Sandboxie Question

Is it possible to set up a sandbox so that only a certain list of apps can access the internet? I know it is possible to make things so that only one app can access the internet but that would make it impossible to use any other app that was spawned off that process; I'm trhinking specifically of Amazon's mp3 downloader which gets it's instructions from Opera.

 

With newest version you can add more than one program with GUI (just repeat add by name/file) but here it is code if you like to paste it to ini file.


[GlobalSettings]

ProcessGroup=<internet>,firefox.exe,opera.exe etc.

Then add this to sandboxie rules:

ClosedFilePath=!<internet>,\Device\RawIp
ClosedFilePath=!<internet>,\Device\Ip*
ClosedFilePath=!<internet>,\Device\Tcp*
ClosedFilePath=!<internet>,\Device\Afd*

You can build as many ProcessGroups you like and use any name.

 

Thanks very much! That was just what I needed. BTW, I guess I should have looked at the sandboxie forum first, where I would have found this thread.

 

Here's another one that I posted at the Sandboxie forums which has yet to recieve a response.

 

Yes, it's surely handy this feature. I've now got a sandbox specifically for Outlook Express where only OE and IE have internet access. This way I can click a link in an OE e-mail and it opens up IE and goes to the relevant page. Previously with the option to have one application(in this case OE) as the only application with permission to access the net all I got was the good old "The page cannot be displayed". I was having to copy the link from OE and paste it into my sandboxed browser.

muf

 

So what exactly is the purpose of adding the asterisks after those lines?

Please specify.

Thanks

 

[DefaultBox]
OpenFilePath=C:\Downloads\
OpenFilePath=*.eml
OpenFilePath=iexplore.exe,%Favorites%
OpenFilePath=msimn.exe,*.eml

When reviewing these examples, keep in mind that Sandboxie places a wildcard star at the end of the value, unless a star already appears anywhere in the value. So for example, C:\Downloads\ becomes C:\Downloads\*, while *.eml remains unchanged.

Wildcard stars are used to specify patterns with variable, unknown parts. For example, a.eml matches only that one file, whereas *.eml matches a.eml, test.eml, important message.eml and so on. But note that neither form matches a.txt.

The first example setting specifies that any files (or folders) created in the folder C:\Downloads (and in any folder below it) will not be sandboxed. Note that the final backslash character is important, because a star will be placed at the end of the string.

The second example shows how wildcards can be used to exempt *.eml files from sandboxing, regardless of where they are created. .eml files are typically created by Outlook and Outlook Express, when a message is explicitly saved to disk.

The third example setting specifies that the Favorites folder of the active user account should be exempted. This means that new Favorite shortcuts will added outside the sandbox. In this example, a ProgramNamePrefix is used, so the setting only applies to the Internet Explorer program, iexplore.exe

The fourth example combines the previous two examples, by showing a path containing a wildcard, applied only to a specific program.

Note: For security reasons, this setting does not apply when the program executable file resides within the sandbox. This means that (potentially malicious) software downloaded into your computer and executed, cannot take advantage of this setting.

EDIT: More information http://sandboxie.com/phpbb/viewtopic.php?t=2756&highlight=device

 

Thanks MikeNAS

It's a fact that thanks to some of your own findings and sharing them in discussion i been able to finally wrap my head around SandboxIE settings much more effectively.

The registry additions have been a great boost!

 

Hey Easter,i thought you were raised within good old DOS !?!

 

You're welcome!