System Volume Information - Sandboxie - DrWeb

Discussion in 'sandboxing & virtualization' started by jpcummins, Oct 26, 2008.

Thread Status:
Not open for further replies.
  1. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    I have been experimenting with Sandboxie and DrWeb. Am I wrong in thinking that if I visit a site while sandboxed and a nasty is present, even though I empty the sandbox contents, that the nasty is added to the System Volume Information folder. I only ask because I recently ran DrWeb and it found a nasty in the System Volume Information folder and moved it. I then turned the System Restore off and ran DrWeb again. This time it indicated the system was clean. I then turned the System Restore on and again visited the site I suspicioned the nasty was at. I emptied the sandbox contents and ran DrWeb again. Again, DrWeb reported the nasty in the System Volume Information folder. I understand that a nasty in the System Volume Information folder is harmless unless I restore to a point prior to the nasty. Am I correct or could I be confused. I have only sandboxed my browser nothing else. And it appears that DrWeb found the suspicious file that other scanners did not. I am liking DrWeb more and more. As always all replies will be appreciated and I thank you in advance.

    John
     
  2. burning_chrome

    burning_chrome Registered Member

    Joined:
    Sep 19, 2008
    Posts:
    15
    From link:
    "Also remember that you (or the OS) might have run System Restore which may have backed up the Sandbox folder (along with any of the files that were in the sandbox, including viruses...)." -SnDPhoenix

    Also, see link, scroll down thread and read post from Sandboxie creator tzuk
     
  3. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
  4. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    Gentlemen, I certainly appreciated your replies. I thought that possibly it was me doing something wrong. But, now that I know there is a problem regarding Windows System Restore and Sandboxie I edited my Sandboxie configuration changing the line C:\Sandbox\%USER%\%SANDBOX% to C:\Temp\Sandbox\%USER%\%SANDBOX%; as suggested by one of the links provided in your posts.

    I wanted to keep Windows System Restore enabled so that I could, if needed, utilize the Restore Points; but I did not want to keep any infected files in the System Volume Information folder after emptying the contents of Sandboxie after a session.

    I know that there is a number of Sandboxie users in this forum and I was wondering if the above solution is the one most commonly used. If there is a better solution I would appreciate hearing it. Hopefully, other users of Sandboxie are aware of this anomaly.

    I believe Sandboxie to be an exceptional program although I seldom use it because I do little surfing.

    John
     
  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hhmmm
    you learn something new every day...

    Is there any downside in changing the sandbox's path to temp?
     
  6. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    Hurst, I don't know if there is a downside or not. I am just not that knowledgeable with Sandboxie. Hopefully, one of the other forum members will be able to answer your question. I also would really like to know.

    John
     
  7. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    What would the downside exactly be? How does the path matter as long as it works?
     
  8. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
    Now would I recco anything with a downside to the Wilders Bunch? :cool: Seriously, the only thing that comes to mind would be a drive cleaner that automatically flushed away folders named 'temp' and under, but I can't think of any offhand that would do that. So if you had programs in a second sandbox and didn't want to lose them, they might be at risk. Adding four characters of course doesn't effect the workings of Sandboxie.
     
Loading...
Thread Status:
Not open for further replies.