Sandboxie Configuration Recommendations

I have never allowed Direct Access to files before but I would "guess" that you would do the following:

Right Click on your Sandbox and choose Settings->Resource Access->File Access->Direct Access, click on "Add" and browse to the "pattern.ini" file, choose OK and Apply. See if that works.

 

nice thanks

 

Yeah, and once you decide you like all your files of a certain extension to play in media player in sandbox, you can modify the registry so that they always start in SBIE.

You can also use SRP on media player, greatly reducing your threats with or without also using SBIE (assuming you are admin).

Sul.

 

I know that Sandboxie has a setting under applications/web browser/firefox for "allow direct access to firefox bookmark and history database".

However, I would like to use Resource Access/File Access/Direct Access to allow access to the firefox bookmark database "only". What is the path to the firefox bookmark database? Also, what is the path to the firefox history database?

Thanks in Advance.

 

Depends on your Windows and Firefox version.
All needed informations can be found here:
http://kb.mozillazine.org/Profile_folder_-_Firefox

Cheers

 

OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\adblockplus\patterns*.ini

 

thanks bman

I was using this

OpenFilePath=firefox.exe,C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\xfcjry7n.default\adblockplus\patterns*

Also do I put this line under global settings, user settings or default box?

 

Put the lines under [DefaultBox] or your firefox sandbox. Your config should be fine for a single profile of firefox. I have another account running on my pc that's why I had to adjust my config to fit both user accounts' needs.

 

Sorry to butt into this thread, but I can't find many other places to ask this question.

I'm currently interested in running Sandboxie on Win 7 Professional x64, with the new version. I pretty much want to sandbox two programs: Opera (my one and only webbrowser) and Trillian (possibly also Pidgin, unless I decide I like one IM client more than the other). These two programs constitute the only 'untrusted' connections to the internet. I run NOD32, Spybot S&D, and MBAM, all of which I want to have access to updates without being sandboxed.

What's the best configuration I should employ for Opera and an IM client in the x64 Sandboxie? In Opera some things that I'd like to 'keep'/allow include bookmarks, notes, login cookies for trusted websites, and ad-blocking and url-blocking. I whitelist javascript and plugins, so being able to preserve 'site preferences' is critical to me, as well. I use Opera for my mail client, set to display in plain-text off an IMAP account unless specifically prompted to reveal the full message. In the IM client, I'd like to be able to keep my logs, but have little desire for other programs.

If I sandbox, will it be possible to preserve these features while still maintaining security? Will running Opera in sandboxie force me to redownload all of my mail messages during each connect, and re-login to websites that usually recognize cookies? If there are settings I can establish to allow these features to function as normal, will Sandboxie be providing a layer of protection, or is it just as well not worth it with so many 'holes' punched in it?

Sorry for the questions, but I'm intimidated by Sandboxie, if very interested at the same time. I'd like to make an informed decision about it before purchasing it, and would like to configure the free version correctly before I make a judgment.

 

If I run Sandboxie "out of the box" without any configuration at all, what can happen? It won't protect me?

 

It depends on the type of protection you want. For "routine" browsing, I often use Sandboxie's default settings and it has protected me perfectly. If I plan to do online banking or shopping, then I use a hardened sandbox (to prevent, for example, any keylogger malware from running).

Oh...something I just remembered: I did make a single change to the settings of my "default" sandbox by blocking access to My Documents. But actually that demonstrates the beauty of SBIE -- one can make multiple sandboxes and configure them to his/her liking and comfort level.

 

If I run Sandboxie "out of the box" and just use the installed default settings, can I get infected with a keylogger "outside" of the Sandboxie?

I thought I could run Sandboxie immediately after installation and browse any website I wanted, and no nasties could jump out and infect my Vista. Isn't that right?

And I thought then once I close Sandboxie and delete it's folder, then any nasty will be deleted too without ever infecting the rest of my system?

 

@TheMozart. If you have no restriction rules inside your sandbox, whatever enters the sandbox will be tricked into thinking the sandbox is your OS. Untill you delete the sandbox, anything inside the sandbox will remain.

The setting auto delete sandbox after each use is a good way to keep keyloggers specifically from working from within sandboxes. It isn't enabled by default. Even with this setting you need to close the sandbox and reopen to ensure you have cleared anything bogus. I don't like the default deletion of sandboxes. I much prefer using the secure deletion methods here.

But like Doodler says, the more restrictive the sandbox settings, for instance, for Firefox these are what I use in the Sandboxie restrictions settings: 1) restricting just firefox.exe to access internet ... 2) restricting firefox.exe and PDF viewer start/run access within the sandbox. 3) Ticking Dropped rights setting ... these significantly firewall the sandbox, to ensure malware/phone home software inside or outside the sandbox cannot hijack the running sandboxed processes.

If you have any security software or anything else that requires internet or run access, you will need to enable them also (sandboxie gives a error message when something else tries to run). Sandboxie will only run what you add to the restriction settings. So it does take a bit of experimenting to get it right.

 

Using Sandboxie's default settings, you can get infected by a keylogger, but the keylogger remains in the sandbox. This means two things: (1) the keylogger can still record your activity and (2) it will be deleted when you empty the contents of the sandbox. However, as Keyboard Commando explains, it's relatively easy to harden the sandbox so that even if you picked up a keylogger, it couldn't run and/or call home.

Yes.

Correct.

 

Note that if you're running on 64-bit Vista and using the new x64 version of Sandboxie that there is a potential for this to happen. The x86 version is pretty much airtight, though.

 

After I finished with Sandboxie, I close it, then browse to C:/Sandboxie and double click on Sandboxie folder and then I right click on the folder inside C:/Sandboxie and choose delete.

The reason I do this is because even though I have selected to delete sandboxie content in Sandboxie config, it never deletes the Sandboxie folder. maybe a bug?

 

Have you checked to see if there really is anything in the sandox folder that you are deleting?

The next time you terminate a sandboxed browsing session, try double-clicking the applicable sandbox before deleting it to see if anything's in there. My hunch is it's empty (since you have Sandboxie configured to automatically delete the contents).

 

Yup. I have same problems, for whatever reason. I quit finding the answer and use the recommended secure deletion. Heidi Eraser is the best of the bunch, IMO. Though, a few people are unhappy with the new added resource ... (think the latest version has a scheduler service??) but if so I guess you can disable that.

 

Yes, the Sandbox is full, yet Sandboxie won't delete it.

But I just read that Keyboard_Commando also has same issues. Must be a Sandboxie bug.

I added Eraser instead and now it erases and deletes the Sandboxie folder when I close it. Thank you Keyboard_Commando.

 

Do you have your container folder set at;
C:\Sandbox\%SANDBOX%
or something else?

 

As a quick question regarding Sandboxie: Every so often security vulnerabilities are discovered in web browsers and IM clients, some of which allow for 'remote execution of arbitrary code'. If one of these programs were running in Sandboxie, and malware attempted to exploit such a flaw, would it be possible to jump the Sandbox?

I'll admit, I don't understand everything at work, but Sandboxie seems to be very much designed to prevent write access of malware, but would it be a defense against, say, a buffer overrun or something similar that impacts the memory to execute something nasty?

Again, I'm probably demonstrating my ignorance here. I'm just curious if Sandboxie would be a defense against these attacks, after seeing a slew of these 'remove execution of arbitrary code' vulnerabilities pop up for the browser and IM client I use.

 

I just clicked on RMDIR in the settings, and it added this:

%SystemRoot%\System32\cmd.exe /c RMDIR /s /q "%SANDBOX%"

 

No, I mean the actual location of the sandbox - I thought you said the contents deleted but not the folder itself - check it at Sandboxie Control > Sandbox > Set Container Folder