Sandbox & Appguard: What a combo!

Discussion in 'other anti-malware software' started by apathy, Dec 11, 2011.

Thread Status:
Not open for further replies.
  1. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Sandboxie & Appguard: What a combo!

    Thanks to this great post I got them both to be nice to each other. Thanks guys! Firefox(Nightly) and Chromium work without a hitch in Appguard's Lockdown mode.

    I thought the only thing missing from Appguard was a decent virtual environment or a decent firewall and there's where sandboxie comes in.

    I've run many leaktests in Appguard and the only ones that come back as failed is because there is no way to stop those programs from accessing the internet.

    This combo should work nicely.
     
    Last edited: Dec 12, 2011
  2. operamail

    operamail Registered Member

    Joined:
    Sep 14, 2011
    Posts:
    254
    Great comb.:thumb: One compensate the other. I'm running sandboxie and defensewall here.
     
  3. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    good combo :thumb:.......I'm using sandboxie with wsa here.....love the explosive duo....hmm....actually a 3:blink: with mbam pro......
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    It's a fantastic combo,no doubts about that.
     
  5. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I've been using this combo for several months now and have generally been pleased. Right now I have an exception set up for the C:\Sandbox folder but have been considering relocating the sandbox folder to user space. It seems to me that this might actually be more secure; since there is no exception and if something were able to breach SB, AG would stop it. The bigger potential weak point is if you download something, recover it from your sandbox, and then reduce AG's protection to run/install the downloaded file and the file turns out to be malicious. I suppose in that instance you should try to install the file in a sandbox till you are sure it is safe.
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    You also can recover it to desktop prior to running it,Upload it or scan it with scanner of choices before executing it.Save it to desk and right click on and run it sandboxie anytoime you want until you feel its safe.
     
    Last edited: Dec 13, 2011
  7. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Looking forward to hear more about this. I have just added Sandbox to exceptions with read/write according djohns suggestions in my thread but dont understand if this means AG still protects my Sandboxed IE8 if something should breach through SB? I am not savvy enough to understand this.

    Best Regards
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I think its exlcuded from Appguards protection,But dont think you have much to worry about because AppGuard is your second layer of strong defense,epecially in lockdown mode.The method I suggested was suggested to me from KidShamrock to get SBIE and AppGuard to play nice together.
     
  9. asr

    asr Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    91
    Re: Sandboxie & Appguard: What a combo!

    Just wanted to add mention about sandbox/virtualization.
    I am running Avast Antivirus Pro, which I have the sandbox function whereas I have placed firefox in the visualization sandbox. Firefox has no-script running and Ghostery, Webrep along with facebook block. This along with SpyShelter has been a rock solid protection for me... oh yes running Windows Firewall
     
  10. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    So an IE session started from SB icon leaves no traces in AG log when I am set up with Sandbox in exceptions in AG. So how could AG be a second layer if something breaks SB? If breaking IE virtulization under SB - will AG recognize that same IE process being nonvirtual and lockdown its access as if that IE process aws started not sandboxed? That would be a weat security dream - or? If thats not possible - left with the question - which is safer SB or AG?

    Edit; If its the majoritys opinion that Sandbox folder in user space is the safer solution. Are you guys set up like that?

    Are you running SB in Experimental mode? Whats the worst that can happen since warning was "use at own risk".

    Best Regards
     
    Last edited: Dec 13, 2011
  11. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I've worked out all the kinks between AppGuard and Sandboxie. There's also Hitman Pro for my scanning. I stay in High(Protection Level) and everything is working perfectly.

    The great thing about this combination is that there is no real hit to your cpu/mem resources. I forget they are running sometimes. Both have a very light footprint. I love Defensewall but it does slow down.

    I need to backup the appguard settings file and the Sandboxie.ini as this is damn near bulletproof.
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Because AppGuard is still protecting the system from excutables.If malware jumps out and try to execute why wouldn't AppGuard sping into action and deny it.I would think its the same as trying to install with out a Sandbox browser.IMHO Sandboxie really doesn't need to be protected with Appguard,Sandboxie is strong enough with restrictions.

    AS far as 64bit I cant say whats the worst that can happen and I am 32bit anyways.
     
  13. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    I am nonsavvy. Isnt AppGuard protecting the system from malware trying to get in trough AG-guarded apps like IE, Outlook etc. So if SB is an exception from that guard and SB is breached how will AG pick that up when SB isnt restricted? Talking about Sandbox folder as an exception in Guarded Apps. The other setups I have read about - I dont yet understand what the difference would be.

    I would love a setup that is confirmed working so that AG steps in if SB is breached - a layered protection. I read tzuks comments, but I dont understand if anybody knows for sure how to set this up. There are many suggestions around. What I use now - Sandbox excepted under Guarded Apps) works fine and fast - thanks djohn - but is it a layered protection?

    Best Regards
     
  14. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I too use this combination and have relocated the sandbox folder to my data partition. This is partly so as not to have to make AppGuard folder exceptions and partly because, as I also use Shadow Defender, it avoids the double virtualization that would occur if the sandbox folder were located within the system partition.

    Regarding software installation, an on-demand AV/AM scanner can also help. Although not perfect, AV/AM software can still have a role to play as part of a layered defence.
     
Loading...
Thread Status:
Not open for further replies.