Sandboxie: Basic 5 min. refresher course plz

Discussion in 'sandboxing & virtualization' started by AaLF, Oct 9, 2013.

Thread Status:
Not open for further replies.
  1. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Had a torrid time with sandboxie last year eventually abandoning and again a trauma a little while ago when I tried to re-install. Anyways I've had a run-in with my Comodo FW so I've finally reformatted the drive and have installed Sandboxie. All's sweet again. Well actually there is one area of concern. Me. Could someone remind of some tweaks & settings for SB as a 'push-start' please?

    The setup is: Sandboxie + AppGuard 4 (medium) + Qihoo 360AV (low) + Win7 built-in FW.
     
  2. chris1341

    chris1341 Guest

    These 2 threads started on the basics of the file system and vitrualised environment (both excellently explained by Sully) might help you refresh your memory about what Sandboxie actually does and how it works. Always useful if you want to get the best out of it.

    https://www.wilderssecurity.com/showthread.php?t=333443

    https://www.wilderssecurity.com/showthread.php?t=333004

    As for the 'how to' then the SBIE help topics are always useful.

    http://www.sandboxie.com/index.php?HelpTopics

    I'm afraid I don't really know what 'push start' means but if its forcing apps to start Sandboxed you'll find it in the Help Topics

    Cheers
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    AaLF, in my opinion, for someone that just started using Sandboxie, it is best to use the program with default settings. I know you used SBIE before but it doesn't matter, treat yourself as a SBIE first time user and make changes to settings only when they make sense to you and for a reason. Take your time making changes, I honestly believe that this is the best advise I can give you. I see people get confused with the program all the time because they make changes to settings right away without knowing what they doing or why they doing them and when they start getting SBIE messages, they believe something is wrong when is not. Anyway, Sandboxies default settings sandbox in my opinion it is a real beauty, designed by Tzuk to be convenient and secure at the same time and perfect for first time users.

    When I first started using Sandboxie, there were four things that I wanted to know immediately after installing the program. 1) How to delete the sandbox, 2) How to save files, 3) How to save bookmarks and 4) How does my AV interacts with Sandboxie. So, the only settings that I changed almost immediately after I started using Sandboxie were the ones related to setting the sandbox to delete on closing and the ones related to setting my browsers to be able to save bookmarks and files out of the sandbox.

    To set the sandbox to delete on closing:

    Sandbox settings>Delete>Delete invocation, tick "Automatically delete contents of sandbox".

    To set the sandbox to allow the recovery of files:

    Sandbox settings>Recovery>Quick recovery

    There you can add the locations that you want SBIE to check for files before the sandbox gets deleted. To make Quick recovery work, you should set your browser to download to one of those locations or set it to Ask.

    Sandbox settings>Recovery>Immediate recovery

    If you leave "Immediate recovery" ticked, you ll get a prompt every time you download something. Personally, I am annoyed by the prompts so I untick the setting. That way, I recover files mannually when I want to or if I forget about them, Sandboxie reminds me before deleting the sandbox.

    To set the sandbox to allow browsers to retain bookmarks done under SBIE:

    Sandbox settings>Applications>Web browser, tick the option to Allow direct access to Favorites or bookmarks depending on the browser.

    Those are the only settings that I recommend you change right away. In my case, I think I started using restrictions in my default sandbox two or three weeks after I started using the program.

    To restrict programs from running in the sandbox:

    Sandbox settings>Restrictions>Start/Run access

    On default settings, all programs are allowed to start and run but if you want only certain programs to run, add them to the list. Once you add a program to the list, the sandbox becomes restricted and only the programs in the list are allowed Start/Run access. In my opinion, sandboxes must be comfortable to use so add all the programs that you normally use.

    To restrict internet access in the sandbox:

    Sandbox settings>Restrictions>Internet access

    I allow internet access only when its required. For example, browsers need to have internet access but Foxit, Libre office, WMP don't. So I allow Firefox to have access to the internet but I don't allow Foxit internet access in either my browsing sandbox or my Foxit sandbox. That is just an example but that how I use that setting.

    To enable Drop rights in the sandbox:

    Sandbox settings>Restrictions>Drop rights

    Tick the option "Drop rights from Administrators and power user groups". Ticking this option is not a bad idea since it will prevent programs that downloads into the sandbox from installing. This option together with the Start/Run access setting should pretty much keep anything that's not permitted to run from running or installing.

    Like most Sandboxie users, when I first started using the program, I started sandboxing my browsers and used one sandbox. Now, I sandbox just about every program and file that runs in my computer and use separate sandboxes for most programs. To get the most out of Sandboxie, takes time, you just have to be patient and learn the program as you go.

    Bo
     
    Last edited: Oct 9, 2013
  4. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    409
    Location:
    USA--Colorado
    As usual, the Sandboxie "king" (otherwise known as BO), has done a marvelous job explaining how to use Sandboxie. I have learned most, if not all, of what I know about Sandboxie from him. He really does know his stuff.

    For another good resource on Sandboxie, please check out the following article. It is really good for idiots like me or those who are not well-versed with Sandboxie:

    http://www.techsupportalert.com/content/introduction-and-quick-guide-sandboxie.htm
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I think this bears repeating. All programs are allowed Start/Run access by default.
    But as soon as a user selects one program, then all others are denied. Only selected program(s) are allowed to run.

    I believe that a user should address this as soon as possible.
    To be honest, this default arrangement (coupled with adding restrictions) does not strike me as an intuitive way to go about things, but to be even more honest, SBIE does not necessarily strike me as an intuitive program. It takes some getting used to, and then over time, a user begins to marvel at the power of the program. I have not (and would not) run any of my computers without Sandboxie for the last 3 years. I am very glad that I hung in there through the early days of WTF with SBIE. Many people experience no such learning curve with the program. I did.

    Another tip (not so much a tweak or setting) is to get in the habit of closing your sandboxed browser, then reopening it, before going to someplace sensitive. If you have set SBIE to delete on closing, you are then starting a new session, and a keylogger, for instance, will not be running in the sandbox.

    I like to say that Sandboxie is like paint... it covers a multitude of sins.

    Good luck, AaLF.
     
  6. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Thanks guys. As always you are a great bunch of gentlemen. :thumb:
     
  7. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    Great clear advice Bo.

    I've been using SBIE for years with just almost default settings, but thanks to your post I will start experimenting with Sandbox settings>Restrictions>Start/Run access & Sandbox settings>Restrictions>Internet access.

    Sandboxie will I guess popup those ticked messages SBIE1308 & SBIE1307 if something is missing from the allowed lists same way as a hips or a firewall software would do.

    EDIT:
    I just tested that. I had iexplore.exe not allowed in Start/Run and Sandboxie popped up SBIE1308 message. I needed to allow it and dllhost.exe, from SBIE's traditional HIPS part

    And I still had to allow them also in Internet access from SBIE1307, SBIE's sort of outgoing firewall part :)

    I of course removed them, no need for IE. Nice feature also to be able terminate dllhost.exe from Sandboxie's main window.
     
    Last edited: Oct 10, 2013
  8. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    A ton of great info posted already but I'll add my 2 cents. I have the paid version of Sandboxie and I like to force my browser sandboxed. This is useful for those times when your installing a program and it decides to open up your browser without asking.

    Sandbox settings>Program Start>Forced Programs

    To temporarily disable this feature go to File>Disable Forced Programs set the seconds and click ok. You can also right-click the system tray icon and left-click Disable Forced Programs.

    I normally set my downloads in my browser to go to my Downloads folder. I like to force this folder to run sandboxed in case I double-click on a download by accident before scanning. The file, folder or program can be copied or cut to another location when you need to use it.

    Sandbox settings>Program Start>Forced Folders

    If you have sensitive info on your computer you may want to block access to these areas from the sandbox. For example, I block access to all partitions on my 2nd HDD.

    Sandbox settings>Resource access>File access>Blocked access
     
  9. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    You make me want contribute to payed Sandboxie. I feel guilty just running the free version for tzuk's great program. It is many times, not just installing, that some software wants to launch Internet Explorer and not my default browser :)

    Last time it was my VPN software not sandboxed and not sure even if it is wise to sandbox it. It had some extras offered and i was curious to check that option. And bam IE was running on my computer unsandboxed when the payed SBIE would have prevented it to happen. Now the IE is taken care by the firewall though, blocked.

    Nothing more sinister with my VPN than an adult 40 years old model's web camming site or a blocked Skype video connection to her. If you all think why i was running a VPN lol :p

    I might have a need for the extra sandboxes too.
     
    Last edited: Oct 10, 2013
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  11. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    My re-entry to Sandboxie has not gone according to plan.

    We have now:SBoxie + existing: AppGuard + Qihoo 360 AV

    After install I added SB to Power Apps:
    SbieCtrl.exe
    sandboxierpcss.exe
    sandboxiedcomlaunch.exe
    sandboxiecrypto.exe

    Am getting the following Message
    "SBIE2322 Cannot rewrite Sandboxie.ini: [14 / 5]"


    On attempting to launch Default SB Browser:
    SBIE2335 Initialization failed for process SandboxieDcomLaunch.exe [33 / 5]
    SBIE2313 Could not execute SandboxieDcomLaunch.exe (5)
    SBIE2204 Cannot start sandboxed service DcomLaunch (5)
    SBIE2335 Initialization failed for process SandboxieDcomLaunch.exe [33 / 5]
    SBIE2313 Could not execute SandboxieDcomLaunch.exe (5)
    SBIE2204 Cannot start sandboxed service DcomLaunch (5)
    SBIE2335 Initialization failed for process SandboxieDcomLaunch.exe [33 / 5]
    SBIE2204 Cannot start sandboxed service RpcSs (-1)
    SBIE2313 Could not execute SandboxieDcomLaunch.exe (5)
    SBIE2204 Cannot start sandboxed service DcomLaunch (5)


    AppGuard has stopped 25 Suspicious activities

    10/11/13 03:27:14 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-3677770>.
    10/11/13 03:23:01 Prevented <MxUp> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
    10/11/13 03:23:00 Prevented process <MxUp> from writing to <c:\program files (x86)\maxthon\bin\mxuptool.exe>.
    10/11/13 03:23:00 Prevented <Maxthon Cloud Browser> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
    10/11/13 03:17:05 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-3069366>.
    10/11/13 03:06:57 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-2460946>.
    10/11/13 02:56:48 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-1852543>.
    10/11/13 02:53:02 Prevented <MxUp> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
    10/11/13 02:53:01 Prevented process <MxUp> from writing to <c:\program files (x86)\maxthon\bin\mxuptool.exe>.
    10/11/13 02:53:01 Prevented <Maxthon Cloud Browser> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
    10/11/13 02:46:40 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-1244139>.
    10/11/13 02:40:50 Prevented <Sandboxie Service> from reading memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:40:50 Prevented <Sandboxie Service> from writing to memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:40:39 Prevented <Sandboxie Service> from reading memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:40:39 Prevented <Sandboxie Service> from writing to memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:40:29 Prevented <Sandboxie Service> from reading memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:40:29 Prevented <Sandboxie Service> from writing to memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:36:32 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-635735>.
    10/11/13 02:34:28 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-512291>.
    10/11/13 02:34:18 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-502073>.
    10/11/13 02:34:08 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-492120>.
    10/11/13 02:32:52 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-415976>.
    10/11/13 02:31:10 Prevented process <Sandboxie Service> from writing to <c:\windows\sandboxie.tmp-314061>.
    10/11/13 02:28:10 Prevented <Sandboxie Service> from reading memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:28:10 Prevented <Sandboxie Service> from writing to memory of <Sandboxie COM Services (DCOM)>.
    10/11/13 02:26:44 Protection level is set to <medium>.
     
    Last edited: Oct 10, 2013
  12. chris1341

    chris1341 Guest

    Hi Aalf because your using AG4 you don't need power apps or memory guard exceptions anymore. Just remove the Sandboxie components from power apps and add C:\Sandbox to user space and your done. Pointed out how to do this and an alternative of moving the Sandboxie container to user space for you in this thread.

    https://www.wilderssecurity.com/showthread.php?t=353111

    Try that and let us know how you get on.

    Cheers
     
  13. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Hi Chris. The Power Apps add-ins were in response to:

    and its still happening. e.g. trying to add a 'download folder'.
     
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Hi Jarmo, I noticed dllhost attempts to run whenever I upload pictures to the internet or when uploading files to sites like Virus total. In my W7, I decided to allow dllhost Start/Run access but even if I don't, I am still able to continue doing what I am doing. So I can tell you that in a restricted browsing sandbox, you can keep dllhost off the allowed Start/Run programs list, if you want, and still continue doing what you were doing.
    Jarmo, the free version is only the tip of the iceberg of what can be done with Sandboxie.

    Bo
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I do all you mention here.:)

    Bo
     
  16. chris1341

    chris1341 Guest

    OK, that something new.

    Can you confirm you haven't added Sandboxie components to Guarded Apps? You had done that in the previous thread I mentioned. I ask because that would prevent Sandboxie from writing to its own .ini file which is stored in system space. It's what the logs you posted suggest is happening and make sense if you were adding a download folder to the config. If you have you should remove the SBIE components from Guarded Apps and try again.

    Can you post your guarded apps tab if you're not sure?

    Thanks
     
    Last edited by a moderator: Oct 10, 2013
  17. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Bingo. Sandboxie spotted loitering around the guarded apps section. SWAT team despatched to remove SB from the area.
     
  18. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    :thumb: I go through all the settings that you mentioned except I manually delete my sandbox (in case I accidentally close my browser) and I like immediate recovery. I also don't use drop rights as I'm running with my SUA.
     
  19. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    Got myself a 1 year license. It is worth to pay (15€+2.75€ VAT) still for sure and also adds support to the developer in a better more continuos way than the now abandoned lifetime license.

    Benefits:

    No more to wait 5 seconds ever.

    I made separate sandboxes for Firefox, Chrome, and IE. So if I feel unsure about the condition of one browser, Firefox or Chrome in my case, I can delete only it's sandbox. IE did not really need a sandbox, but I forced it also to start sandboxed always. And I guess it is also some sort of added security to keep IE constrained into it's own sandbox.

    Forced programs is an added security feature. One example was my unsandboxed yahoo messenger and going to check mail opened previously unsandboxed Firefox that could then be easily mistaken as being sandboxed for further surfing. So user can be more at easy with that sandboxed/unsandboxed thing.

    I will run Firefox also in DefaultBox because of the NoScript extension. It is not possible to have in the same sandbox one FF window with NoScript blocking things as it does by default and in another window it allowing all. 2 sandboxes solves out this kind of extension dilemma.

    I added also Downloads folder to Program Start/Forced Folders as innerpeace suggested. Tested, there was a pdf file and Acrobat reader was started sandboxed when i doubleclicked it.

    EDIT: I needed to add first the reader program by SBIE1308 hips popup. My firewall being Tinywall at the moment would have just silently blocked internet access, but Sandboxie told me that the Acrobat reader wanted also internet access by SBIE 1307. Denied it of course lol ;)

    EDIT2: I made also a sandbox called USB_drives to where I added Forced Folders E:\ F:\ G:\ H: . All programs can start sandboxed from USB sticks etc my external hard disk connected to those, but they are not allowed internet access.

    Which brings another question to having set quite a lot already and myself too lazy at the moment to go reading and as this is a refresher course etc learning thread. If I do a clean Sandboxie install in the future for a new version. Meaning i uninstall first, does that allow to leave remembered my sandboxes and their settings?

    I am currently running SBIE 4.04 and it seems not have any hiccups with Avast and TinyWall or on demand MBAM free on my Windows 7 64 bit home premium. Regarding Avast I have made the conflict changes as instructed on Sandboxie site.
     
    Last edited: Oct 12, 2013
  20. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Glad to see you're taking advantage of the paid feature Jarmo_P.

    This is the exact setup I put on my mother's computer.
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Congratulations Jarmo, now you know what Sandboxie in automatic is about.:)

    I block all programs from having access to the internet in my USB drive sandbox (like you doing now), I also like setting up my downloads sandbox that way.

    If you uninstall Sandboxie, you ll get the choice to save the settings. You can also copy the Sandboxie configurations file located in Windows>Sandboxie and save it. I don't remember ever having to do a "clean install" of Sandboxie. All you really have to do whenever you want to install a newer version of SBIE is run the installer over the top and that's it. You can even install an older version over the top.

    Bo
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I never knew such a thing was possible!
    Seems amazing. :thumb:
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I done it many times, going back and forth between betas and stable versions by running the installer over the top. I never update using the updater in Help>Check for updates and since I don't like updating anything automatically or getting prompts about updates, I disable the updater. I always update SBIE over the top. In the past, even before V4, I have tried betas, then gone back to the previous version this way. Never a problem.

    People that haven't tried V4 or the latest beta, can do so this way. Then go back to whatever old version they using if they don't like the new SBIE.

    Bo
     
  24. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Funny you should mention that.
    I can't get the updater setting to stick.
    I uncheck the box that says, "In the future, check for updates without asking", but no matter how I close it, it is checked once again upon reopening the SBIE control.

    This is in 4.05.12 64-bit and 32-bit both.
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Page:cool:, a long time ago, I clicked "Never" to check for updates and never get any prompts about updates in either of my computers. At this moment, I am on my XP, I took a look at the setting you mention above and it is ticked. I am seeing same behavior as you do after unticking it. But I don't get any prompts about new versions. Have you clicked on Never check for updates? If you have, do you get prompted when new stable versions are available and you haven't updated?

    Bo
     
Loading...
Thread Status:
Not open for further replies.