Sandboxie Settings

Discussion in 'sandboxing & virtualization' started by MikeNAS, Feb 6, 2008.

Thread Status:
Not open for further replies.
  1. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Hello!

    I'm trying to build as secure as possible settings to run only single program in Sandboxie. I have done these already and I want some comments. I have also couple of questions.

    Settings (Opera)

    Appearance:
    Show sandbox name in window title

    Recovery:
    Quick Recovery -
    Immediate Recovery -

    Delete:
    Invocation - Automatically delete contents of sandbox
    Command - "c:\Program Files\Eraser\eraserl.exe" -folder "%SANDBOX%" -subfolders -method Gutmann -results -queue

    File Migration:
    51200

    Forced Folders:
    -

    Forced Programs:
    opera.exe

    Lingering Programs:
    -

    Resource Access:
    Internet Access - opera.exe
    File Access - Direct Access - , All Programs
    File Access - Full Access - , All Programs
    !!!File Access - Blocked Access - D: E: ( All Except System Drive C: ), All Programs
    File Access - Read-Only Access - , All Programs
    Registry Access - Direct Access - , All Programs
    Registry Access - Blocked Access - , All Programs
    Registry Access - Read-Only Access - HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG ( All Registry Locations ), All Programs
    !!!IPC Access - Direct Access - , All Programs
    !!!IPC Access - Blocked Access - , All Programs
    Window Access - , All Programs
    Low-Level Access -

    Applications:
    Web Browser -
    Email Reader -

    - = all disabled.

    So now some questions (I have set !!! in those settings):

    1. Is there any way to disable ALL File Access? I can't add drive where opera.exe is. I haven't tried to add all folders and files except Opera folder because that is quite slow process. Any other ideas?

    2. What is IPC Access?

    3. In this thread https://www.wilderssecurity.com/showthread.php?t=196864 I found this:

    How I can set that kind of settings?

    4. I open ini file and see these:

    ClosedFilePath=!opera.exe,\Device\RawIp
    ClosedFilePath=!opera.exe,\Device\Ip*
    ClosedFilePath=!opera.exe,\Device\Tcp*
    ClosedFilePath=!opera.exe,\Device\Afd*

    Are those this one, Internet Access - opera.exe?

    -MikeNAS

    EDIT: I posted this on Sandboxie forums too.
     
    Last edited: Feb 7, 2008
  2. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    interesting..got any reply from them?
     
  3. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    1. I don't know the easy way.

    2. I found that on manual.

    3. ClosedIpcPath=!opera.exe,* <- Only Opera can run.

    4. Yes those are Internet Access rules.
     
Loading...
Thread Status:
Not open for further replies.