Sandboxie Acquired by Invincea

I believe your thinking is right. In the Miscellaneous section, when I create a new sandbox I usually untick or leave unticked most settings there. I leave ticked the ones for lingering programs, block ports and exclusions for Immediate recovery. The only setting there that has to do with security is Block ports.

About the browser settings. In my view, the less you check there, the better off you are. I only allow out bookmarks. But I believe users should allow out via this settings whatever is needed for them to have a comfortable and convenient browsing session.

Bo

 

I've only found my IE sandbox helped by [+] Default list of Lingering Programs.
I don't Enable Immediate Recovery.
I only allow bookmarks and NoVirusThanks.
And, do not opt Direct Access to qWave driver since, not knowing why I need to.
And, do not opt Default list of blocked TCP/IP ports since, not knowing why I need to, what is Improved.


So, am I opening "hole" by not opting Default list of blocked TCP/IP ports.
Why BlockPort=137-139,445 & BlockPort=*,80,8080
I'll have to google > block outgoing communications on SMB/CIFS ports....and smbclient
(smb, over-my-pay-grade). Maybe, I should [+] Default list of blocked TCP/IP ports.

 

The setting is for blocking access to the Windows file sharing service. By not using the setting you are not opening a hole, the hole is already open. The setting closes the hole. I dont use that service at all, so for me, is a good restriccion to use.

Bo

 

Ahh, blocking access to Windows file sharing.
Yeah, I don't share with other users, or other devices.
Okay. I hear ya'. [+] Default list of blocked TCP/IP ports.
Thanks!

Edit: @bo elam
is this different block file sharing?

 

I also block file sharing via Control panel. My W7 is in Spanish but should be easy for you to figure out how to find in your PC by looking at the address bar in the picture.



Bo

 

I think your pic is activate detection of networks?

So, Default list of blocked TCP/IP ports is different than Block network files and folders?

 

I don't see Network discovery in my PC, picture. Perhaps is totally disabled or didn't come with it.

Bo

 

my high school spanish

 

Network discovery = Detección de redes

So both of you have equivalent pics. Bo has network discovery on, while bjm_ not.

 

You are right. It translates totally different but I can see now they are one and the same.

Bo

 

I deactivated/turned off Network discovery. We are on same page now .

Bo

 

and I've set [+] Default list of blocked TCP/IP ports, now .

 

and you can also remove smb1.0 in Program & Features, home users don't need it.

 

Removing smb v. 1.0 and disabling services (or fileshare) is much better solution. SBIE only block outgoing network requests and only for sandboxed applications. It won't block incoming connection requests and won't protect your system from infected computers in your network.

 

Where is that section (for an existing sandbox)?

 

@guest Can or should?

 

Personally, i would say "must"

 

By removing this protocol, wouldn't my three pcs home network will stop file sharing/network shares?

Sorry for the OT.

 

they would use smb3.0 by now

SMB1.0 is a legacy feature:

https://support.microsoft.com/en-us...r-2008-r2,-windows-8,-and-windows-server-2012

 

SMB1.0 is a legacy feature, we we have a couple of NAS drives that won't work without it. The nice thing is if you turn it off and things don't work, you can just turn it back on.

 

Navigate to:
Sandbox settings>Applications>Miscellaneous

Bo

 

SMB v1.0 removed on both win 7 / 8.1.

 

Sandboxie beta 5.19.4 has been released. This beta solves the messages Sandboxie users in W8 get after installing May's Windows update KB4019215.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=61&t=24329#p127601

Bo

 

Great, thanks for heads up

 

You are welcome, Minimalist. Beta works great in W7 32 bits.

Bo