sandoxie as a firewall,hips,anti-exe, virtualizing beside sandoxing

Discussion in 'sandboxing & virtualization' started by hany3, Sep 20, 2008.

Thread Status:
Not open for further replies.
  1. hany3

    hany3 Registered Member

    Dec 2, 2007
    hi folks ,
    despite i'm relatively new to sandboxie
    but after 3 days of playing with the registered version of sandoxie
    i wanted to share with , u what i've learned about some hidden advantages in sandboxie beside its main job of sandboxing and isolating environments

    but for now i'll only begin by 2 great features in sandboxie

    1-forced folders feature "only in the registered version"
    2-internet access "in the resource access settings"

    lets begin

    1-anti-excutable and hips like features

    by using the forced folder feature u can add any drive or even all ur drives so that any program " including malwares , viruses , trojans spywares , ....." if run at any time , it will be forced to run inside the sandboxie , even if autrun automatically , so that u will have the advantage of anti-excutable coz u will know instantly which is running at he moment even if it's automatically autorun , plus the advantage of hips by limiting the behaviour of such autorun malware by running it in the isolated environment of sandboxie , also it can terminate any malware process by the feature of lingering programs , in which sandboxie terminate any excutable that continue excuting after all other programs are ended

    2-protection against autoruns and viruses of the flashdisks and foreign hard disks connected to ur pc

    also u can add the flash drive letters and more drive letters to the forced folder section so that any autorun malware "whatever" is forced to run in the isolated environment of sandboxie causing no harm to ur original hard disk

    3-firewall like features
    depending on the forced folders feature and the internet access feature we can limit the internet access of all the application on ur pc to those applications spicified by u
    depending on 2 facts :

    A)all applications on ur pc will be forced to run sandboxied
    B)we will limit the internet access to all sandboxied applications to few appliactions specified by u

    so that
    the end result is :
    all malwares present on ur pc including trojans , spywares , viruses ,keyloggers ....ect will be prevented to access the internet
    and even if they connected the internet throught another allowed application like for example ur sandboxied browser , it will have nothing to do , because it is only allowed to run in the isolated environment of sandboxie

    that was a summary of some extra-advantages that can be found in sandboxie

    to be continued :,,,,

    continue the 2nd part of the article

    4-sandboxie for registery protection
    register protection is on of the hips specific features
    but using the above mention sandboxie strategy , sandboxie may offer registery protection near to this offered by other hips

    -setting the forced folders settings to cover most of the hard disk
    -setting the registery access for all the sandboxied programs "all the applications on the pc" according to the above condition
    registery access is either
    A) direct access "allowed" registery keys
    B)blocked access "denied"registery keys
    C)read only access

    5-file and folder protection
    also this feature is a hips specific feature and most of the well known hips include such feature
    under the same strategy , sandboxie may offer file and folder protection near to that of hips

    -forced folders feature covering most the pc"all applications on the hard disk
    -setting the file access for all the sandboxied applications "in other words all the applications on the pc includings any present malwares as well"
    A)direct access" files accessible to sandboxied programs"
    B)full acccess"files accessible to sandboxied programs together with installed and downloaded files as well"
    C)blocked access"files not accessible
    D)read only acccess

    also u can set which program is allowed to access certain files
    and which one is completely blocked from reaching certain files

    6-virtualizing feature

    such feature is specific to the instant recovery sofwares like the FD-ISR , deep freeze , my favorite shadow defender , returnil ,.....and so on
    understanding such feature is some what complicated "to little extent"

    what are virtulaization softwares protecting the windows from
    for ex.
    1-installed applications
    2-browser temp files
    3-files copied inside the "c" drive by the simple copy and paste
    4-autorun viruses and worms coming from external media . cd , or flashdisks

    let's take them one by one
    1-installed applications
    all the applications are sandboxied even if u installed one program , the install will run in the sandbox so that no files reach the windows or the program files directory
    but note "sometimes applications when installed sandboxied fails to run coz it fails to reach the registery or due to other causes and allowing registery access may solve most of such installation problems"

    2-drowser temp files
    as the browser is sandboxied , i think there's no problem here as this is the main fuction for which the sandboxie was 1st made

    3-files copied into the system drive
    for me, using a specific application like "burst copy" for copy and paste
    so that running it sandboxied will cause no problem here

    but if u use the normal copy and paste of the windows
    i think it will not also cause any proglem
    because copying 4ex. a movie in the system drive will be so easy for a child to remove or move it to any other non-system drive

    4-autorun viruses , worms , trojans from external media like CDs , and flash disks
    setting the forced folders to cover all the drives that are and that are not yet present on the pc from D:/ to Z:/
    so that any autorun malware on such external media will be automatically sandboxied and isolated completely
    "this will be discussed in details below

    big problem and simple solution

    but while configuring the forced folders settings , u will face a big problem which is some what related to some defects in the sandboxie interface

    when click forced folders ----then add folder---browse window will appear
    and unfortunately u will find drives that are already present on ur hard disk ,
    so how can u add other drives like the any flash disk that will be added to ur pc in the future
    at 1st i used daemon tools and virtual clone drive to make virtual drives to use their letters in the forced folders settings then remove them from the daemon tools
    but after a long search in the sandboxie forum i found a simple solution for this problem depending on editing the configuration notepad file of sandboxie "edit configuration"
    so that u can add any all the drives letters available from D: to Z:


    what is the overall strategy to use sandboxie as the only applcation so that it may replace the hips , firewalls , virtualizing softwares ,
    "strategy sammary"

    1-sandboxie settings ----forced folders----- add folders ----add all the drives EXCEPT "C:" system drive


    please try to imagine with me
    if we added the system drive to the forced folder so that any application on the C: drive will be forced to run sandboxied

    so where is the problemo_O
    Ohhh ,Dear
    the sandboxie itself being installed on C: drive
    when it runs it will be sandboxied , hehe i'm not jocking
    the sandboxie will run sandboxied
    sandboxie will run inside itself
    and when it runs to sandboxie itselt , the latter will be also sandboxied and so on
    a vicious circle will result
    an endless series of sandboxies

    so that when i tried to add the sytem drive to the forced folders , my theory succeeded , and the computer freezed

    back to the strategy
    remember 1-sandboxie settings ----forced folders----- add folders ----add all the drives EXCEPT "C:" system drive

    2-by editing configuration
    we can add all the drive letters available to the forced folders from A: to Z:

    3-using forced programs feature, we can add all the programs installed on the system drive "in the program files "
    so we can add all of them one by one "ofcourse except the sandboxie itself"

    so that all the applications on the hard disks are now covered

    a)adding all the drive of the pc except the system drive to the forced folders section
    b)adding all the installed softwares on the system drive to the forced programs

    and by assuming that ur system drive contains to other hidden programs or malwares "clean system drive"
    now u are supposed to have all the programs on ur pc covered"

    -the non system drives are covered completely "good wares and malwares"
    -the system drive , all the installed programs , assuming that it's clean "fresh windows"

    4-in the internet access settings , u can add the only programs on ur pc that are allowed to acces the internet
    so that all others applications on ur pc "good wares and malwares "will be blocked

    5-continue configuring the sandboxie settings concerning other items :
    -file access
    -registery access
    -IPC access
    -windows access
    -low level access

    after all of that i've mentioned here
    i hope u get some benefit from it
    my friend , all of u are invited to discuss , add or remove whatever u see from all what i mentioned above

    sorry for the long article

    best regards
    Last edited: Sep 20, 2008
  2. hany3

    hany3 Registered Member

    Dec 2, 2007
  3. Peter2150

    Peter2150 Global Moderator

    Sep 20, 2003
    Hi Han3

    While some might object to your applying of terminology, there is no doubt Sandboxie is a marvelous application. Your analysis was excellent. Keep it coming.

  4. hany3

    hany3 Registered Member

    Dec 2, 2007
    hi pete, u know i'm not expert so that there may be some terminaology defects and i'm sorry for that
    that's why i said , hips-like features , firewall like features ... , anti-excutable like ....... and so on

    which means that sandboxie under certain circumstances and with some specific settings may offer some features resembling some of a hips or a firewall software
    and all of the above was trying to analyze and explain how and why is that .

    i very much appreciate ur opinion specially when it comes from a security expert like u
    thank u , and i will
    Last edited: Sep 20, 2008
  5. vijayind

    vijayind Registered Member

    Aug 9, 2008
    I was using SafeSpace earlier. Just thinking of switching and buying SB.
    Thanks, Hany3 for showing me features/functionality I didn't know SB possesed. Now I am even more inclined.... Ok, I am downloading and installing now !!

    If there any more such hidden treasures inside SB, do let everyone know.
  6. HungJuri

    HungJuri Registered Member

    Nov 23, 2007
  7. Peter2150

    Peter2150 Global Moderator

    Sep 20, 2003
  8. Huupi

    Huupi Registered Member

    Sep 2, 2006
    Can anyone confirm that SafeSpace is almost death,i wonder why because it has good reviews here on Wilders.I tested it once but it was not to my liking so switched over to SBIE.
  9. hany3

    hany3 Registered Member

    Dec 2, 2007
    hi folks
    i completed the article
    have a look
  10. hany3

    hany3 Registered Member

    Dec 2, 2007
  11. hany3

    hany3 Registered Member

    Dec 2, 2007
    hi pete
    the article completed with all the related screen shots in the second reply
    sorry for late
  12. minasmwl

    minasmwl Registered Member

    Sep 21, 2008
    hello Doc.
    thank you for your excellent analysis and kind efforts
    long articl but full of precious new information
    i tried your strategy , and it works very well
    go on with this new ideas
  13. EASTER

    EASTER Registered Member

    Jul 28, 2007
    U.S.A. (South)
    Thanks hany3 for your generous study and relaying some useful information along to our attention.

    Personally i get skiddish in spite of the fact SandboxIE is a marvelous invention and strong containment program whenever newer versions which are inevitable are released, mainly due to the .ini syntax structures sometimes changing, but i understand the importance of this too.

    Excellent details. Gonna read them over again continuously and make notes untill certain nothing is been ovelooked on this end.


  14. vijayind

    vijayind Registered Member

    Aug 9, 2008
    see here:

    @Hany3: thanks again, for adding the second part of the article. :thumb:
  15. VanguardLH

    VanguardLH Registered Member

    Sep 10, 2007
    Just tried this after reading some reviews that mentioned SafeSpace. Found that it conflicted with some firewalls, like Comodo's (even with its Defense+ HIPS feature disabled), which severely slowed any app that ran inside of it. Worked okay with just the Windows firewall (in WinXP). Alas, as you suspect, it is definitely a dead product. Read:

    The dev group got disbanded and the code sucked into the parent company (who doesn't have an free versions of their products). Another free sandboxer is lost.

    Alas, Sandboxie degenerates into nagware after the 30-day trial. Being crippled, like not have Forced Programs (that always load a program into a sandbox no matter what parent loaded it as a child process), should've been enough to prod anyone that might consider paying for the product. I won't tolerate nagware ... ever, anymore than I tolerate adware.
    Last edited: Oct 2, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.