Sandboxie Acquired by Invincea

Okay, so v5 beta. I'm v4.20 ....for now.

 

I think you should try 5.03.1. If you already installed update KB3087039, the one that broke SBIE in W8.1, you feedback can be helpful. 5.03.1 is supposed to have fixed the issue caused by installing the MS update.

Bo

 

Hmm, I'm still a week away from touching Windows Update. Usually, minimum two week wait.
KB3087039 reads like it's worth installing. Hmm, I'll pull v5.03.1 n' we'll see.

 

I have installed 5.03.1 and problem with Explorer runnning sandboxed is gone. I even didn't know I had this problem

 

Before installing 5.03.1 and after installing the MS update that broke SBIE, if you did not run explorer.exe sandboxed and only ran your browser in a sandbox, its reasonable that you did not notice that there was a problem. This issue affected W8, W8.1 and W10. Not W7 or earlier Windows versions.

If there was an issue, you would get a "The application was unable to start correctly....." message. It affected explorer.exe and a few other programs but I don't think browsers were affected at all. The issue is supposed to be fixed by installing 5.03.1.

Bo

 

I usually take my time installing Windows update. Not installing Optional updates and taking my time has worked for me very well. At the end, I end up installing ALL updates that are supposed to be important and never experience issues after I install them.

If I was in W8.1 like you are, I would install SBIE 5.03.1 and after using this version for a couple of days and not noticing any new issues of any kind that you are not experiencing with 4.20, then I would install KB3087039. I would also not install at the same time any other Windows update when installing this update. And then run explorer.exe sandboxed to make sure all is well as it should be.

Bo

 

Hmm, I tried explorer.exe > Run Sandboxed once with unexpected black screen and shadowed non responsive taskbar.
Did ctrl alt del to get menu access to Task Manager to end sandboxie.

 

Hi bjm, that don't sound good. Try running your Downloads folder in a sandbox where all programs are allowed to run. Also, if you are using Sandboxies paid version and you force your USB drives, plug a flash drive and see the results. And, right click Windows explorer, and choose to run it sandboxed in a sandbox where all programs can run.

If you installed the Windows update and SBIE 5.03.1, explorer.exe should run fine in the examples above.

Bo

 

Bo,
Okay, v4.20. I can run File Explorer in Testbox with only Restriction = Internet Access.
So, I'll see what happens with KB3087039. Although, I also would have not noticed a problem because File Explorer sandbox'd in not my norm.
Do you run explorer sandbox'd as isolation/security.

 

I run a sandboxed Windows explorer for three specific purposes. 1. To navigate to any file that I download that I am not 100% sure what it is, 2. To open any picture JPG that I download from the internet, and 3. Sometimes when I want to change something in the system, the change can be tested using a sandboxed Windows explorer.

If you are going to sandbox explorer, you can do it by right clicking the normal Windows explorer or to make it easier, you can create a new dedicated sandbox for Windows explorer, and then create a sandboxed shortcut for it, setting up explorer to run in the dedicated sandbox. Warning: You do not want to Force Windows explorer. Doing it can create problems. Using the sandboxed shortcut for Windows explorer makes it convenient to run one. Using a sandboxed explorer is probably the safest way to run any file using SBIE. If you navigate to a file using one, there's nothing that will not run sandboxed.

Bo

 

Well, downloads via sandbox'd browser eg: file, jpg are scanned by security and mal detect are either quarantined before getting to sandbox or quarantined out of browser sandbox. I've observed both. Or, safe flag allowed to rest in browser sandbox until recovery. I keep security at aggressive. I used to files quarantined. Security presents SHA for second opinion by aggregate engines. All before file recovers from sandbox.
Imagine, I'd setup new dedicated explorer sandbox same as browser sandbox with Quick Recovery folders.

 

I don't use scanners of any kind. So, for me, running all downloads sandboxed for as long as they remain in my computers is the right thing to do. But even if I had scanners, they can not protect against Zero day threats. Even for you, with a few scanners installed in your computer, that makes it a good reason to sandbox files for their life. IMO.

Sure, thats what you do. Thats what I do. When I need to use the sandboxed explorer, I click in the sandboxed shortcut and explorer runs sandboxed automatically, in its own dedicated sandbox thats set up according to what I usually do when I want to use one. Its very convenient and a very secure way of running files. But like I told you earlier, I use the sandboxed explorer for very specific purposes. Having the sandboxed shortcut in my taskbar makes it convenient when I want to run one, with one click, it runs.

Bo

 

New beta, 5.03.2 is out now.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=53&t=21354#p110484

This beta fixes the problem described below. I never experienced it but I guess it affects some users. Probably this is a W10 kind of issue only.
http://forums.sandboxie.com/phpBB3/...&sid=5727b1167806ee4447ec988fdb6e1cec#p113572

So, if you are seeing messages like the ones in the picture attached to that post, this beta should get rid of them.

Bo

 

Yes, I'm aware you're a sandboxie purist. Trying to imagin sandbox files for their life. Can you give me an example of a sandbox file for life. Are we talking third party known programs.

Only one real time security. Second opinion before sandbox recover would be aggregate report eg: VirusTotal. I'd rather thwart unknowns at the browser. To wit SBIE. I'll scrutinize known before they come on-board and unknowns. Hope they'll get dumped. Once in awhile I'll run new program in testbox.

Hmm, dedicated with shortcut. What kinda' file is limited to running in explorer sandbox.

 

All kind of files, bjm. But I ll give you a few examples: If you and I do business, when you send me an order in an Excel sheet, when I click on the XLS file, it runs sandboxed automatically. If I make changes to it, like adding your price or making a comment, I ll do it sandboxed and then recover the modified XLS file. And later, I send it back to you.

I get many catalogs in PDF format. Any of the ones that I save, are going to run sandboxed whenever they run in my computer. I don't care where they came from or how long they ll been in my computers, if they are going to run, they are going to run sandboxed until I delete them. Thats the rule.

I do the same with any file any that gets created in my computer. Is easy, I mean, you click on a file and the file runs sandboxed automatically. Theres not much thinking about doing that, there is no inconvenience either. When I open files, they take the same amount of time to open than if they were not running sandboxed. Remember, I don't have any AV or anti anything interfering with sandboxed programs. So, they run perfectly when they run in my computers. I run files and programs like we normally run them without Sandboxie, thats how ot feels. The big difference is that when I run them, they always run under Sandboxies supervision.

About CCleaner. Thats one program that you have to trust. Running it sandboxed has never crossed my mind.

Look at the picture, you ll get an idea of what I allow to run in the Windows explorer sandbox of this computer. In my other computer, the programs that I allow are totally different. If you are going to make a Windows explorer sandbox, tailor it according to what you are going to use the sandbox for.


Bo

 

Hi Bo. I stick to a similar approach but in my case I use OpenFilePath setting as I don't want to take risks if I forget to recover the file before closing the browser:
OpenFilePath=chrome.exe,%Personal%\Desktop\

This way I download the file in the desktop, double click on it and excel is a forced program to run sandboxed, the file opens sandboxed then edit it and finally I click "Save" button, done. No need to make use of recover function because I could easily forget to use it lol
And just like you the file remains in my computer undetermined time then delete it when needed, if needed again it always run sandboxed. I do the same for word, ppoint, pdf files, etc.

 

Looks secure and convenient, Mr X. Perfect balance.

Bo

 

Thanks bo elam and Mister X,
I'll be first to admit. I do not maximize sandboxie potential.
I don't run a business nor work in Office documents. I don't even have an Office style program on my everyday machine. I have a default box, testbox and WMP box along with browser boxes.
Note: certainly food for thought. Much appreciation!

 

Hi bjm, you don't work in Office documents but you have a wife, don't you? All wives share power point documents. My wife gets at least one of them every day that no one knows where it originated from. And if she likes what is about, she then sends it to one of her other friends. This is an everyday kind of thing. Thankfully, she knows the danger involved in sharing power point documents and also knows that for security, they can not be run unsandboxed in our computers.

I think you have a license, bjm. If you do, the one box that I strongly suggest you get used to using is one for USB drives. After creating a sandbox that you can call USB drives, you force your USB folders in Sandbox settings. After you do that, whenever a flash drive is inserted in your PC, your USB folder pops up open automatically using a sandboxed version of Windows explorer. Anything that runs automatically or on demand from the flash drive, its gonna run sandboxed. Thats great protection, I think forcing USB folders and the Downloads folders is a great way for maximizing the use of SBIE.

Even people that don't have Sandboxies paid version could run their USB drives or Downloads folder sandboxed if they want to. For them, the sandboxed Windows explorer comes handy here as it can be used for navigating to the flash drive or the Downloads folder.

Bo

 

More fixes for SBIE 1406. Beta 5.03.3 has been released.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=53&t=21354#p110484

Bo

 

Feeling brave and inspired by the above posts, I am trying to run Microsoft Word and Excel in Sandboxie so I have added both as Forced programs.
Word works OK.
But when I double click on an Excel (.xls) file the file isn't opened and I get an error message:
"There was a problem while sending the command to the program"
Any ideas what might be wrong?

 

SOLUTION 1:

1. Open the Microsoft Office program and open its Options window. Click on Office ORB or FILE menu present in the ribbon and then click on Options.

2. Now go to Advanced tab and scroll down to bottom. You'll find "Ignore other applications that use Dynamic Data Exchange (DDE)" option present in General section.

http://media.askvg.com/articles/images5/Ignore_Dynamic_Data_Exchange_DDE_Option.png

 

This is one of the reasons I stopped using Sandboxie, and I couldn't figure it out. I might go back to it seeing that you found a solution, thanks.

 

Well if that doesn't make it, there's more to try.
Besides if we can't find a definitive and direct solution you can always launch Excel in the first place then navigate and open your file and it works. Definitely not a solution but workaround, see I could never drop Sandboxie just because I can't sandbox an Office file, no way, I'll always try to find a solution or workaround but my Office files always run sandboxed whether they like it or not LOL