Sanbox Integration

Discussion in 'Prevx Releases' started by Habakuck, Jul 1, 2009.

Thread Status:
Not open for further replies.
  1. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Hi everybody.

    I always run my FireFox sandboxed and did some settings to prevent malware from stealing account data and so on.
    In the default sandbox only FireFox is allowed to connect to the internet. FireFox is set as primary programm so all sandbox data is deleted if FireFox closes.

    My question is how to implement prevx into that default sandbox?


    kind regards
     
  2. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Why would you want Prevx in your sandbox?
     
  3. thathagat

    thathagat Guest

    i think he wants prevx to specifically scan the default sandbox contents...which prevx should be doing anyhow
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, Prevx will scan any code trying to run from the sandbox (if that's what you mean :))

    As for installing Prevx into a sandbox - that won't work (same with any security program/any program which requires a driver).
     
  5. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    PrevX works fine in the sandbox so far.

    If i try to execute the eicar.exe in the sandbox PrevX blocks the action.

    But if i want to do a right klick scan on an item witch is stored in the sandbox i get an error reply.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you describe what error you're receiving?
     
  7. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Yes, of course. Sry.

    The original error reply is gone: i allowed prevx to connect to the internet out of the sandbox. But it is not working fine anyway.

    If i try to do a context menu scan windows asks if the file should be executed!

    If i click "Yes" and allows to execute nothing happens. The file is not executed and it is not scanned.

    It is no real problem but if it is possible to get prevx run in the sandbox it would be great.
     
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    There's been talk of a sandbox type feature in Prevx. The Help file mentions a Secure Browser component, which is not yet implemented.

    How will this affect those who use Sandboxie or similar sandboxing software?
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It will be fully compatible and transparent on top of Sandboxie/other sandboxes.
     
  10. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Am I understanding correctly that I will be able to use the Safe Browsing feature while I am also running in Sandboxie? My only fear was that to use Secure Browsing I would have to disable/remove Sandboxie so if they are compatible that will be brilliant :)
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You'll be able to use both at the same time without needing to disable either :)
     
  12. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Very good! :)
     
  13. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    A quick question on this subject: should Prevx be alerting on executables run in a sandbox? I ask because I've done a test with a known fraudulent application, but get no alert in the sandbox, but I do when application is outside of the sandbox.
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've now heard two different stories on this... some people say Sandboxie does let us see into the sandbox and block execution. It might be worth hearing some other stories from other users, I personally haven't used any product all that much to give an accurate response :doubt:
     
  15. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
  17. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    It may be a setting I need to utilise in Sandboxie to make this work. I'm still pretty new to this program, and have it set at its default.

    Maybe ssj100 could advise seeing as he uses Sandboxie.
     
  18. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Further to my posts about Prevx not alerting within Sandboxie, it looks like something has changed and it is doing it now. I haven't altered anything, but testing execution of the eircar test file produces the following result when I click on 'Run Sandboxed':

    alerts.png

    I presume this is the expected behaviour of both programs.

    Not sure what has changed, but I did stop and restart protection in Prevx yesterday while testing something. I wouldn't have thought that made any difference, but there you go.

    I'll monitor this to see if it remains the same.
     
Thread Status:
Not open for further replies.