Sandboxie configuration discussion

Discussion in 'sandboxing & virtualization' started by Overkill, Jul 9, 2015.

  1. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    Hi guys, I think it would be very educational if we share our sbie ini configs and discuss how to's & etc.

    Here's my current ini config...




    [GlobalSettings]

    Template=a2AntiMalware
    Template=7zipShellEx
    Template=NOD32
    Template=OfficeLicensing
    ActivationPrompt=n

    [DefaultBox]

    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    Enabled=y

    [UserSettings_085C01A7]

    SbieCtrl_UserName=mike
    SbieCtrl_NextUpdateCheck=1436849103
    SbieCtrl_UpdateCheckNotify=y
    SbieCtrl_ShowWelcome=y
    SbieCtrl_HideWindowNotify=y
    SbieCtrl_WindowCoords=71,42,880,489
    SbieCtrl_ActiveView=40021
    SbieCtrl_AutoApplySettings=n
    SbieCtrl_SettingChangeNotify=y
    SbieCtrl_TerminateWarn=y
    SbieCtrl_ExplorerWarn=y
    BoxDisplayOrder=DefaultBox,Chrome,IE,FirefoxPortable,TixatiPortable,MiponyPortable,MPC,SumatraPDF,IrfanView,TeamViewer,WindowsExplorer,USBDrives
    SbieCtrl_HideMessage=2220,SandboxieDcomLaunch.exe [Chrome]
    SbieCtrl_BoxExpandedView=DefaultBox,IE,USBDrives,WindowsExplorer
    SbieCtrl_EnableLogonStart=y
    SbieCtrl_EnableAutoStart=y
    SbieCtrl_AddDesktopIcon=y
    SbieCtrl_AddQuickLaunchIcon=y
    SbieCtrl_AddContextMenu=y
    SbieCtrl_AddSendToMenu=y
    SbieCtrl_TerminateNotify=y
    SbieCtrl_ExplorerNotify=y
    SbieCtrl_EditConfNotify=y
    SbieCtrl_ReloadConfNotify=y
    SbieCtrl_ProcSettingsNotify=y
    SbieCtrl_ShortcutNotify=y
    SbieCtrl_ShouldDeleteNotify=y

    [Chrome]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=Chrome_Force
    Template=Chrome_Bookmarks_DirectAccess
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=D:
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,chrome.exe,dllhost.exe,cmd.exe,EGMonitor.exe,EagleGet.exe,explorer.exe,notepad.exe,WinRAR.exe,wermgr.exe,mpc-hc64.exe,rundll32.exe,i_view32.exe,SumatraPDF.exe
    ProcessGroup=<InternetAccess>,chrome.exe,dllhost.exe,EagleGet.exe,EGMonitor.exe
    NotifyStartRunAccessDenied=y
    DropAdminRights=y
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    ForceProcess=eagleget.exe
    ClosedIpcPath=!<StartRunAccess>,*

    [IE]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=IExplore_Favorites_RecoverFolder
    Template=IExplore_Favorites_DirectAccess
    Template=IExplore_Force
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,iexplore.exe,dllhost.exe,EagleGet.exe,EGMonitor.exe
    ProcessGroup=<InternetAccess>,iexplore.exe,dllhost.exe,EagleGet.exe
    NotifyStartRunAccessDenied=y
    DropAdminRights=y
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    ClosedIpcPath=!<StartRunAccess>,*

    [FirefoxPortable]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    ForceProcess=firefox.exe
    ForceProcess=firefo~1.exe
    ForceProcess=firefoxportable.exe
    NotifyInternetAccessDenied=y
    DropAdminRights=y
    ProcessGroup=<InternetAccess>,firefo~1.exe,firefox.exe,firefoxportable.exe,dllhost.exe
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices

    [USBDrives]

    Enabled=y
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=Chrome_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    BorderColor=#00FFFF,ttl
    ForceFolder=E:\
    ForceFolder=F:\
    ForceFolder=G:\
    ForceFolder=H:\
    ForceFolder=I:\
    ForceFolder=J:\
    ForceFolder=K:\
    ForceFolder=L:\
    ForceFolder=M:\
    ForceFolder=N:\
    ForceFolder=O:\
    ForceFolder=P:\
    ForceFolder=Q:\
    ForceFolder=R:\
    ForceFolder=S:\
    ForceFolder=T:\
    ForceFolder=U:\
    ForceFolder=V:\
    ForceFolder=W:\
    ForceFolder=X:\
    ForceFolder=Y:\
    ForceFolder=Z:\
    AutoDelete=y
    NeverDelete=n
    NotifyInternetAccessDenied=y
    NotifyStartRunAccessDenied=y
    DropAdminRights=y
    ClosedFilePath=InternetAccessDevices
    ClosedFilePath=D:\
    ClosedFilePath=\Device\Mup\

    [MPC]

    Enabled=y
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=Chrome_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    ForceProcess=mpc-hc64.exe
    NotifyInternetAccessDenied=y
    ClosedFilePath=InternetAccessDevices
    DropAdminRights=y
    NotifyStartRunAccessDenied=y
    ProcessGroup=<StartRunAccess>,mpc-hc64.exe
    ClosedIpcPath=!<StartRunAccess>,*

    [SumatraPDF]

    Enabled=y
    ConfigLevel=7
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    ForceProcess=sumatr~1.exe
    ForceProcess=sumatrapdf.exe
    NotifyInternetAccessDenied=y
    ClosedFilePath=InternetAccessDevices
    DropAdminRights=y
    NotifyStartRunAccessDenied=y
    ProcessGroup=<StartRunAccess>,sumatrapdf.exe,sumatr~1.exe
    ClosedIpcPath=!<StartRunAccess>,*

    [TixatiPortable]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=D:\MIKE'S STUFF\TIXATI
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    ForceProcess=tixati~1.exe
    ForceProcess=tixati_windows32bit.exe
    ForceProcess=tixati~2.exe
    ForceProcess=tixati_windows64bit.exe
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,tixati_windows32bit.exe,tixati~1.exe,tixati_windows64bit.exe,tixati~2.exe
    ProcessGroup=<InternetAccess>,tixati_windows32bit.exe,tixati~1.exe,tixati_windows64bit.exe,tixati~2.exe
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    NotifyStartRunAccessDenied=y
    ClosedIpcPath=!<StartRunAccess>,*
    DropAdminRights=y

    [MiponyPortable]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=D:\MIKE'S STUFF\MIPONY
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    ForceProcess=mipony.exe
    ForceProcess=mipony~1.exe
    ForceProcess=miponyportable.exe
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,miponyportable.exe,mipony~1.exe,mipony.exe,dllhost.exe,dllhost.exe
    ProcessGroup=<InternetAccess>,mipony.exe,miponyportable.exe,mipony~1.exe
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    NotifyStartRunAccessDenied=y
    DropAdminRights=y
    ClosedIpcPath=!<StartRunAccess>,*

    [TeamViewer]

    Enabled=y
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=Chrome_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    ForceProcess=teamvi~1.exe
    ForceProcess=teamviewer.exe
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,teamviewer.exe,teamvi~1.exe,dllhost.exe,mshta.exe
    ProcessGroup=<InternetAccess>,teamviewer.exe,teamvi~1.exe
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    NotifyStartRunAccessDenied=y
    DropAdminRights=y
    ClosedIpcPath=!<StartRunAccess>,*

    [IrfanView]

    Enabled=y
    ConfigLevel=7
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    ForceProcess=i_view32.exe
    NotifyInternetAccessDenied=y
    ClosedFilePath=InternetAccessDevices
    NotifyStartRunAccessDenied=y
    ProcessGroup=<StartRunAccess>,i_view32.exe
    ClosedIpcPath=!<StartRunAccess>,*
    DropAdminRights=y

    [WindowsExplorer]

    Enabled=y
    ConfigLevel=7
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    NotifyInternetAccessDenied=y
    ClosedFilePath=InternetAccessDevices
    DropAdminRights=y

    Current Sandboxes
     

    Attached Files:

    Last edited: Jul 9, 2015
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Settings discussion could be interesting, but basing it on ini file, questionable. I almost never look at mine, so looking at yours as a comparison, no.
     
  3. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    Well it's easier to show that than screens of every window in sbie (lots of screenshots). If anyone has questions on someone's ini config, then that person could then send screens of a particular setting. I for one am very interested in learning more in depth about sbie settings.
     
    Last edited: Jul 9, 2015
  4. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    Tried this before in a thread of mine 3 months ago and no luck, nobody replied whatsoever. :gack:
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Overkill, your sandboxes look pretty. I suggest you create one for your Office programs and another one to run Windows explorer. I use the one for explorer to navigate to any download or file that I am not totally sure about what it is. And to run any picture I download from the internet. I use my explorer sandbox for other purposes but that's mainly what I use it for.

    For the explorer sandbox. After creating the new sandbox, you can name it Windows explorer, make a sandboxed shortcut and have it run in the new sandbox. Then you can place the shortcut at your desktop or taskbar and run it from there whenever you want to.

    I saw your thread below.
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=21387

    You do that like in the picture you posted. I suggest you block access to your personal files and folders in all your sandboxes. At least the ones that connect to the internet. Like the ones for your browsers.

    Bo
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Overkill, you can also create a new sandbox for programs like WinRar, 7Zip and HJSplit. I got those programs covered in one sandbox. This programs work great sandboxed and you are a lot safer when you click on a rar file that you cant be sure about whats inside until you click it.

    I dont see a sandbox for WMP. Even if its not your default player, I suggest you make a sandbox for it. And dont allow WMP access to the internet.

    Bo
     
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    Thanks. I don't use any office programs. I always disable WMP since I never ever use it.
    I suppose I should make one for Irfanview as well?
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    I hope this thread does better:doubt:
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    If Irfanview is set as your default viewer for JPEG, pictures, I recommend you set the program as a forced program. That way, you ll system, registry, other programs and files remain intact if you click on an infected picture. I know getting infected by a malicious picture is rare but it can happen. And when it happens, it is a nasty infection. Sandboxie works best when you separate programs from each other. So, yes, creating a dedicated sandbox for Irfanview is the best way to handle the program.

    Bo
     
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    Ok Thanks Bo :)
     
  11. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    There's no way Virtualbox can work sandboxed right?
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    You are welcome, Overkill. From Sandboxies point of view, sandboxing is isolation. And isolation works best when you create sandboxes to separate programs (not only from the system) from each other.

    Bo
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I have no idea. Never used a VM.

    Bo
     
  14. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    Oh you should give it a shot, they are awesome!
     
  15. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    Bo, did you get this message? Maybe i'm doing something wrong?
     

    Attached Files:

  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Overkill, you don't want to force explorer. Thats a big no no. What you want to do is what I said below:
    https://www.wilderssecurity.com/threads/sandboxie-configuration-discussion.377750/#post-2505123

    Create the shortcut: Sandbox>Configure>Windows shell integration, Click Add shortcut icons, select your newly created Windows explorer sandbox, find Windows explorer in one of the menus and Click it. After you click on Windows explorer, you ll find your sandboxed Windows explorer shortcut at the desktop. You can leave it there or move it to the taskbar. When you click on the shortcut, Windows explorer will run in the sandbox that you created. You can restrict the sandbox as you wish.

    Bo
     
  17. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,129
    Location:
    USA
    I knew something wasn't right. Thanks for explaining that, everything is working now.
     
  18. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Yes I found this out the hard way lol.
     
  19. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    @ Bo, do you drop your rights on all your sandboxes?
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I use Drop Rights in all the sandboxes that I use everyday where the setting doesn't interfere with the program working properly or smoothly. You might find some programs working better without Drop Rights, for those, I suggest you don't tick the setting.

    In my personal case use, in XP, I don't tick the setting in sandboxes where I run Word. If I run Word in sandboxes with Drop Rights in place, the program takes extra time to open up. I like my sandboxes opening and closing fast so for Word, I prefer not to use Drop Rights. I don't use Outlook express anymore but when I did, I had to run it without Drop Rights, otherwise, the program would not run.

    Be aware, If you are a Chrome user, Chrome crashes in some systems with Drop Rights in place. If it doesn't crash in your computer, use the setting. If it crashes, dont use the setting and don't worry about it.

    In my W7, I can use Drop Rights in all my regular sandboxes. For testing programs in a sandbox, most programs wont install with Drop Rights ticked so for testing sandboxes, keep Drop rights unticked.

    Bo
     
  21. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Thanks, When I enabled DMR in Chrome, it was sluggish and didn't want to run.

    What delete tools do you use, and everyone else? I'm using SDelete by command for now.
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I use the delete function as it comes. I don't change nothing in Delete>Delete command.

    Bo
     
  23. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    I rather to acquire a RAM stick, large enough to create a RAMdisk and forget any concerns about data traces and delete commands.
     
  24. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Hi, just a quick off topic question about Sandboxie: does it still exists a "free" version?

    Before the aquisition by Invincea, i remember that after some time, if you didn't buy a licence, you'll get a nag screen during a few seconds when opening the browser inside sandboxie. But the software, excluding some options reserved to those who buy a licence, would still work.

    Does it sill works that way, or now the software will stop working after the expiration of some trial time?

    thanks!
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Free version is the same as has always been. It doesn't expire and you install it using same installer as paid version. The license unlocks features. The screen functions the same way, appears the first time you run something sandboxed, after you start the computer. You wont see it during the first 30 days.

    Bo
     
Loading...