SandBoxie: Immediate Recovery Exclusions

Discussion in 'sandboxing & virtualization' started by wat0114, Jan 4, 2009.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Guest

    Does anyone know why there are by default only these two file extensions excluded from immediate reovery? Why would there not be a lot more, especially those of common malware? Just curious.
     

    Attached Files:

  2. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    I think it depends on what kind of user you are ... if you are a javascript developer it's kind of hard to exclude .js files on default.

    Same goes for other extensions I think.
     
  3. wat0114

    wat0114 Guest

    Okay thanks, but what about common malware extensions such as .vbs, .chm. hta and a bunch of others?
     
  4. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    Well I am not 100% sure but I think they let it open for you to decide, it doesn't really matter since everything is still sandboxed unless you choose to save it.

    .vbs = Visual Basic .. doesn't have to be malware :p
     
  5. wat0114

    wat0114 Guest

    I guess the scenario I'm thinking of involves someone, whether deliberately or not, downloading an infected file(s). With common virus extensions excluded from Immediate Recovery, at least the recover option will not be automatically invoked if any of the file's extensions match those of the excluded, thus reducing the chance of infection because if the files did recover they are now no longer sandboxed.

    Now I don't know if I'm making sense, because maybe I don't understand fully how this function works. I could be missing the boat entirely here :p

    True.
     
  6. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    Well I still think they did that deliberately.

    Sandboxie isn't really for "novice" users, it isn't hard to get but the default settings work fine so no real need to add more extensions even if there's malware being contained in one of those files or malicious scripts (format C: lol).
     
  7. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    I understand your point. But keep in mind that Quick Recovery and its spinoff Immediate Recovery are invoked only when, in the process of deleting a sandbox, there are files found in any of the Quick Recovery folders. By default the Quick Recovery folders are Desktop, Favorites and My Documents. http://www.sandboxie.com/index.php?RecoverySettings#quick
    So your sandboxed session, i.e. your theoretical malware, would have to contain files in one of those three folders in order for Quick Recovery/Immediate Recovery to be invoked.
     
  8. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    Firstly it depends on what folders you have listed, secondly if you never download something with any of the extensions listed at Immediate Recovery it will never be saved outside the sandbox.
     
  9. wat0114

    wat0114 Guest

    Yes, but I have added a folder to Quick Recovery that I call "Downloads", where all my downloaded files go to. I suppose I'm just thinking of somewhat added security where mistakenly (or deliberately) downloading an infected file with an extension matching those that are excluded in Immediate recovery will not invoke the Quick recovery alert. Mostly I wonder why Tzuk includes only those two in the screenshot. otherwise I'm not concerned about it. This program is working brilliantly on my kid's computer so far :)
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I think .part is a copy of any download which is saved if the download is interrupted and FF can take it up again from where it was interrupted.

    The .part is auto deleted when the download completes.

    So in effect you really don't want SB auto recovering any unfinished downloads.

    Not really sure on that though?
     
  11. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    "I think" <-- use that too often....

    that he put those 2 in mere as example

    but why would you mistakenly download a .js .vbs or any file? unless you visit weird sites that have actual links to those files .. but then again you would still get the "Save as" dialog

    and EVEN if you save it you still have to execute it for the malware to become active so you can still delete it
     
  12. wat0114

    wat0114 Guest

    No worries about myself doing this, though one never knows :)

    Of course. It's just the point of keeping it off the drive in the first place is what I'm getting at.
     
  13. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62

    well if you never use files with extensions such as .vbs or .js, then I would add those to the list :p just to make sure
    but I think it will never happen in the first place XD since you have to appoint folders in Quick Recovery and only files saved in those folders are eligible.
     
  14. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    Wat01114, you raise an interesting question in your opening post. Why not ask it in the Sandboxie's forum?
     
  15. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    well the thing is

    both are of incomplete downloads

    .part = Firefox
    .jc = Flashget
     
  16. wat0114

    wat0114 Guest

    After some experimenting, I may have this figured out :) Let's say for the purpose of demonstrating, I don't want files with extension .exe to be downloaded to the default folder, in this case "Downloads. I ensure Downloads directory is excluded from the Quick Recovery section, I have the checkbox "Enable Immediate Recovery" checkbox enabled in the Immediate Recovery section, and add .exe file types in the "Excluded" window. This way even though I download a file with .exe extension, it does not land in the Downloads folder and I'm not alerted on it for recovery purposes when I close the sandbox or delete the contents.

    This feature is working more or less the way I thought it would. Good news!
     
  17. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    Good for setting up rules for example: kids using a computer :p
     
  18. wat0114

    wat0114 Guest

    Exactly! Mine are pretty good and trustworthy now, but they are getting increasingly 'Net savvy and curious as they age :p
     
    Last edited by a moderator: Jan 4, 2009
  19. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    Wat0114,
    I'm curious...when you download a file or program from the internet while sandboxed, what is your process?
     
  20. wat0114

    wat0114 Guest

    Nothing out of the ordinary; select the file and save it to my default directory. I do realize this "Exclude from immediate recovery" feature is no great security feature, as all someone has to do is select one of the folders in the "Quick Recovery" to recover it, but for my purposes, it is fine for the short term at least.
     
Loading...
Thread Status:
Not open for further replies.