to the OA exclusion list just for the sake of not having any clashes. I figure they can all manage themselves and do not need OA potentially hindering an action anywhere along the line.
In >> Options/Exclusions.
(also added Eraser folder to the OA exclusion list and the Sandboxie is a little bit quicker now with secure delete invocation )
I am just looking for ideas and suggestions on different possible combos with these products and how to configure them so that they dont conflict or diminish each others capabilities in anyway.
Thanks for that, Ill check it out!
EDIT: is there some reason why you stopped using OA?
Alright thanks for that K_C!
Out of curiosity do you have OA's HIPS component activated in addition to DW? And how do you use DW and sbie in conjunction with one another? Which one guards the browsers? DW?
You are welcome.
The main reason: OA doesn't support Windows 7 so far.
No, I switched OA's HIPS off - to use Defensewall's instead. For me, two HIPS churning away is overkill. I use(d) Sandboxie's policy scenarios to limit what can run (for browsers), of course it is up to you to define the policy. All that I allow to 1) run 2) access internet inside browser sandboxes are Foxit, and of course the browsers.
I use(d) Defenswall to alert if any application is; 1) trying to access anything running in the sandbox 2) attempt keylogging
It doesn't work all that smoothly, TBH. Here's a scenario that happened recently ... I ran Limewire whilst browsing with Firefox ... and Defensewall flags me; Limewire is attempting to access Firefox ... Defensewall doesn't allow you to deny Limewire, only terminate Limewire, or allow. So I created a rule with Sandboxie blocking Limewire a direct path to Firefox. I ran Limewire while browsing again, and Defensewall alerts me; Limewire is trying to access Foxit (Limewire is sneaky YES). So I had to add another rule to Limewire's to stop it.
Sandboxie is certainly powerful enough to create blocking rules ... I guess it's just more convenient, though, just using OA's HIPS, and with one click be done with the hassle. It would be nice if maybe Defensewall had a denial rule option rather than the limited options of terminate the offending application or allow. Maybe the new version will have a deny rule possibility also.
Apparently there are no conflicts using both OA's HIPS together with Defensewall. I guess you have to check and see if everything really does come to a crunching halt yourself.
Good luck with that
Is DW better at detecting key/screen logging than OA?
Edit: So you used sbie to deny limewire a path to firefox and then used OA to block limewire from accessing foxit? Do I have this right? How is this possible if you had OAs HIPS switched off? Ir did you switch it back on and disable DW instead?
I see. Thanks!
1st Question: I have no idea which is best ... but OA does have better information to the user in the form of an in depth explanation of what is happening and the risk factors involved with your choices. Plus there are more options available using OA's HIPS ... for example ... to create a denial rule, but still allow the program to function - just because an application gets flagged doesn't mean you want to terminate it completely.
DefenseWall is somewhat limited in the actions you can employ to an application - if for any reason it becomes flagged "suspicious" - Allow/Allow create rule or Terminate application; these are slightly limiting, IMO. To be able to Deny/Deny create rule would be also useful to have, also.
I was using just the OA firewall, yep. I used Sandboxie in both instances to block Limewire - adding Firefox and Foxit to the block file path rules for Limewire. Limewire is sneaky, but much of what I said up there ^^ means I had two options, allow or terminate ... So to get around terminating, but, to block the action, I did a lot of clicking and used Sandboxie.
I only use Limewire once a month or so, so a few illegal actions by it won't hurt too much (cough cough, here's me using Limewire to perform illegal downloading of music ... pot calling the kettle black and an all that)
Sandboxie's blocking power is very effective. The other day some Java quickstart plug-in thingy tried to run inside a restricted Firefox/Foxit sandbox and was terminated by Sandboxie. As long as you define a strict application start/internet access policy you shouldn't get anything unwanted slip through.
So here's how it looked for me ... OA as the firewall ... but disabled OA's HIPS element, and use Defensewall's HIPS to cover suspicious program actions. Defensewall worked ok for me with Sandboxie, so Sandboxie should be able to do its thing untroubled - if you have strong sandbox rules.
Hope that helps a bit.
Alright thanks for that K_C!
Having thought about it, I've decided to use OA paid with Sbie. How do I best configure these two apps to run together and not conflict with each other or limit each others protection?
Also if I am removing DW, what are the chances it has paralysed malware that will be able to execute once it has been removed. I havent yet installed OA. What is the best way of uninstalling DW safely and as cleanly as possible? Any tips?
in first sight you must configure Sandboxie with your needs.
my defaultbox hast limited rights and no internet, any other software compatibility
mode ist turned OFF to prevent write back data into the host system.
the other boxes can do some more but there is only trusted software in it.
in general - i dont use sandboxie to run my daily software in it.
any software which is regular used is installed and secure.
i use SB only for testing purpose for new software and some other strange apps.
so i have added the sandboxed folder(s) to the exclusion list in OA not to get
bored with some unnecessary messages.
If you want to run regular used software in the box you should drop that idea.
Some user run anything for paranoid in the box - just their needs.
BTW support forum for sandboxie - take the time to read it!
you will find all answers you need in the beginning.
Alright, Thanks for that BrummelChen!
Separate names with a comma.