Sandboxie configuration discussion

Discussion in 'sandboxing & virtualization' started by Overkill, Jul 9, 2015.

  1. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Thanks a lot!
     
  2. guest

    guest Guest

  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,950
    Location:
    Nicaragua
    Hello guest. If you close that message and Chrome still run fine in the sandbox, you can hide the message for good by clicking Hide next time you get one. I have been hiding a similar message (2203) for a long time for KMPlayer and all works well, you should be able to do the same.

    You posted about the SBIE message in the HMPA thread. I guess that means you think HMPA is somehow involved in why you are getting the message when you run Chrome sandboxed. To be sure HMPA is related to the message, I think you should uninstall HMPA to see if you stop getting the message. But I doubt that would happen. I think thats a Chrome and SBIE message and you are still going to get the message for Chrome even if you uninstall HMPA.

    I am not familiar with HMPA but if its not working correctly with Chrome when you run it sandboxed, play with the HMPA settings in Sandbox settings. If you have the compatibility settings ticked it, see what happens when you untick it. Those compatibility settings might work as designed for most systems but in some computers they might actually create communication problems instead of fixing them.

    Bo
     
  4. guest

    guest Guest

    i should do that

    edit: i did what you said, issue fixed... somehow i have to think simple with Sbie :D

    indeed, i have to disable all mitigation's features of HMPA for chrome, not what i really wanted.

    unticked already, i did my homeworks before contacting you :p , but that change nothing; the "NamedPipe" line is already in Sbie

    thanks for your help, Bo
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Is there any way to set Restrictions / Start Run Access to "NO" programs can start or run?
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,950
    Location:
    Nicaragua
    Doing what I am going to suggest works out sort of what you want- Add a random name in the Start Run restrictions window, you could add marzametal, and uncheck issuing SBIE message 1308.

    Bo
     
    Last edited: Apr 20, 2016
  7. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    hahahahahaha... clever!
    I have been trying to figure out what the safest file on Windows is, so I could include it in that Start/Run text field. I guess the safest file is one that doesn't exist :)
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,339
    Location:
    USA
    I have 3 pc's currently running in my house, my laptop (sbie installed), the family desktop (sbie not installed) and my son's laptop (sbie not installed). The reason why sbie isn't installed, is because my family gets annoyed by it and constantly complains. In my USB drives sandbox, I have ALL drive letters protected by sbie other than my two partitions C and D. I have my D drive (personal data) blocked so anything running in that sandbox whether it's from an external drive, usb or other pc's via mapped network drives can't harm my files. My question is, are there any other tweaks I can make so that my files on my laptop are protected in the rare case the other computers somehow were infected with some crypto-ransomware? Is it even possible that crypto-ransomware could effect data on another pc?

    Here's my settings
    [USBDrives]

    Enabled=y
    ConfigLevel=7
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    BorderColor=#00FFFF,ttl
    AutoDelete=y
    NeverDelete=n
    NotifyInternetAccessDenied=y
    DropAdminRights=y
    ForceFolder=Z:\
    ForceFolder=Y:\
    ForceFolder=X:\
    ForceFolder=W:\
    ForceFolder=F:\
    ForceFolder=E:\
    ForceFolder=B:\
    ForceFolder=A:\
    ForceFolder=V:\
    ForceFolder=U:\
    ForceFolder=T:\
    ForceFolder=S:\
    ForceFolder=R:\
    ForceFolder=Q:\
    ForceFolder=P:\
    ForceFolder=O:\
    ForceFolder=N:\
    ForceFolder=M:\
    ForceFolder=L:\
    ForceFolder=K:\
    ForceFolder=J:\
    ForceFolder=I:\
    ForceFolder=H:\
    ForceFolder=G:\
    ClosedFilePath=InternetAccessDevices
    ClosedFilePath=D:\
     

    Attached Files:

    Last edited: May 12, 2016
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,950
    Location:
    Nicaragua
    Hi Overkill. If you try setting up Sandboxie in the desktop and your son's laptop with convenience in mind, setting up using SBIE as closely as possible as if they were not using it, that might get the family enthused into running sandboxed. For example, don't set any Start Run or Internet restrictions and allow the browser direct access to the desktop and downloads folder.

    Other than that, I don't know what else to recommend. If family members plug an infected flash drive, your laptop would be fine but if the family runs malware unsandboxed in one PC, can it infect your laptop? I dont know if ramsonware can do that but as you know, for Sandboxie to protect your laptop, files, attachments and programs have to run under its supervision.

    Bo
     
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,339
    Location:
    USA
    The computers are locked down pretty well imo they just don't have sbie. It doesn't matter how I set it up, it just creates drama with the kids lol.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.