What is your security setup these days?

The video plays because the player or the browser does not use drivers. By default, Sandboxie does not allow drivers to install or allow drivers from being loaded by sandboxed programs. If you try to install Avast in a sandbox, Sandboxie will block its drivers when they attempt to install and issue message 2103.
http://www.sandboxie.com/index.php?BlockDrivers

If you want, you can change the way how Sandboxie treats drivers, the instructions are in the link that I posted but it is unsafe to do it. Also, it doesn't make any sense to do what you said you are doing. Avast and Comodo work fine along SBIE when they are installed properly (outside the sandbox), there is nothing to gain even if they could be installed inside a sandbox.

Bo

 

HMP replaced with MBAM Pro. Now all my security setup is based on apps with lifetime licences

 

Baidu Antivirus 2013 looks good with the avira engine and i think it has a hips engine

 

Sure does good buddy. Pretty decent detection for something that is still in beta. Hopefully they'll integrated FireEye from Kingsoft development.

 

jmonge does it even catch EICAR?

 

didnt try

 

I'm pretty happy with what I'm using.

 

Very nice setup bud, I like it

 

Well, HIPS is only as good as it's users implementation. In Paranoid Mode, with tight rule setting is absolutely would make you aware of any malware trying to get away with shady things. But I was referring to the fact that a nasty piece of malware, if recovered to your system, could terminate something like Comodo altogether. Or even botch system files so that SRP or similar couldn't protect you. In that case, you'd be in deep do-do.

Oh how I wish there were an AV with resident file protection "only". No bells & whistles. Only options being to toggle scanning of new downloads, resident file protection, and auto updating on & off. That and scan dept (quick/thorough). That's what I'm looking for.

I love VTHC for new downloads. But still see value in resident file protection. Odds of needing it = about .001%, but it's there.

 

@RADEON0101
Thanks my friend. Your setup is also good. What firewall are you using? And no on-demand second opinion scanner? MBAM and HMP good. Any conflict between NVT ERP and avast!?

 

Hmmm....I gotta check that out and get back to you. When I installed Sandboxie, it automatically included Avast, and Comodo, and the drivers, as far as I can tell. I made no configuration changes upon installation. It never issued message 2103. I have wondered if having a full version of either program running sandboxed could allow malware to escape Sandboxie. You may be right, Bo....I will have to delve into that when I get a day off and a couple extra hours to tinker...thanks for the heads up.

 

Had a few minutes to do a quick check of my Sandboxie settings. What i found was: Avast and Comodo are running without drivers installed, but with direct access. So, Scrolled to Configure/software compatibilty/software settings- unchecked Avast and Comodo, then went to direct access list, and both showed up as removed from direct access. Now hopefully, this will stop a possible breach of Sandboxie, by some nasty malware, attaching itself to either Avast, or Comodo. And a tip of the hat to Bo Elam.....

 

You know Zitch, you don't have those programs installed inside SBIE, you just think you do. Are you thinking that they are installed inside Sandboxie because you enabled "Software compatibility" for both programs? When you apply Software compatibility, you enable settings that are designed to make SBIE work better with other programs but that doesn't place the programs inside SBIE.

Bo

 

Bo, to be honest with you, I don't know how they got in there in the first place! But I am slowly figuring it out....I can see how some people can be confused setting up Sandboxie. Thanks to you and the other folks on this forum, we can have an open discussion on stuff like this. All I know at this point, is: I managed to remove Avast and Comodo from direct access in Sandboxie. I have a hunch that will make changes to the way my system reacts to nasty objects, but my mind will be at ease not worrying about a breach. I can always terminate Sandboxie if a bum script shows up.

 

You should reapply the Software compatibility settings, they are created by Tzuk to take care of conflicts that over time develops between SBIE and other applications. Like I mentioned on my previous post, applying those settings does not place Avast or Comodo inside the sandbox. They make things better (most of the time) and doesn't weaken SBIE.

Bo

 

Ok will do that, but could not remove Avast and Comodo from direct access without first removing them from software compatibility settings....so....

 

If Avast and Comodo are not allowed Direct access to those folders or files that you see there, your AV might not work properly alongside Sandboxie.

Bo

 

Ok, lol....will do.....

 

1. Comodo Internet Security 6 (thanks Chiron for the guide)
2. Sandboxie free for browsing (only Chrome is allowed to Run and Connect to the Internet)
3. Norton DNS (Policy 1: Security)
4. Google Chrome (Adblock plus, LastPass) No Java
5. Zemana Antilogger free
6. Registry trick 1806

End of the story finally...

 

like jmonge, Ikarus.

 

Like a boomerang...back to Avast.

 

Yeah Zitch, I second what Bo says. Simply applying the "compatibility" that SBIE should ask for as soon as it detects such a product is all you should do. Tzuk has painstakingly created the compatibility for each product to allow it's detection/security measures to function within the sandbox, whilst blocking things unnecessary for that essential/beneficial functionality, to keep it safe. You shouldn't do anything further, like allow direct access, etc...

 

I've battened down the hatches on my XP Pro setup adding SandBoxie into the mix


Windows XP Pro SP3 Desktop:

• Running from a Limited User account
• Software Restriction Policy enforcing all software files, all users except administrators
• Jetico v2 Firewall with application network activity control and Process attack filter (HIPS) enabled, monitoring and enforcing for only:
  1. write to application’s memory
  2. modify child process
  3. critical registry modification
  4. Full Attack type monitoring of: C:\Documents and Settings\All Users\*
  
  This nicely compliments SRP with additional process control
  
  
• EMET 3.0, with mainly web-facing and MS Office apps configured
• Several Windows and MS Office settings hardened via configuration in Group Policy Editor
• Firefox with NoScript and AdBlock+ plugins
• SandBoxie beta v4.01.03 for Firefox browser only, with additional restrictions configured for Start/Run access and Internet access for Firefox programs only.
• MBAM on-demand free (used sparingly)
• Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
  
• Several services disabled

 

Added AppGuard to the mix. Have it set on High.
Loving it so far. We'll see how long that lasts.

 

i am trying the beast ?// bitdefender is it is a huge monster but the firewall in paranoid mode is very informative