What apps do you run sandboxed?

Discussion in 'sandboxing & virtualization' started by Overkill, May 3, 2016.

  1. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    What apps do you all run in sandboxie other than browsers, and are there any that simply wouldn't work sandboxed?

    Here's my current sandboxes
     

    Attached Files:

  2. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Not too many.
     

    Attached Files:

  3. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    What are your settings for powershell?
     
  4. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Code:
    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    BorderColor=#C0C0C0,ttl
    BoxNameTitle=n
    AutoDelete=y
    NeverDelete=n
    ForceProcess=powershell_ise.exe
    ForceProcess=powershell.exe
    NotifyStartRunAccessDenied=y
    ProcessGroup=<StartRunAccess>,powershell.exe
    ClosedIpcPath=!<StartRunAccess>,*
    DropAdminRights=y
    NotifyInternetAccessDenied=y
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Your Sandboxie control looks pretty, I like it :). Here is mine.

    untitled.JPG

    No sandbox named WinRar, 7Zip and HJSplit but I force those programs in one of my Windows explorer sandboxes. To answer your questions. As a Sandboxie user, I want to sandbox all programs that I run in a daily basis. Thats basically what I do. Whenever I am running something in my computers, its running sandboxed. If a program is gonna run in my computers, its got to run sandboxed. No ifs.

    All programs that I run sandboxed, run smoothly and without issue. Fortunately, there are no programs that I like to use that conflict with SBIE but if there was, without hesitation, I would look for something else.

    Bo
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Thats OK, yours look pretty too. :)

    But get rid of the one for Edge. You cant run Edge in a sandbox, its not supported yet.

    Bo
     
  7. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Ok thanks
     
  8. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    I have my browsers sandboxied and winamp in comodo's sandbox.
     
  9. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    I still can't figure out how to run utorrent sandboxed, it gives me an error regarding windows firewall... other than that, all my downloading apps are sandboxed.
    Bo, what is the difference in your 2 IE sandboxes if I may ask?
     
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Why do you do banking in IE instead of FF and chrome?
     
  11. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    I use that browser without any extensions or plugins strictly for banking.
     
  12. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    ahh I see
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    The differences is that one is more restricted than the other. The only reason I have a second sandbox for IE is because I find IE running better with some Sandboxie versions in a less restricted sandboxed environment. When that happens, I switch forcing IE from one sandbox to the other.

    But Firefox, my everyday browser, I run it in five sandboxes. I have four dedicated sandboxes where I run it almost everyday. Some are more restricted than others and some were created for specific purposes. For example, I have one for YouTube and one for streaming live sports, I also have my regular everyday sandbox. And I got one were I allow changes to Firefox settings, NoScript, ABP, out of the sandbox. That way, I can make this changes without having to get out of the sandbox. Most days, I run Firefox in at least 4 sandboxes, mostly done without thinking much about it.

    Bo
     
  14. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    This is my SbieCtrl. It doesn't quite show the real number of programs they handle by just going off each each box name. The highest is the 'Gamez' box {forced folder} which is strictly offline and persistent but holds around 40ish "old" games at any given time along with a few newer ones so that the settings/saves are retained across any OS change/install with minimal effort. [read non cloud enabled]

    The others aren't nearly as populated nor do they have anywhere close to the same number of programs in each box. I suppose the Adobe box comes in second followed by Office [No that's not MS Office] then Origin and Steam. There might be a few other things in each box [despite the original names] but believe it or not the Default box is the strictest of them all and used for any test when I am really drunk/lazy (when am I not?) and don't want to try it in a full VM first.

    In general if it isn't a system/security app with a service or driver, it gets stuck into one of the existing sandboxes especially if it wants to access the internet [possibly temporary]. If it doesn't (somehow) match what I have {in my head} then it goes into a brand new sandbox! Thankfully your post doesn't cover the chaos or complicated rules that my ini holds as a result. :p
     

    Attached Files:

    Last edited: May 4, 2016
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Chrome and Tor browser are forced and I also open some files in it (on demand, using right click option).
     
  16. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    How do you accomplish that? are they installed or portable versions?
     
  17. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    Wow, never thought of making a sandbox for Powershell... that's cool!
     
  18. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    I admit i'm curious :geek:
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    No, I just have one regular Firefox installation. This is the breakdown of the sandboxes were I run Firefox. 1. I force Firefox in my DefaultBox. Thats my regular everyday sandbox. Highly restricted sandbox. 2. I have one set specially for YouTube. I found crashes of Firefox in YT come down to about none by using a so so restricted sandbox. 3. I have one set for streaming baseball, football, sports live. I set this one so I can watch the games. Otherwise, I can not. 4. I have another one were I allow changes in Firefox settings (like Tools>Options and about:config) to be saved out of the sandbox. In this sandbox I can also white list and black list sites in NoScript, I can also add filters for Adblock plus and change settings. This sandbox allows me not have to run Firefox unsandboxed to make this changes. The only time I run Firefox out of the sandbox is to update the browser or addons.

    This is the way I run Firefox in each sandbox. In my defaultBox, I force Firefox and I have sandboxed shortcuts for my YT and Sports sandbox. I place this shortcuts in the taskbar. They look identical but I know exactly when to click on one or the other. And for the settings sandbox, thats the one I call All, which I also use for other things, I right click the SBIE icon by the clock and select to run the browser in the All sandbox.

    Running Firefox this way feels comfortable, is secure and I am used to doing this and do it everyday so is not confusing. Achieving the perfect balance between usability and security is the reason for using different sandboxes for different purposes and setting each as tight as possible without losing any usability is my goal. And I get it done.

    Bo
     
    Last edited: May 4, 2016
  20. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    How do you tell it which sandbox to open in? :confused:
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    I edited my post twice before you posted. Look at the second paragraph.

    Bo
     
  22. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Oh ok... I rarely right click on the icon or use the context menu options so I do sometimes forget about that
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I only force browsers like Opera 12 and Firefox. And of course I test all kinds of apps inside the sandbox, before running them on the real system.
     
  24. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    882
    Location:
    Triassic
    I sandbox FF, Downloads, Thunderbird and my USB drives.
    I use IE with Trusteer EndPoint Protection and found that it and SBIE do not work together. Banking is all I use IE for.
    I use Foxit but it is not on the list of PDF readers in SBIE - I would like to sandbox it but always thought I could not.

    NB: I have Foxit protected under EMET. Not sure if that causes any issues with SB.
     
    Last edited: May 14, 2016
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Emmjay, I have been using Foxit's portable version for at least 5 or 6 years, works very nice with Sandboxie. Never an issue, PDF files runs very smoothly under Sandboxies protection. Very easy program to setup in a dedicated sandbox.

    I think what I am going to tell you is gonna help you in the future. If you don't see a program listed in Sandbox settings>Applications>All applications or in the list of PDF readers, it doesn't mean the program doesn't work with Sandboxie. When you don't see a program listed there it can mean one of two things. 1. The program works so good along Sandboxie, that compatibility settings are not required or 2. The program has an issue with Sandboxie, but settings to work around the issue have not been developed. In the particular case of Foxit, its not listed because the program works great with SBIE.

    The only time I run Foxit out of the sandbox is to upgrade the program, no reason to run any PDF unsandboxed. You can do the same, so go ahead and create a dedicated sandbox. To force Foxit, you add foxitreader.exe. To restrict the sandbox, in Start Run restrictions, add foxitreader.exe to make it the only program thats allowed to run. If you are also using the portable version like myself, then also add foxitreaderportable.exe. You can tick Drop rights and forbid all programs from having access to the internet. Enabling the restrictions trigger SBIE messages about foxitreaderupdater.exe attempting to run and connect to the internet, you can hide those messages and forget about them.

    About the browser and opening PDF files while browsing. I feel safer when browsing and I want to open a PDF, to open the PDF out of the browser. I think viewing PDF files within the browser is less secure. So, I set PDF files in Firefox (my everyday browser) and IE not to run within the browser and in each of the browsers dedicated sandbox, I allow foxitreader.exe and foxitreaderportable.exe to run and nothing from Foxit is allowed to have internet access. Be safer, force Foxit. :)

    Bo
     
    Last edited: May 14, 2016
Loading...