Sandboxie Configuration Recommendations

Discussion in 'sandboxing & virtualization' started by TheKid7, Apr 21, 2009.

Thread Status:
Not open for further replies.
  1. ratwing

    ratwing Guest

    I have found out how to avoid the browser lock-up with firefox,when trying to open certain Java-rich sites in a sandbox configured allow only Firefox.exe to run/access the internet.

    Disabling the "Java(TM)Platform SE 6 u19 6.0.190.6"
    plug in in Firefox stops the problem.
    (this on XP ProSp3)

    Really of course, you are disabling that function for all instances
    of Firefox,not just sandboxed,so its really not a elegant workaround.

    But it does work.
    For me,it is acceptable, because most of my browsing is in just such a
    restricted sand box,and a few clicks re-enables the plug in if needed.

    rat
     
  2. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
    Correct.
     
  3. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    206
    Yes of course, that's correct. And that is exactly what I meant. Perhaps in order to avoid this misunderstanding I should have written also the part I add now with red letters:

    I thought that this would be obvious. And Windows - as possibly other programms too (e.g. antivirus) - are "virtually" (as copy) inside the sandbox. I think it makes sense to protect them (= their "copies") from being modified. To my mind that's the reason for the restriction "Read-only access" to the folders "Windows" and "Programs".
     
  4. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    206
    :cool: :thumb: :thumb:
    Indeed. It works! The problem has gone by deactivating this plugin!!

    Thank you very much, ratwing, for finding this solution and posting it here. It's a great help for me. :)
     
  5. ratwing

    ratwing Guest

    No problem!! Glad it helped!!

    rat
     
  6. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Hello,

    I want to allow direct access to:

    1) autopager

    2) cookie monster


    Can you please advise?
     
  7. ratwing

    ratwing Guest

    Hi mike21:

    Please open Sandboxie Control,right click your
    default box,scroll to and click "sandbox settings", from the left panel click "resource access",then "file access",and "full access".

    Then hit add,and browse to find the exes for your programs.(autopager and
    cookie monster)

    repeat this for each sandbox you want so configured.

    You may have to play around adding things other than just their exes,from their respective folders to get it to work.

    hope it works,
    rat
     
  8. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    thank you for your reply. Unfortunately I forgot to mention that both are firefox extensions. So I have to allow full access to:

    Code:
    C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\xfcjry7n.default\autopager\autopagerTee.json
    
    C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\xfcjry7n.default\autopager\autopager-patterns.json
    and
    Code:
    C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\xfcjry7n.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}\chrome\cookiemonster.jar
    correct?
     
  9. ratwing

    ratwing Guest

    Mike, that sounds about right.

    I thank some, (a lot) of these permission things amount to trail and error,if someone has not configured the same settings before, successfully,and pitched in with the exact directions.
    .

    rat
     
  10. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Just bought sandboxie and am running Firefox sandboxed, but don't want to loose the Adblock Plus-updates everytime I close FF, so I put patterns.ini in the full access-list. It works, but is it ok to do ( I'm pretty sure it is.. just checking). Great software btw.
     
  11. ratwing

    ratwing Guest

    Your right!!

    respect,
    rat
     
  12. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    thx. :)
     
  13. carlito77

    carlito77 Registered Member

    Joined:
    Aug 4, 2010
    Posts:
    10
    Hi guys,

    I'm a little confuse about the Drop_Rights function and how to use it. If I set the Drop-Rgihts ON, in my default box or any other box, my browser won't start in each of those boxes. If I set it on OFF, the the browser starts. What is the purpose of this function? Thanks
     
  14. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,538
    I have Sandboxie Paid.

    What is the best/recommended way to configure a Microsoft Outlook 2003 Sandbox?

    I have already setup an Outlook 2003 Sandbox with the following changes from default:

    1. Program Start>Forced Programs>outlook.exe
    2. Restrictions>Drop Rights>drop rights enabled
    3. Applications>Email Reader>Office Outlook enabled (allow access to mail files outside of sandbox)

    Thanks in Advance.
     
  15. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,206
    Location:
    Pennsylvania.
    Paid subscription is 47 bucks now. 0_o I should of gotten it when it was 30 bucks.
     
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I thought it was 37?

    Edit: It's 39 U.S dollars, I just checked. No way was I going to go along with that big of a price hike, lol.
     
  17. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,538
    What Sandboxie configuration(s) would typical Businesses use?

    I have never used the Password options. How many things beside configuration changes get "locked down" by Password protection? Is there a way to not allow file recovery from the Sandbox?

    Thanks in Advance.
     
  18. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have set configs so that all browsers are forced into a sandbox which restricts to only those programs allowed plus some extras like adobe etc.

    I did the same thing with email clients.

    Each browser is told to not ask when dowloading and save all to 'downloads' directory. The downloads directory is forced into a sandbox without net access, but all is allowed to run.

    In this manner, the users can browser "as normal". The bookmarks are saved to the real location. The downloads cannot run in the browser sandbox. If the user executes a download it runs but is within a sandbox. They must move downloads to different directory to run for real.

    The few businesses that I configured this for are typical Small Business so it doesn't seem to interfere with what they do. No one is spending time surfing the web when they shouldn't be, only working.

    HTH.

    Sul.
     
  19. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Sandboxie have now the option to choose a download folder where is possible to directly download to the "real" location without asking?

    Is already possible to save the History of IE?

    Thanks!:thumb:
     
  20. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yes and no. No, there is not, AFAIK, an "option" for a download directory (I am using v442 still), but you can, through the options, do so.

    It is called Direct Access. In each browser sandbox, in ResourceAccess>FileAccess>DirectAccess I put the downloads directory into. This then tell the sandbox to be able to "directly" access that downloads directory. If you save something then, it is not put to the c:\sandbox directory which would need to be recovered, but "directly" to the real downloads folder.

    If you look at (for your IE sandbox) the Applications>WebBrowser>InternetExplorer area, you will see all the different "rules" that are included with SBIE for IE. Such things as whether history and bookmarks are kept in the real location are listed there. The little [+] indicates that rule is in effect.

    Sul.
     
  21. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    229
    Sully, how do you configure the browser to do this? I'm running IE8 on Win7 Ultimate 32bit. Thanks.
     
  22. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I don't know in IE, I never use it. In Firefox, Opera, Kmeleon and Chrome/Chromium, there are options in the properties to do so. Some of them allow you to configure it to by default save to "downloads" but also offer the "save to" option so you can re-direct downloads on the fly to somewhere else.

    I generally set it so that if I click to download, it doesn't ask and puts it in my downloads directory.

    Sul.
     
  23. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Thanks!:thumb:

    Can someone please confirm if is possible to keep History in IE?
    Last time i used Sandboxie that option didn´t exist to IE (only to the other browsers).
     
  24. WigglyTheGreat

    WigglyTheGreat Registered Member

    Joined:
    Jul 10, 2006
    Posts:
    144
    Are there any issues running this configuration? Creating a TrueCrypt container, mounting it, and running Portable Firefox within it and using Sandboxie with Sandboxie's Container Folder set within that Truecrypt container. Will this configuration keep everything contained within the truecrypt container? Any issues?
     
  25. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    What a bizarre thing to do. What problem are you trying to solve with this approach?
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.