Sandboxie Configuration Recommendations

Discussion in 'sandboxing & virtualization' started by TheKid7, Apr 21, 2009.

Thread Status:
Not open for further replies.
  1. Docfxit

    Docfxit Registered Member

    Joined:
    Jan 14, 2010
    Posts:
    1
    I figured out the solution. This post can be deleted.

    Thank you,

    Docfxit
     
    Last edited: Jan 18, 2010
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,595
    I just accessed my Yahoo Mail this morning and NOD32 alerted me twice that it had detected malware. I noticed that the Sun Java Icon showed up in duplicate in my system tray at the same time. I am assuming that it was not a false positive.

    Sandboxie Configuration Question: I am using "Internet Access" and "Start/Run Access" Restrictions and I have "java.exe" as one of the allowed programs under both. Is allowing "java.exe" a significant security risk?

    NOD32 Log (URL's removed):

    "URL"/xxxxx/files/common.jar multiple threats connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Java\jre6\bin\java.exe.
    "URL"/xxxxx/files/common.jar » ZIP » myf/y/LoaderX.class a variant of Java/TrojanDownloader.Agent.NAC trojan
    "URL"/xxxxx/files/common.jar » ZIP » myf/y/NbablaF.class a variant of Java/TrojanDownloader.Agent.NAD trojan
     
  3. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I have just Firefox.exe allowed to access the internet. And for run access, just Firefox.exe and PDF viewer. I have removed the Java helper plugins from starting up, not really sure just exactly what they do, but I seem to get by without them.

    The other day I downloaded LimeWire P2P, it added some Java BHO thing to my browser, a fairly large download as well. No idea why or what or even where it was downloading this Java update from - I didn't get any prompt to update Java - I have Java set to update manually, so this kinda weirded me out. Seeing this happened whilst installing a P2P I presume it was some LimeWire spyware/phone home junk.

    Might be worth checking your pc with a bunch of different scanners, uninstall Java, and start again. Just incase you've been hijacked by anything. Seems to be easily done.
     
  4. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    HI..how do you harden sandboxie?...i only run IE8 and select all options for this.
    sandox cd/dvd drives,delete invocation automatically...
    what else can i check to harden sandboxie?...thanks
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    you can also force my documents to be sandbox;) so if you save any files when open from that location will be sandbox:D :thumb:
     
  6. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    237
    Hi acuariano. Check out this thread over on the Sandboxie forum and, in particular, the post by "bs1": http://www.sandboxie.com/phpbb/viewtopic.php?t=6621&highlight=
     
  7. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    hey guyus how can i make SDelete to work in xp pro ?
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I installed SDelete for use with Sandboxie and it didn't work initially when invoked from Sandboxie. In order to overcome the problem, I had to run SDelete manually the first time in order to accept a license agreement before it would work with Sandboxie.
     
  9. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    been looking around in other sites and found just "yes it can be done"..but not a how to:.
    pegr.how do you install it in xp.
     
  10. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    My father uses his laptop mainly for web browsing and reading e-mails from work and friends through Windows mail.

    I've installed a registered version of SandboxIE, set Firefox, IE and Windows mail as forced programs, enabled the automatic delete invocation when last sandboxed program ends and Lol ..he can't go wrong!

    He has't even noticed it two weeks now.
     
  11. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    You can thank Microsoft for that. Before MS acquired Sysinternals that issue didn't exist. The other downside is that with some of the small Sysinternals utilities the size more than doubled because of the EULA code.

    There are two ways around the issue.

    One, you can use the "-accepteula" commandline option, and you won't have to deal with the prompt.

    When you agree to the EULA it writes to the registry, hence the second way around it is to pre-write the registry key for any of the utilities you plan on using. See this thread:
    http://forum.sysinternals.com/forum_posts.asp?TID=9038
     
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Apologies for the late reply but I've only just seen this - I don't know how I missed it.

    SDelete doesn't have to be installed; you can just copy sdelete.exe to the file system and run it from any location. After copying it to the file system, double-click on sdelete.exe and you should see the EULA dialog box appear. Accept the EULA and the program will end as you haven't launched it from the command line using any parameters. This will only happen the first time you run it but, now the EULA has been accepted, SDelete is ready for use by Sandboxie.
     
  13. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I have firefox/ie8 forced sandboxed by default and only these browsers plus thunderbird/utorrent can have access to internet. I also allow direct access to firefox profile. The sandbox is deleted automatically after all the apps are closed. Sandboxie is a power users dream.
     
  14. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    That is something that would interest me too.

    For me the situation is the following:

    As "TheKid7" I use the restrictions "Internet Access" and "Start/Run Access", but in difference to him I never had java.exe as one of the allowed programs, but only firefox.exe (plus IE and some messenger programs).

    Surfing with Firefox version 3.5.8 (and earlier) with this configuration I had no problems in opening websites that use Java in case that I had disabled in the Java Control Panel the option "next-generation Java plug-in":

    http://www.abload.de/img/jpikh6m.jpg

    Recently I installed Firefox 3.6.3 and with this version (and retaining the above configuration of the sandbox) I have a problem when visiting websites that use Java:

    Even when the "next-generation Java plug-in" is disabled, in the Sandbox pops up Message SBIE1308: "Program java.exe cannot start due to restrictions":

    http://www.abload.de/img/sbjavhcvd.jpg

    Then the browser freezes and when I want to close the website it crashes.

    I am aware that I can avoid these problems simply by allowing "Start/Run Access" to java.exe. (As far as I tested it, it is not even nececessary to allow "Internet Access" too). But for reasons of highest possible security and a tight configuration of Sandboxie I would prefer to use the sandbox without java.exe in it (as I did until now).

    Anyone with similar experiences or with ideas? (I tested by opening the website http://www.wondershare.com which uses Java.)
     
  15. ratwing

    ratwing Guest

    Peter 123 said:

    "Then the browser freezes and when I want to close the website it crashes."

    Yes,or you get the dialog box: Application is not Responding....,and you have to kill the browser via task manager.

    This is what I get when I forget and try to run the Secunia online scan,or other "Java rich" site, with my normal Firefox Browser that is set up to allow only firefox.exe,to start/access internet.

    I can live with it.

    I keep a special box, named "weak box",just an ordinary, default sandbox,that I use for those few times I need Java.

    (I default disable Java SCRIPT in Firefox,sandboxed,or not,but I can toggle
    it on/off it via a button in the Firefox toolbar.)

    I thank your conclusions are dead right in this matter.

    respect,rat

    Ps#Peter 123, there is one difference,I configure my IEBox separate,as I use it to pay bills and the like,and set it to delete on closing,and invoke SDelete for a one pass secure delete.
    But that is just me. I have gotten around to consolidating a lot of my game sandbox's that require "simulated mouse and keyboard input". I am now down to five sandbox's.
     
    Last edited by a moderator: Apr 5, 2010
  16. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Alright I just installed Sandboxie. Im hoping to only sandbox my browsers and possibly a few other small apps. Im looking for user friendly, but at the same time keeping the rest of the system secure.

    Do you have multiple sandboxes and what for?

    Basically Im looking for the most user friendly way to set this up and still stay secure. I dont want my wife getting my laptop infected when Im not at home.
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    in that case white dragon i will recomend you defensewall ;) it will not fail
    and can be set password protect
     
  18. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Not really looking for a FW. Im going for the lightest possible overheat while maximizing security.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    you could always disable the firewall and just use the sandbox
     
  20. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    From their page it wont work with my OS anyways. Thanks though. I really just need pointers to get Sandboxie working as efficiently as possible and its pretty much set and forget from that point on.
     
  21. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    For me, by leaving the box unchecked for JAWS etc stopped the crashes.
    I don't know if this will help you.
    Hugger
     
  22. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    @ ratwing + Hugger, thank you for your responses. :)

    I tried now also with Internet Explorer (a browser I usually do not use), in the same sandbox as Firefox, so with the same configuration. And the strange thing: When using IE, Java works without problems in the sandbox, even when I have enabled the option "next-generation Java plug-in" in the Java Control Panel!

    ---> So obviously it is a problem concerning specifically Firefox in combination with Java and Sandboxie.

    Hugger, concerning your advice:
    Please could you specify what you mean with the "box ... for JAWS etc.". Obviously that is something different to the "next-generation Java plug-in", but I could not find it in the Java Control Panel.
     
  23. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    @whitedragon551

    Most people access the Browser by clicking on a shortcut on the desktop.
    I am sure you can set the Browser shortcut to always open SandboxIE.
    Then remove the Start location shortcuts if you think they may be used.
    Change the SandboxIE shortcut to Browser icon.
     
  24. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    The Applications - Accessibility checkbox (there's just one) in SBIE, not in Java CPL.
     
  25. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    Thank you, doktornotor. So you and Hugger refer obviously to the following options in Sandboxie (I use the german version: "Anwendungen" = "Applications"). But the boxes are always unchecked in my configuration. I do not think that there is a connection with Java.
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.