Sandboxie Configuration Recommendations

I figured out the solution. This post can be deleted.

Thank you,

Docfxit

 

I just accessed my Yahoo Mail this morning and NOD32 alerted me twice that it had detected malware. I noticed that the Sun Java Icon showed up in duplicate in my system tray at the same time. I am assuming that it was not a false positive.

Sandboxie Configuration Question: I am using "Internet Access" and "Start/Run Access" Restrictions and I have "java.exe" as one of the allowed programs under both. Is allowing "java.exe" a significant security risk?

NOD32 Log (URL's removed):

"URL"/xxxxx/files/common.jar multiple threats connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Java\jre6\bin\java.exe.
"URL"/xxxxx/files/common.jar » ZIP » myf/y/LoaderX.class a variant of Java/TrojanDownloader.Agent.NAC trojan
"URL"/xxxxx/files/common.jar » ZIP » myf/y/NbablaF.class a variant of Java/TrojanDownloader.Agent.NAD trojan

 

I have just Firefox.exe allowed to access the internet. And for run access, just Firefox.exe and PDF viewer. I have removed the Java helper plugins from starting up, not really sure just exactly what they do, but I seem to get by without them.

The other day I downloaded LimeWire P2P, it added some Java BHO thing to my browser, a fairly large download as well. No idea why or what or even where it was downloading this Java update from - I didn't get any prompt to update Java - I have Java set to update manually, so this kinda weirded me out. Seeing this happened whilst installing a P2P I presume it was some LimeWire spyware/phone home junk.

Might be worth checking your pc with a bunch of different scanners, uninstall Java, and start again. Just incase you've been hijacked by anything. Seems to be easily done.

 

HI..how do you harden sandboxie?...i only run IE8 and select all options for this.
sandox cd/dvd drives,delete invocation automatically...
what else can i check to harden sandboxie?...thanks

 

you can also force my documents to be sandbox so if you save any files when open from that location will be sandbox

 

Hi acuariano. Check out this thread over on the Sandboxie forum and, in particular, the post by "bs1": http://www.sandboxie.com/phpbb/viewtopic.php?t=6621&highlight=

 

hey guyus how can i make SDelete to work in xp pro ?

 

I installed SDelete for use with Sandboxie and it didn't work initially when invoked from Sandboxie. In order to overcome the problem, I had to run SDelete manually the first time in order to accept a license agreement before it would work with Sandboxie.

 

been looking around in other sites and found just "yes it can be done"..but not a how to:.
pegr.how do you install it in xp.

 

My father uses his laptop mainly for web browsing and reading e-mails from work and friends through Windows mail.

I've installed a registered version of SandboxIE, set Firefox, IE and Windows mail as forced programs, enabled the automatic delete invocation when last sandboxed program ends and Lol ..he can't go wrong!

He has't even noticed it two weeks now.

 

You can thank Microsoft for that. Before MS acquired Sysinternals that issue didn't exist. The other downside is that with some of the small Sysinternals utilities the size more than doubled because of the EULA code.

There are two ways around the issue.

One, you can use the "-accepteula" commandline option, and you won't have to deal with the prompt.

When you agree to the EULA it writes to the registry, hence the second way around it is to pre-write the registry key for any of the utilities you plan on using. See this thread:
http://forum.sysinternals.com/forum_posts.asp?TID=9038

 

Apologies for the late reply but I've only just seen this - I don't know how I missed it.

SDelete doesn't have to be installed; you can just copy sdelete.exe to the file system and run it from any location. After copying it to the file system, double-click on sdelete.exe and you should see the EULA dialog box appear. Accept the EULA and the program will end as you haven't launched it from the command line using any parameters. This will only happen the first time you run it but, now the EULA has been accepted, SDelete is ready for use by Sandboxie.

 

I have firefox/ie8 forced sandboxed by default and only these browsers plus thunderbird/utorrent can have access to internet. I also allow direct access to firefox profile. The sandbox is deleted automatically after all the apps are closed. Sandboxie is a power users dream.

 

That is something that would interest me too.

For me the situation is the following:

As "TheKid7" I use the restrictions "Internet Access" and "Start/Run Access", but in difference to him I never had java.exe as one of the allowed programs, but only firefox.exe (plus IE and some messenger programs).

Surfing with Firefox version 3.5.8 (and earlier) with this configuration I had no problems in opening websites that use Java in case that I had disabled in the Java Control Panel the option "next-generation Java plug-in":

http://www.abload.de/img/jpikh6m.jpg

Recently I installed Firefox 3.6.3 and with this version (and retaining the above configuration of the sandbox) I have a problem when visiting websites that use Java:

Even when the "next-generation Java plug-in" is disabled, in the Sandbox pops up Message SBIE1308: "Program java.exe cannot start due to restrictions":

http://www.abload.de/img/sbjavhcvd.jpg

Then the browser freezes and when I want to close the website it crashes.

I am aware that I can avoid these problems simply by allowing "Start/Run Access" to java.exe. (As far as I tested it, it is not even nececessary to allow "Internet Access" too). But for reasons of highest possible security and a tight configuration of Sandboxie I would prefer to use the sandbox without java.exe in it (as I did until now).

Anyone with similar experiences or with ideas? (I tested by opening the website http://www.wondershare.com which uses Java.)

 

Peter 123 said:

"Then the browser freezes and when I want to close the website it crashes."

Yes,or you get the dialog box: Application is not Responding....,and you have to kill the browser via task manager.

This is what I get when I forget and try to run the Secunia online scan,or other "Java rich" site, with my normal Firefox Browser that is set up to allow only firefox.exe,to start/access internet.

I can live with it.

I keep a special box, named "weak box",just an ordinary, default sandbox,that I use for those few times I need Java.

(I default disable Java SCRIPT in Firefox,sandboxed,or not,but I can toggle
it on/off it via a button in the Firefox toolbar.)

I thank your conclusions are dead right in this matter.

respect,rat

Ps#Peter 123, there is one difference,I configure my IEBox separate,as I use it to pay bills and the like,and set it to delete on closing,and invoke SDelete for a one pass secure delete.
But that is just me. I have gotten around to consolidating a lot of my game sandbox's that require "simulated mouse and keyboard input". I am now down to five sandbox's.

 

Alright I just installed Sandboxie. Im hoping to only sandbox my browsers and possibly a few other small apps. Im looking for user friendly, but at the same time keeping the rest of the system secure.

Do you have multiple sandboxes and what for?

Basically Im looking for the most user friendly way to set this up and still stay secure. I dont want my wife getting my laptop infected when Im not at home.

 

in that case white dragon i will recomend you defensewall it will not fail
and can be set password protect

 

Not really looking for a FW. Im going for the lightest possible overheat while maximizing security.

 

you could always disable the firewall and just use the sandbox

 

From their page it wont work with my OS anyways. Thanks though. I really just need pointers to get Sandboxie working as efficiently as possible and its pretty much set and forget from that point on.

 

For me, by leaving the box unchecked for JAWS etc stopped the crashes.
I don't know if this will help you.
Hugger

 

@ ratwing + Hugger, thank you for your responses.

I tried now also with Internet Explorer (a browser I usually do not use), in the same sandbox as Firefox, so with the same configuration. And the strange thing: When using IE, Java works without problems in the sandbox, even when I have enabled the option "next-generation Java plug-in" in the Java Control Panel!

---> So obviously it is a problem concerning specifically Firefox in combination with Java and Sandboxie.

Hugger, concerning your advice:

Please could you specify what you mean with the "box ... for JAWS etc.". Obviously that is something different to the "next-generation Java plug-in", but I could not find it in the Java Control Panel.

 

@whitedragon551

Most people access the Browser by clicking on a shortcut on the desktop.
I am sure you can set the Browser shortcut to always open SandboxIE.
Then remove the Start location shortcuts if you think they may be used.
Change the SandboxIE shortcut to Browser icon.

 

The Applications - Accessibility checkbox (there's just one) in SBIE, not in Java CPL.

 

Thank you, doktornotor. So you and Hugger refer obviously to the following options in Sandboxie (I use the german version: "Anwendungen" = "Applications"). But the boxes are always unchecked in my configuration. I do not think that there is a connection with Java.