Random Sandboxie Questions that I have

1. What is the point of the "resource access" settings? Other than, deny, write only, and the allow settings, isn't everything read only anyway?

2. What entries do I need to add in order to beef up my security. What entries do you guys use for these settings?

3. When running a sandboxed browser, how do you guys scan a file you just downloaded? I think my options are:
-1. Open NON SANDBOXED explorer.exe and scan using NON SANDBOXED HitmanPro and VirusTotal Uploader
-2. Open sandboxed explorer.exe and scan using sandboxed HitmanPro
-3. Open sandboxed explorer.exe and scan using sandboxed HitmanPro and sandboxed VirusTotal Uploader in sandboxed Browser

The difference between choice 2 and 3 is whether I want to allow Firefox in my "File explorer and scanner" sandbox. If I do allow FF, I might as well just allow VirusTotal Uploader in my "Internet Browsing" sandbox. What do you guys think? Am I good with just HMP or should I use VirusTotal as well?

4. Does accessing the C:\Sandbox folder with an un sandboxed explorer pose any security risk? Say I wanted to scan my downloads in that folder with the context menu entry for HitmanPro, if I navigate to the file in this folder and scan it with HMP unsandboxed, can bad things happen?

 

If you enable the Read only setting on a file, you are allowing this file to be read by programs running in the sandbox but at the same time, the file will not suffer any changes in the sandbox. By default, sandboxed programs read files in your system and can make changes in the sandbox.

I don't have any scanners so I just keep running files sandboxed and never worry about it. Most of what I download are videos, they get downloaded to a forced folder where only a few programs are allowed to run. Also, most of the programs that I use are forced including my video player. I only concern myself with installs, for those I am extra careful, I never download to be installed anything suspicious or dubious. I always get the installer from the developer or File Hippo and upload the file to VT. Doing it like that works well for me.

In your case, if you are using a real time AV, as you download the file, it is scanned. If I was you, if it males you feel better, I would run HMP on the file after is recovered.

On #4, is not dangerous if you go to the C:\Sandbox folder and scan files that are in there. If you make a mistake and click on the wrong file, it will open sandboxed.

Bo

 

Ah ok, this all makes sense. Thanks for the reply. I actually like your approach of forcing your downloaded files; There are so many possibilities with Sandboxie. I'm planning on ditching any real time AV, so I want to make sure my scanning method is solid. I think I'm just going to do what I said in #4 and just navigate to the folder and scan it. Again, thanks for the help.

 

What I do in Resource Access is, instead of using Blocked Access on Folders that I don't want to be "showing" to any Program in the Sandbox, I use Write-Only Access. When you use this Setting, anything in the Sandbox that see's that Folder, it will look like that Folder is empty to it.

Ken:

 

Agree this is the most secure method, along with a forced downloads folder. It really depends on what you're downloading and how often you do it. If you're grabbing new files often the convenience factor may favor adding a program like VTHC or HMP to restrictions.

I have a few Firefox sandboxes depending on the type of browsing I plan on doing. A looser one where I allow VTHC, media player, bookmark changes, etc... all the way up to one where I allow FF only with not even the option for recovery or bookmark changes.