Question about sandboxie settings

Discussion in 'sandboxing & virtualization' started by JohnMult, Oct 16, 2012.

Thread Status:
Not open for further replies.
  1. JohnMult

    JohnMult Registered Member

    Joined:
    Mar 26, 2012
    Posts:
    104
    Location:
    Greece
    I use Sandboxie for surfing with chrome mainlly and i believe i am quite happy about it.
    My question is if I can add in Resource Access -- File Access -- Blocked Access the executables:
    1 taskmgr.exe (Task Manager)
    2 regedit.exe (Registry Editor)
    3 taskkill.exe (Task Killer)
    4 mmc.exe (Microsoft Management Console)
    5 wscript.exe (Windows Based Script Host)
    I have already added my "Panda Security" Folder and "My Documents"
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hi John, I have never block or set as read only any of the files you listed. Personally, I prefer to use the blocked access setting to block personal files and folders and use the read only setting for system files. Doing it like that, I don't get any messages from SBIE.

    You could test it yourself and see what happens. If I was you, I would test one or two at a time and see if SBIE works fine. If it doesn't, set the resources as read only. Blocking the My Documents folders is OK.

    Bo
     
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Why blocking these files?
    For further security?
     
  4. tomazyk

    tomazyk Guest

    I have blocked file access on my personal data only. I don't see much risk in reading access on those applications.
    If you don't want those apps to be run in sandbox, you can try to create a list of allowed apps in Start/Run access.
     
  5. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
  6. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Same here.
     
  7. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    I use Sandboxie in it's default setting and with experimental protection for 64 bit. Does it need any more strengthening if just mostly using as browser surfing?

    The only thing I have allowed is 'Allow direct access to Firefox bookmark and history database' and 'Allow direct access to Google Chrome bookmark and history database'. It used to be that only bookmarks needed to allow but it has changed into needing to allow also the surfing history, which is not so good IMO?
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    If I was using SBIE only for browsing, I would restrict the sandbox: allowing to run the browser and any program that I normally use while browsing, like for example, the Plugin container in Firefox or the PDF reader if its opened out of the browser. Also, I would only allow the browser to connect.

    You ask if a default settings sandbox needs to be restricted. In my honest opinion, no, but it is a nice feeling when you are browsing and you know that nothing but what you allow to run, can run. I mean, nothing in the background will do nothing. In the almost four years that I have been using SBIE, I have never seen anything that looks like malware attempt to run. Never. I credit that to Sandboxies Start/Run restrictions.

    Now, at the same time, I totally trust a default settings sandbox because most of the people that I know that are using Sandboxie, are using a default settings sandbox, they don't even know what restricting a sandbox is but don't get infected anymore. A couple of this friends always have their AV either disabled or not working but don't get infected. That kind of tells me that the default settings sandbox is working well for the average user.

    Restricted or not, Sandboxies sandbox is great, IMO.

    Bo
     
  9. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    I enabled the option to empty sandbox whenever I close chrome. Besides that everything else is in default settings.
     
Loading...
Thread Status:
Not open for further replies.