Sandboxie: What do you sandbox, other than your browser?

Discussion in 'sandboxing & virtualization' started by Tyrizian, Jun 29, 2013.

  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Agree 101%



    .


    The mitigations I have reviewed (not all are AV related) just said turn off the av rt scanner.

    Well, IMHO it is not good to turn off the scanner. :D

    If users have to do that they may as well not have an installed AV at all.

    Depends on your security policy and www risk profile.

    You could do it and just do online scans from time to time.
     
  2. guest

    guest Guest

    Is it temporarily disable the AV or permanently disable the AV?

    Anyway, about your first question...

    I've never paired Sandboxie with a HIPS before, so I can't be really sure. Does Sandboxie have some sort of key-shortcut feature or something? That's the only reason I can think of.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    The list of programs that Escalader listed are programs that are "...incompatible to some degree with Sandboxie. In some cases, either Sandboxie or the conflicting program can be configured in some way to resolve the incompatibility."
    http://www.sandboxie.com/index.php?KnownConflicts

    Most other programs work well along Sandboxie. In some case incompatibility problems can be solved by applying software compatibility settings that SBIE suggest. Those programs are not in the "Known conflicts" list posted above. By the way, I only know of one real time scanner that requires real time scanning to be disabled in order for SBIE to work.

    Bo
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Thanks for posting. But I can't answer your Sboxie question about temporary disable or not. These mitigations have been the same for some time if that helps.

    I can tell you I have key logging and clipboard logging blocked by OP FW 8.
     
  5. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I use Sandboxie Extensively... (Paid Registered version)
    Nothing runs in my system, unless I have control over it. Sandboxie, really helps with this...

    I provide professional technical support (Remote Administration) and analyze malware samples regularly... I must keep things clean and tidy, and I could not otherwise easily do so without this amazing tool...

    Here is a partial list of my sandboxie load!

    sandboxed.png

    Here is some very important tidbit about Sandboxie, it's not really secure unless you configure it proper like in the graphic I create below...

    sandboxie config.png

    You should also use a password protected limited user account and not an admin account for all daily activity.
    You also need to confirm that Sandboxie "Drop Rights" Drop rights from Administrators and Power Users Group tick box is ticked!
    You must also do the above stated (graphic) and drop rights for each individual sandbox to ensure proper defense is active and effective...

    droprights.png

    I hope this helps!
     
    Last edited: Oct 30, 2013
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Really nice. Love the picture, Hermes.

    Bo
     
  7. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I would also make separate sandboxes for each browser. Both for convenience and security. And make all of them automatically deleted upon program exit. You can force programs to start on these sandboxes and still you can if you want start them in other sandboxes too. And also easily make a runtime exception for starting them unsandboxed too.

    Regarding Sandboxie conflicts with other software. It would be quite pointless to even try to make some list of conflicts with other HIPS software. Some may "work" with the cost of slowing Windows startup, slow program startups etc. And some will cause a system freeze or a BSOD sooner or later on your system, like for example with many 3rd party firewalls when enabling all their hips like protection.
     
    Last edited: Oct 26, 2013
  8. ZERO ACCESS

    ZERO ACCESS Registered Member

    Joined:
    Oct 24, 2013
    Posts:
    12
    Location:
    Kernal32
    Sandboxie is nice do whatever you like Sandbox Pdf,browser,Vlc,IE....
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    ....etc. Right on the money.:)

    Bo
     
  10. ZERO ACCESS

    ZERO ACCESS Registered Member

    Joined:
    Oct 24, 2013
    Posts:
    12
    Location:
    Kernal32
    @Bo elam
    Hi
    I want to ask a question i am giving the Direst access to places.sqlite as my main browser is Firefoxportable so is there any chance for malware to manipulate places.sqlite in any form.Also in SD too.

    Thanks

    Regards
    Zero Access
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Theres no problem allowing Direct access to places.sqlite. I do it too but I do it from:
    Sandbox settings>Applications>Web browser>Firefox, tick option "Allow Direct access to Firefox bookmark and history database". You can exclude places.sqlite in SD. Not only you are safe doing it, it makes things convenient.

    Bo
     
  12. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dearest Bo,

    I owe you a PM reply for a very long time now. I have been scratching my head what to reply you. So, this post gave me the opportunity to ask you some questions about Sandboxie as I am so novice about it and at the same time to reply you.

    In both Firefox and PaleMoon, I would like to give direct access to:

    1. Bookmarks
    2. Extensions.

    I would like to do above without giving access to History and Other Stuffs. Would your above quotation will accomplish what I want.

    Many thanks my dear friend and sorry to reply you so late. I have been watching and reading each Sandboxie thread.

    Best regards,

    Mohamed
     
  13. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi Bo,

    What do you mean by above?

    Do you mean Sandboxie > Resource Access > File Access > Blocked Access > places.sqlite?

    Best regards,

    Mohamed
     
  14. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi There,

    Where would I find the above in Sandboxie?

    Best regards,

    Mohamed
     
  15. ZERO ACCESS

    ZERO ACCESS Registered Member

    Joined:
    Oct 24, 2013
    Posts:
    12
    Location:
    Kernal32
    @Bo elam
    Thanks for giving your time,nice to know you are doing too :)
    Now i am feeling safe.I am giving it through resource access<File access.
     
  16. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    hi
    For non advanced users, there is a Mozilla clone browser designed to run under Sandboxie
    http://auxbrowser.com/see/

    In fact, all infection vectors must be run sandboxed.
    As i do not use this software, i guess that any external deviced based application lauched via autorun, or by the user/explorer is also automatically sandboxed?

    Rgds
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Hi Aladdin. In Firefox and Palemoon, bookmarks and history is kept in the same file (places.sqlite). That makes it impossible for us using Sandboxie to give direct access to only bookmarks or history. If you give access to one, you have to give access to the other.

    Myself, I don't like keeping history either. So what I do is set Firefox to "Never remember history" in Firefox>Tools>Options>Privacy.

    Many addons use "prefs.js" to save preference. Give direct access to it and see if you get the results that you want. You ll find this file in your profile folder. Some extensions use their own file. If that's the case, it should not be hard to find it and is usually placed in the profile folder.
    ZERO was also asking about Shadow Defender. I was telling him that is safe to exclude places.sqlite in Shadow Defender as well as in Sandboxie.

    Bo
     
    Last edited: Oct 27, 2013
  18. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    A picture is worth a thousand words...

    droprights.png
     
  19. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,344
    Location:
    USA

    Awesome find, thanks
     
  20. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,344
    Location:
    USA
    I am loving this thread...I do have a question, How would one get infected using media players or pdf viewers? I mean as long as the .pdf is clean to start with why run in a sandbox? Same goes for whatever media your playing.
    I run all my browsers in sbie and I use a sandbox to test software but that's it!
     
  21. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,344
    Location:
    USA
    Please tell me more about FDISR
     
  22. tomazyk

    tomazyk Guest

    There might be some security holes in pdf viewer or media player that could be exploited by malicious files using those holes. In such case, SBIE would contain the payload inside the sandbox.
    I also use SBIE only for my browsers. I usually test new software in Virtualbox.
     
  23. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi there,

    Many thanks for the attached picture.

    Best regards,

    Mohamed
     
  24. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Bo,

    Many thanks, for such an excellent solution! :)

    That really helps to discard History away but at the same time allow to keep the Bookmarks.

    Done! And, kept the Extensions to auto update. Will see how it plays.


    Dah, I should have know that by SD, you meant Shadow Defender.

    Best regards,

    Mohamed
     
  25. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dearest Bo,

    One more. With both Firefox and/or PaleMoon in the Sandboxie, I get the error that no printers are installed. See the attached photo. Don't know what to do?

    Best regards,

    Mohamed
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.