What is your Sandboxie setup?

Discussion in 'sandboxing & virtualization' started by Konata Izumi, Oct 19, 2011.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Post your sandboxie configurations here. :D

    Code:
    
    [GlobalSettings]
    
    Template=Microsoft_EMET
    
    [UserSettings_267403EA]
    
    SbieCtrl_UserName=MYUSERNAME
    SbieCtrl_NextUpdateCheck=865319034238
    SbieCtrl_UpdateCheckNotify=y
    SbieCtrl_ShowWelcome=n
    SbieCtrl_BoxExpandedView_DefaultBox=y
    SbieCtrl_AutoApplySettings=n
    SbieCtrl_SettingChangeNotify=n
    SbieCtrl_BoxExpandedView_IE9=y
    SbieCtrl_BoxExpandedView_WMP=y
    SbieCtrl_BoxExpandedView_USB=y
    SbieCtrl_HideWindowNotify=n
    SbieCtrl_HideMessage=1308,ie4uinit.exe [IE9]
    SbieCtrl_HideMessage=2222,ie4uinit.exe [IE9]
    SbieCtrl_WindowLeft=200
    SbieCtrl_WindowTop=150
    SbieCtrl_WindowWidth=660
    SbieCtrl_WindowHeight=450
    SbieCtrl_ActiveView=40021
    SbieCtrl_BoxExpandedView_USER=y
    SbieCtrl_BoxExpandedView_IM=n
    SbieCtrl_BoxExpandedView_P2P=y
    SbieCtrl_BoxExpandedView_Tools=y
    SbieCtrl_EnableLogonStart=y
    SbieCtrl_EnableAutoStart=y
    SbieCtrl_AddDesktopIcon=n
    SbieCtrl_AddQuickLaunchIcon=n
    SbieCtrl_AddContextMenu=y
    SbieCtrl_AddSendToMenu=y
    
    [DefaultBox]
    
    ConfigLevel=7
    Template=BlockPorts
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=%AppData%\Microsoft\Windows\Pidgin\
    ClosedFilePath=%AppData%\BitTorrent\
    ClosedFilePath=C:\Program Files\BitTorrent\
    
    [IE9]
    
    ConfigLevel=7
    Template=IExplore_Force
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    DropAdminRights=y
    ForceFolder=C:\Program Files\Internet Explorer
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,iexplore.exe
    ProcessGroup=<InternetAccess>,iexplore.exe
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=%AppData%\Microsoft\Windows\Pidgin\
    ClosedFilePath=%AppData%\BitTorrent\
    ClosedFilePath=C:\Program Files\BitTorrent\
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    NotifyStartRunAccessDenied=y
    ClosedIpcPath=!<StartRunAccess>,*
    
    [WMP]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    DropAdminRights=y
    ForceProcess=wmplayer.exe
    ForceFolder=C:\Program Files\Windows Media Player
    NotifyStartRunAccessDenied=y
    ProcessGroup=<StartRunAccess>,wmplayer.exe
    ClosedIpcPath=!<StartRunAccess>,*
    NotifyInternetAccessDenied=y
    ClosedFilePath=InternetAccessDevices
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=%AppData%\Microsoft\Windows\Pidgin\
    ClosedFilePath=%AppData%\BitTorrent\
    ClosedFilePath=C:\Program Files\BitTorrent\
    
    [USB]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    DropAdminRights=y
    NotifyInternetAccessDenied=y
    ForceFolder=B:\
    ForceFolder=A:\
    ForceFolder=Z:\
    ForceFolder=Y:\
    ForceFolder=X:\
    ForceFolder=W:\
    ForceFolder=V:\
    ForceFolder=U:\
    ForceFolder=T:\
    ForceFolder=S:\
    ForceFolder=R:\
    ForceFolder=Q:\
    ForceFolder=P:\
    ForceFolder=O:\
    ForceFolder=N:\
    ForceFolder=M:\
    ForceFolder=L:\
    ForceFolder=K:\
    ForceFolder=J:\
    ForceFolder=I:\
    ForceFolder=H:\
    ForceFolder=G:\
    ForceFolder=F:\
    ForceFolder=E:\
    ClosedFilePath=InternetAccessDevices
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=%AppData%\Microsoft\Windows\Pidgin\
    ClosedFilePath=%AppData%\BitTorrent\
    ClosedFilePath=C:\Program Files\BitTorrent\
    
    [USER]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    ForceFolder=D:\Videos
    ForceFolder=D:\Pictures
    ForceFolder=D:\Music
    ForceFolder=D:\Links
    ForceFolder=D:\Favorites
    ForceFolder=D:\Downloads
    ForceFolder=D:\Documents
    ForceFolder=D:\Desktop
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ClosedFilePath=%AppData%\Microsoft\Windows\Pidgin\
    ClosedFilePath=%AppData%\BitTorrent\
    ClosedFilePath=C:\Program Files\BitTorrent\
    
    [IM]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ClosedFilePath=%AppData%\BitTorrent\
    ClosedFilePath=C:\Program Files\BitTorrent\
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    DropAdminRights=y
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,pidgin.exe
    ProcessGroup=<InternetAccess>,pidgin.exe
    NotifyStartRunAccessDenied=y
    ClosedIpcPath=!<StartRunAccess>,*
    ForceProcess=pidgin.exe
    ForceFolder=C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Pidgin
    
    [P2P]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    ClosedFilePath=%AppData%\Microsoft\Windows\Pidgin\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ForceProcess=bittorrent.exe
    DropAdminRights=y
    NotifyStartRunAccessDenied=y
    ProcessGroup=<InternetAccess>,bittorrent.exe
    ProcessGroup=<StartRunAccess>,bittorrent.exe
    ClosedIpcPath=!<StartRunAccess>,*
    NotifyInternetAccessDenied=y
    OpenFilePath=bittorrent.exe,%AppData%\BitTorrent\
    OpenFilePath=bittorrent.exe,%{374DE290-123F-4565-9164-39C4925E467B}%\
    
    [Tools]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#00FF00,ttl
    Enabled=y
    BoxNameTitle=n
    ClosedFilePath=C:\Program Files\BitTorrent\
    ClosedFilePath=%AppData%\BitTorrent\
    ClosedFilePath=%AppData%\Microsoft\Windows\Pidgin\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ForceFolder=D:\Tools
    
     
    Last edited: Oct 19, 2011
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Oh I like that USB sandbox you got there. Mind if I borrow that?
     
  3. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    go ahead :-*
     
  4. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I was looking for a way to isolate my flash drive. I have PCAV pro running disable autorun but I was looking for sandboxie to tighten things up. Thanks for the inspiration. :)
     
  5. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I just add a password (Lock Configuration), more convenient for me.
     
  7. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    When I included drive D in the File Access - Block Access...my Firefox browser could not access it when I want to submit some file from that drive. So now, sandboxie really have assured me that it really works effectively. So in order for me to access that drive, I have to remove drive D in the Block Access and just transferred it into Read Only Access. I have to re-start Sandboxie coz change didn't work until I restart it.

    This is what comes out when I try to click the Block Access drive.
     

    Attached Files:

  8. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Here's my setup on Blocked Access and Read Only Access.
     

    Attached Files:

  9. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I was wondering what have you put on your Registry Access - Blocked Access and Read Only Access?
     

    Attached Files:

    Last edited: Nov 5, 2011
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Hi Sweater

    I also have my files blocked, but rather then mess with Sandboxie settings, if I want to send a file in my browser, I just copy it to my desktop and send it.

    Pete
     
  11. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    @sweater, I have added Registry/Read Only Access to entire C:\

    Nothing has ever been flagged violating this rule. But who knows.
     
  12. Spruce

    Spruce Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    291
    I have browsers and e-mail client sandboxed, restricted browsers to read only windows folder and blocked access to data folders + automatic cleaning when inactive, e-mail client restricted to read only access to windows folder.
    Any useful improvements that I can do to my setup? :)
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Block everything I can possibly block until the application breaks =p
     
  14. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I've got nothing to do tonight... I will try this ^ :D
     
  15. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Hi,

    I've some confusions. Can anybody help me clear them?

    If I add panda and malwarebytes antimalware folders to block access under file access, sandboxed programs like firefox cannot access them right? But will panda and malwarebytes be able to access firefox? I mean panda and panda url filtering have web protection and web filtering, scans downloads and malwarebytes provides executable protection and website block.

    And what is IPC? There are some files present in the direct access under IPC such as keyscrambler and panda. So why are they there if I've not added them? now that sandboxed programs can access these files , will there be any threat?

    I want sandbox settings to be as hard as possible but also allow programs like panda and malwarebytes to scan the downloads within the sandbox before recovering them and also provide web protections.
     
  16. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    yes, I think Panda and MBAM will be able to access your sandbox folders at least the realtime file scanning, not 100% sure on web filtering... you can test it.

    I don't have those entries in my IPC > direct access setting.

    you might have previously had Keyscrambler and Panda before and Sandboxie is detecting and it automatically add those entries as part of its Software Compatibility feature.

    you can remove those entries if you don't have the said softwares.
     
  17. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    ah! what a relief...I'll test if web filtering is still functioning 100%...

    I think you maybe absolutely right. Now as you know there exists some rootkit and malware which can break av and security program's self-defense and take control over them. And under Direct IPC Access it says,'The following NT IPC objects will be directly accessible to programs running in this sandbox, without any effects of sandboxing.' So by letting those panda and keyscrambler entries in the IPC Direct Access for better compatibility with sandboxie, am I not risking the entries of the malwares?

    glad to know...

    one more thing...if I do the same as sweater did in post 8, I do not have to add any entries in the blocked access and read only access under registry access, do I? I mean registries are in the windows and program folders...so if sandboxed programs cannot access the folders or only read them then there is no need to block any registries separately, right?

    And also if I lockdown the settings of a sandbox using passwords, will it prevent malwares from changing it?

    thx for the help Konata..:)
     
    Last edited: Nov 6, 2011
  18. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    @ ams963

    If you if you right click a sandbox - in Sandboxie control panel, under Applications/Security+Privacy ... you should see listed Panda & Keyscrambler, etc. If you tick those they will function within sandboxes. They might have auto enabled already, Sandboxie usually does. So no further access rights need manually added.
     
  19. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    ah! I see. But does that also mean apps like spyshelter or malwarebytes antimalware pro which are not listed in the security+privacy under application may not work/function within a sandbox? And so further access rights need to be manually needed, right? If so, what might those entries be?

    And what about my other questions:
     
  20. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Hi, if you don't see an application you use daily listed ... my advice is contact Tzuk, either over at Sandboxie forum, or email him directly - I did this with Bookmarkbuddy - he added compatibility into the next build (about a month or two later). He might not answer personal emails right away but he has a good track record to helping out whatever the problem. Plus this improves Sandboxie for everyone.

    And yes by adding allowances for applications to make your experiences for daily use in the sandbox easier/safer ... you might be running the risk. Nothing is going to be 100% guaranteed, anyway. You have to decide if you want to take the risk. But you trust your anti virus & keyscrambler, right?

    Your anti virus will need this setting to function. It is possible to run a pure sandbox and have your anti virus even excluded from access rights. It's up to you.
     
  21. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Also ...

    Sandboxed applications >>> can access system to function >>> the system writes though exist only in the sandbox virtual registry. This is why an auto deleting sandbox at the end of every session is a must, IMO. Untill that sandbox is deleted the affects of anything malicious will be felt on your system. But yes, you don't really need to block specific registry entries. By default you're protected.


    You can take sandbox protection one step further and give file read-only access to C:\, but there is next to no useful functionality. It's all finding the minimal rescources an application needs to function.
     
  22. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,126
    cool topic

    can i copy your code?

    i did not understand
    [USER] & [USB]
    i meam what do you run inside ?

    cheers
     
  23. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    sure.

    I merged [USER] and [USB] I'll post my configuration later.
    I configured [USER]/[USB] sandboxes to intercept anything that might execute in those areas because I don't want anything from those places to touch my system :D


    EDIT: My new SBIE setup

    Code:
    [GlobalSettings]
    
    ForceDisableAdminOnly=y
    Template=Microsoft_EMET
    
    [UserSettings_00DA006D]
    
    SbieCtrl_UserName=MyUsername
    SbieCtrl_NextUpdateCheck=865320647326
    SbieCtrl_UpdateCheckNotify=y
    SbieCtrl_ShowWelcome=n
    SbieCtrl_EnableLogonStart=y
    SbieCtrl_EnableAutoStart=y
    SbieCtrl_AddDesktopIcon=n
    SbieCtrl_AddQuickLaunchIcon=n
    SbieCtrl_AddContextMenu=y
    SbieCtrl_AddSendToMenu=y
    SbieCtrl_HideWindowNotify=n
    SbieCtrl_WindowLeft=562
    SbieCtrl_WindowTop=253
    SbieCtrl_WindowWidth=660
    SbieCtrl_WindowHeight=450
    SbieCtrl_ActiveView=40021
    SbieCtrl_BoxExpandedView_DefaultBox=n
    SbieCtrl_AutoApplySettings=n
    SbieCtrl_SettingChangeNotify=n
    SbieCtrl_BoxExpandedView_IE=y
    SbieCtrl_HideMessage=1308,ie4uinit.exe [IE]
    SbieCtrl_HideMessage=2222,ie4uinit.exe [IE]
    SbieCtrl_HideMessage=1307,wmplayer.exe [Media]
    SbieCtrl_HideMessage=2221,wmplayer.exe [Media]
    SbieCtrl_BoxExpandedView_Media=y
    SbieCtrl_BoxExpandedView_User=y
    SbieCtrl_BoxExpandedView_Game=y
    SbieCtrl_BoxExpandedView_IM=y
    SbieCtrl_BoxExpandedView_P2P=n
    SbieCtrl_ReloadConfNotify=n
    
    [DefaultBox]
    
    ConfigLevel=7
    Template=BlockPorts
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    BorderColor=#000000,ttl
    Enabled=y
    BoxNameTitle=n
    CopyLimitKb=239152
    DropAdminRights=y
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=C:\Program Files\Windows Journal\
    ClosedFilePath=C:\Program Files\Windows Mail\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\VideoLAN\
    ClosedFilePath=%AppData%\uTorrent\
    ClosedFilePath=C:\Program Files\uTorrent\
    
    [IE]
    
    ConfigLevel=7
    Template=IExplore_Force
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#000000,ttl
    Enabled=y
    BoxNameTitle=n
    CopyLimitKb=239152
    DropAdminRights=y
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,iexplore.exe
    ProcessGroup=<InternetAccess>,iexplore.exe
    ClosedFilePath=C:\Program Files\Windows Journal\
    ClosedFilePath=C:\Program Files\Windows Mail\
    ClosedFilePath=C:\Program Files\Windows Media Player\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\VideoLAN\
    ClosedFilePath=%AppData%\uTorrent\
    ClosedFilePath=C:\Program Files\uTorrent\
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    NotifyStartRunAccessDenied=y
    ClosedIpcPath=!<StartRunAccess>,*
    ForceFolder=C:\Program Files\Internet Explorer
    
    [Media]
    
    ConfigLevel=7
    Template=BlockPorts
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    BorderColor=#000000,ttl
    Enabled=y
    BoxNameTitle=n
    CopyLimitKb=239152
    DropAdminRights=y
    NotifyInternetAccessDenied=y
    NotifyStartRunAccessDenied=y
    ProcessGroup=<StartRunAccess>,wmplayer.exe,vlc.exe
    ClosedIpcPath=!<StartRunAccess>,*
    ForceProcess=wmplayer.exe
    ForceProcess=vlc.exe
    ForceFolder=C:\Program Files\VideoLAN
    ForceFolder=C:\Program Files\Windows Media Player
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=C:\Program Files\Windows Journal\
    ClosedFilePath=C:\Program Files\Windows Mail\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=InternetAccessDevices
    ClosedFilePath=%AppData%\uTorrent\
    ClosedFilePath=C:\Program Files\uTorrent\
    
    [User]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#000000,ttl
    Enabled=y
    BoxNameTitle=n
    CopyLimitKb=239152
    DropAdminRights=y
    ForceFolder=D:\Videos
    ForceFolder=D:\Searches
    ForceFolder=D:\Saved Games
    ForceFolder=D:\Pictures
    ForceFolder=D:\Music
    ForceFolder=D:\Links
    ForceFolder=D:\Favorites
    ForceFolder=D:\Downloads
    ForceFolder=D:\Documents
    ForceFolder=D:\Desktop
    ForceFolder=D:\Contacts
    ForceFolder=B:\
    ForceFolder=A:\
    ForceFolder=Z:\
    ForceFolder=Y:\
    ForceFolder=X:\
    ForceFolder=W:\
    ForceFolder=V:\
    ForceFolder=U:\
    ForceFolder=T:\
    ForceFolder=S:\
    ForceFolder=R:\
    ForceFolder=Q:\
    ForceFolder=P:\
    ForceFolder=O:\
    ForceFolder=N:\
    ForceFolder=M:\
    ForceFolder=L:\
    ForceFolder=K:\
    ForceFolder=J:\
    ForceFolder=I:\
    ForceFolder=H:\
    ForceFolder=G:\
    ForceFolder=F:\
    ForceFolder=E:\
    NotifyInternetAccessDenied=y
    ClosedFilePath=InternetAccessDevices
    ClosedFilePath=C:\Program Files\VideoLAN\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Windows Mail\
    ClosedFilePath=C:\Program Files\Windows Journal\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=%AppData%\uTorrent\
    ClosedFilePath=C:\Program Files\uTorrent\
    
    [Game]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#000000,ttl
    Enabled=y
    BoxNameTitle=n
    CopyLimitKb=239152
    NeverDelete=y
    DropAdminRights=y
    ClosedFilePath=C:\Program Files\VideoLAN\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Windows Mail\
    ClosedFilePath=C:\Program Files\Windows Journal\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=%AppData%\uTorrent\
    ClosedFilePath=C:\Program Files\uTorrent\
    
    [IM]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#000000,ttl
    Enabled=y
    BoxNameTitle=n
    CopyLimitKb=239152
    NeverDelete=y
    DropAdminRights=y
    ClosedFilePath=C:\Program Files\VideoLAN\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Windows Mail\
    ClosedFilePath=C:\Program Files\Windows Journal\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=%AppData%\uTorrent\
    ClosedFilePath=C:\Program Files\uTorrent\
    
    [P2P]
    
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=LingerPrograms
    Template=BlockPorts
    BorderColor=#000000,ttl
    Enabled=y
    BoxNameTitle=n
    CopyLimitKb=239152
    DropAdminRights=y
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\Program Files\Windows Mail\
    ClosedFilePath=C:\Program Files\Windows Journal\
    ClosedFilePath=C:\Program Files\Internet Explorer\
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    ForceProcess=utorrent.exe
    ForceFolder=C:\Users\L\AppData\Roaming\uTorrent
    ForceFolder=C:\Program Files\uTorrent
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,vlc.exe,utorrent.exe,explorer.exe
    ProcessGroup=<InternetAccess>,utorrent.exe
    NotifyStartRunAccessDenied=y
    ClosedIpcPath=!<StartRunAccess>,*
    OpenFilePath=utorrent.exe,%AppData%\uTorrent\
    OpenFilePath=utorrent.exe,%{374DE290-123F-4565-9164-39C4925E467B}%\
    
     
    Last edited: Nov 7, 2011
  24. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I have changed some settings and added more in the Blocked Access box...that is aside from anti-virus, antispywares I also added all media players, some programs, videos, music, games, and some folders. That I guess are possibly vulnerable to attacks when surfing the net.

    Also, when I added Documents and settings in Read Only Access I experience problem, I couldn't open firefox so I removed it and changed or put instead my Documents (personal) and everything works smoothly. That is I suggest that if some problem/s occured after tweaking/changing Sandboxie (or some of your program/s) don't make an immediate re-installation, check first what you've done w/ Sandboxie and try to re-configure the settings.

    So, here's the new settings in Read Only Access:
     

    Attached Files:

  25. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This is what I used for a baseline for a long time. My current setup is just a little different. I made use of templates as I configured the whole thing with the .ini file rather than the gui.

    I have been avoiding using it on x64 very much because I am being lazy when it comes to "program files" and "program files (x86)". I hate that part of the OS. One of these days I will spruce this up to work on x64, but until then I just use a default box and delete it all the time.

    Code:
    [GlobalSettings]
    
    FileRootPath=C:\Sandbox\%SANDBOX%
    ProcessGroup=<InternetAccess_Kmeleon>,foxit.exe,winget.exe,k-meleon.exe,sandboxiecrypto.exe
    ProcessGroup=<InternetAccess_Firefox>,foxit.exe,firefox.exe,sandboxiecrypto.exe
    ProcessGroup=<InternetAccess_IE>,foxit.exe,iexplore.exe,sandboxiecrypto.exe
    ProcessGroup=<InternetAccess_Iron>,foxit.exe,iron.exe,sandboxiecrypto.exe
    ProcessGroup=<InternetAccess_Opera>,foxit.exe,opera.exe,sandboxiecrypto.exe
    ProcessGroup=<InternetAccess_Browsers>,foxit.exe,iexplore.exe,firefox.exe,k-meleon.exe,opera.exe,sandboxiecrypto.exe
    ProcessGroup=<InternetAccess_LiveMail>,k-meleon.exe,opera.exe,wlmail.exe,sandboxiecrypto.exe
    ProcessGroup=<InternetAccess_MediaPlayers>,vlc.exe,mplayer2.exe,wmplayer.exe,sandboxiecrypto.exe
    Tmpl.UserAppData=c:\Users\%user%\AppData\Roaming
    Tmpl.UserCache=c:\Users\%user%\AppData\Local\Microsoft\Windows\Temporary Internet Files
    Tmpl.UserCookies=C:\Users\%user%\AppData\Roaming\Microsoft\Windows\Cookies
    Tmpl.UserDesktop=c:\Users\%user%\Desktop
    Tmpl.UserDownloads=c:\Users\%user%\Downloads
    Tmpl.UserFavorites=c:\Users\%user%\Favorites
    Tmpl.UserHistory=C:\Users\%user%\AppData\Local\Microsoft\Windows\History
    Tmpl.UserLocalAppData=C:\Users\%user%\AppData\Local
    Tmpl.UserLocalSettings=C:\Users\%user%\AppData\Local
    Tmpl.UserMyDocuments=c:\Users\%user%\Documents
    Tmpl.UserMyMusic=c:\Users\%user%\Music
    Tmpl.UserMyPictures=c:\Users\%user%\Pictures
    Tmpl.UserPrograms=C:\Users\%user%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    Tmpl.UserStartMenu=C:\Users\%user%\AppData\Roaming\Microsoft\Windows\Start Menu
    Tmpl.UserStartup=C:\Users\%user%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Tmpl.CommonAppData=c:\ProgramData
    Tmpl.CommonDesktop=c:\Users\Public\Desktop
    Tmpl.CommonDocuments=C:\Users\Public\Documents
    Tmpl.CommonFavorites=C:\Users\Public\Favorites
    Tmpl.CommonPrograms=C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    Tmpl.CommonStartMenu=C:\ProgramData\Microsoft\Windows\Start Menu
    Tmpl.CommonStartup=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Tmpl.CommonMusic=c:\Users\Public\Music
    Tmpl.CommonPictures=c:\Users\Public\Pictures
    Tmpl.CommonVideo=c:\Users\Public\Videos
    ForceDisableSeconds=10
    
    [UserSettings_0574015E]
    
    SbieCtrl_UserName=sully
    SbieCtrl_ShowWelcome=N
    SbieCtrl_NextUpdateCheck=1555555555
    SbieCtrl_UpdateCheckNotify=Y
    SbieCtrl_WindowLeft=58
    SbieCtrl_WindowTop=205
    SbieCtrl_WindowWidth=660
    SbieCtrl_WindowHeight=450
    SbieCtrl_Hidden=Y
    SbieCtrl_ActiveView=40021
    SbieCtrl_ReSyncContextMenu=N
    SbieCtrl_AutoApplySettings=n
    SbieCtrl_SettingChangeNotify=N
    SbieCtrl_HideWindowNotify=N
    SbieCtrl_ReloadConfNotify=N
    SbieCtrl_ColWidthProcName=250
    SbieCtrl_ColWidthProcId=70
    SbieCtrl_ColWidthProcTitle=310
    SbieCtrl_EnableLogonStart=Y
    SbieCtrl_EnableAutoStart=Y
    SbieCtrl_AddDesktopIcon=N
    SbieCtrl_AddQuickLaunchIcon=N
    SbieCtrl_AddContextMenu=Y
    SbieCtrl_AddSendToMenu=N
    SbieCtrl_EditConfNotify=n
    SbieCtrl_ShouldDeleteNotify=N
    SbieCtrl_AutoRunSoftCompat=n
    SbieCtrl_BoxExpandedView_DefaultBox=y
    SbieCtrl_BoxExpandedView_Browsers_box=y
    SbieCtrl_BoxExpandedView_Downloads_box=y
    SbieCtrl_BoxExpandedView_Firefox_box=y
    SbieCtrl_BoxExpandedView_IE_box=y
    SbieCtrl_BoxExpandedView_Kmeleon_box=y
    SbieCtrl_BoxExpandedView_LiveMail_box=n
    SbieCtrl_BoxExpandedView_MediaPlayer_box=y
    SbieCtrl_BoxExpandedView_Opera_box=y
    SbieCtrl_BoxExpandedView_Live_Test_box=y
    SbieCtrl_BoxExpandedView_irron=y
    SbieCtrl_BoxExpandedView_Iron_box=y
    SbieCtrl_HideMessage=1301,iron.exe
    SbieCtrl_BoxExpandedView_TESTT=y
    
    [Template_Local_LockDrives]
    
    Tmpl.Title=LockDrives
    Tmpl.Class=Local
    
    [Template_Local_Lock_Autorun_Registry]
    
    Tmpl.Title=Lock_Autorun_Registry
    Tmpl.Class=Local
    ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
    ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
    ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    ReadKeyPath=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    ReadKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    ReadKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
    ReadKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
    ReadKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\
    
    [Template_Local_Lock_Autorun_Directory]
    
    Tmpl.Title=Lock_Autorun_Directory
    Tmpl.Class=Local
    ReadFilePath=%Tmpl.UserStartup%
    ReadFilePath=%Tmpl.CommonStartup%
    
    [Template_Local_Lock_Root_Files]
    
    Tmpl.Title=Lock_Root_Files
    Tmpl.Class=Local
    ReadFilePath=C:\AUTOEXEC.BAT
    ReadFilePath=C:\bootmgr
    ReadFilePath=C:\Config.sys
    ReadFilePath=C:\IO.sys
    ReadFilePath=C:\MSDOS.sys
    
    [Template_Local_Recover_Folders]
    
    Tmpl.Title=Recover_Folders
    Tmpl.Class=Local
    AutoRecover=y
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    
    [Template_Local_Deny_All_Network_Access]
    
    Tmpl.Title=Deny_All_Network_Access
    Tmpl.Class=Local
    ClosedFilePath=\Device\RawIp6
    ClosedFilePath=\Device\Udp6
    ClosedFilePath=\Device\Tcp6
    ClosedFilePath=\Device\Ip6
    ClosedFilePath=\Device\RawIp
    ClosedFilePath=\Device\Udp
    ClosedFilePath=\Device\Tcp
    ClosedFilePath=\Device\Ip
    ClosedFilePath=\Device\Afd*
    
    [Template_Local_Allow_Direct_Access]
    
    Tmpl.Title=Allow_Direct_Access
    Tmpl.Class=Local
    OpenFilePath=%Tmpl.UserDownloads%
    
    [Template_Local_IE]
    
    Tmpl.Title=IE
    Tmpl.Class=Local
    Template=IExplore_Favorites_DirectAccess
    Template=IExplore_Favorites_RecoverFolder
    Template=IExplore_Cookies_DirectAccess
    Template=IExplore_Feeds_DirectAccess
    Template=IExplore_ProtectedStorage
    Template=IExplore_Credentials
    ClosedFilePath=!<InternetAccess_IE>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_IE>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_IE>,\Device\Ip
    ClosedFilePath=!<InternetAccess_IE>,\Device\Afd*
    NotifyInternetAccessDenied=y
    
    [Template_Local_Firefox]
    
    Tmpl.Title=Firefox
    Tmpl.Class=Local
    Template=Firefox_Bookmarks_DirectAccess
    Template=Firefox_Cookies_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Ip
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Afd*
    NotifyInternetAccessDenied=y
    
    [Template_Local_Iron]
    
    Tmpl.Title=Iron
    Tmpl.Class=Local
    Template=Iron_Force
    Template=Firefox_Phishing_DirectAccess
    Template=Iron_Profile_DirectAccess
    ClosedFilePath=!<InternetAccess_Iron>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_Iron>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_Iron>,\Device\Ip
    ClosedFilePath=!<InternetAccess_Iron>,\Device\Afd*
    NotifyInternetAccessDenied=y
    
    [Template_Local_Kmeleon]
    
    Tmpl.Title=Kmeleon
    Tmpl.Class=Local
    ClosedFilePath=!<InternetAccess_Kmeleon>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_Kmeleon>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_Kmeleon>,\Device\Ip
    ClosedFilePath=!<InternetAccess_Kmeleon>,\Device\Afd*
    NotifyInternetAccessDenied=y
    OpenFilePath=k-meleon.exe,%AppData%\k-meleon\*\cookies.txt
    OpenFilePath=k-meleon.exe,%AppData%\k-meleon\*\bookmarks.html
    OpenFilePath=k-meleon.exe,%AppData%\k-meleon\*\opera.adr
    
    [Template_Local_Opera]
    
    Tmpl.Title=Opera
    Tmpl.Class=Local
    Template=Opera_Force
    Template=Opera_Bookmarks_DirectAccess
    ClosedFilePath=!<InternetAccess_Opera>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_Opera>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_Opera>,\Device\Ip
    ClosedFilePath=!<InternetAccess_Opera>,\Device\Afd*
    NotifyInternetAccessDenied=y
    
    [Iron_box]
    
    Enabled=yes
    ConfigLevel=6
    Template=Local_Recover_Folders
    Template=Local_Lock_Autorun_Registry
    Template=Local_Lock_Autorun_Directory
    Template=Local_Lock_Root_Files
    Template=Local_Allow_Direct_Access
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    Template=Local_Iron
    
    [Firefox_box]
    
    Enabled=yes
    ConfigLevel=6
    Template=Local_Recover_Folders
    Template=Local_Lock_Autorun_Registry
    Template=Local_Lock_Autorun_Directory
    Template=Local_Lock_Root_Files
    Template=Local_Allow_Direct_Access
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    Template=Local_Firefox
    ForceProcess=Firefox.exe
    
    [IE_box]
    
    Enabled=yes
    ConfigLevel=6
    Template=Local_Recover_Folders
    Template=Local_Lock_Autorun_Registry
    Template=Local_Lock_Autorun_Directory
    Template=Local_Lock_Root_Files
    Template=Local_Allow_Direct_Access
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    Template=Local_IE
    ForceProcess=IExplore.exe
    
    [Downloads_box]
    
    Enabled=yes
    ConfigLevel=6
    Template=Local_Recover_Folders
    Template=Local_Lock_Autorun_Registry
    Template=Local_Lock_Autorun_Directory
    Template=Local_Lock_Root_Files
    Template=Local_Allow_Direct_Access
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    Template=Local_Deny_All_Network_Access
    ForceFolder=c:\Users\%user%\Downloads
    ClosedFilePath=\Device\Mup\
    
    [Live_Test_box]
    
    Enabled=yes
    ConfigLevel=6
    Template=Local_Lock_Autorun_Registry
    Template=Local_Lock_Autorun_Directory
    Template=Local_Lock_Root_Files
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    
    [Browsers_box]
    
    Enabled=yes
    ConfigLevel=6
    Template=Local_Recover_Folders
    Template=Local_Lock_Autorun_Registry
    Template=Local_Lock_Autorun_Directory
    Template=Local_Lock_Root_Files
    Template=Local_Allow_Direct_Access
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    ClosedFilePath=!<InternetAccess_Browsers>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_Browsers>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_Browsers>,\Device\Ip
    ClosedFilePath=!<InternetAccess_Browsers>,\Device\Afd*
    NotifyInternetAccessDenied=y
    
    [MediaPlayer_box]
    
    Enabled=yes
    ConfigLevel=6
    Template=Local_Recover_Folders
    Template=Local_Lock_Autorun_Registry
    Template=Local_Lock_Autorun_Directory
    Template=Local_Lock_Root_Files
    Template=Local_Allow_Direct_Access
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    ForceProcess=vlc.exe
    ForceProcess=wmplayer.exe
    ForceProcess=mplayer2.exe
    ClosedFilePath=!<InternetAccess_MediaPlayers>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_MediaPlayers>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_MediaPlayers>,\Device\Ip
    ClosedFilePath=!<InternetAccess_MediaPlayers>,\Device\Afd*
    NotifyInternetAccessDenied=y
    
    
    Sul.
     
Loading...
Thread Status:
Not open for further replies.