3rd party AV with Sandboxie, or not?

Status
Not open for further replies.

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I understand that Sandboxie has not updated their templates since they were bought by Invincea, and that there is a potential for Sandboxie to interfere with the functioning of the AV, due to Sandboxie's agressive hooks into the Windows kernel, and other reasons. They recommend to use the native Windows Defender, which doesn't conflict.

What do you Sandboxie users run on your PCs? WD, or third-party AV? Or you aren't so concerned about AV, since you are sandboxed anyway?

I was using Webroot SA, but I saw that SBIE doesn't even have a template for it at all, and furthermore, webroot has its own sandbox feature, and that made me concerned about hidden conflicts.
 

Sandboxie Help

From Sandboxie
Verified
Developer
Feb 26, 2016
23
Correction. A/V conflicts with Sandboxie. Please get that straight. And we list the conflicts. We don't hide that.

The aggressive hooks are needed, but unless you're a Dev supporting a program that has to work with Windows XP -Win 10 while working with a multitude of browsers, programs, security, tokens, etc.etc.etc.etc.etc. it's hard to grasp.

There are 6 million A/V vendors it seems like. It's not our job to work with EVERY ONE of them. As we have our own proven, industry leading function to do...sandboxing-isolation- A container. Sorry we didn't dedicate resources to one particular A/V vendor. Your priorities are wrong it appears. Do you want to rely on A/V? Or proven containment????

The templates open up holes in the sandbox and/or allow the A/V to work by ignoring the SB container. There are many other A/V software we've tested that works with SBIE. That's updated in our forum regularly and other long term, seasoned SBIE users have agreed Defender is all you need if your are curious what MAY be in the sandbox.

Again, if SBIE is your primary protection, then the "extra" layer is just that...a feel good layer to see what is in the Sandbox.

As for templates, That's not only an invincea issue. The original creator of SBIE wasn't a fan of templates either. Why should we waste resources on making A/V work with us when it's not needed overall & usually directly interferes with our product? We do that as a courtesy.

As for other "Sandboxing" programs, well.... All I can say, there is only one Sandboxie. Proven. For over a decade. With 4+ million users.

But you have Webroot....
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
There are 6 million A/V vendors it seems like. It's not our job to work with EVERY ONE of them. As we have our own proven, industry leading function to do...sandboxing-isolation- A container. Sorry we didn't dedicate resources to one particular A/V vendor. Your priorities are wrong it appears. Do you want to rely on A/V? Or proven containment????
Hey, I use Sandboxie too, my intent was not to criticize. You're doing a great job over there. I am just asking the community for input and advice, since I'm not a dev or a tester, and an ordinary user like me will let files out of the sandbox sooner or later, so it's good to have an effective AV as well. After all, some malware hides itself in a virtualized environment, so you can never be sure.
The goal is multi-layered protection, in my opinion.
 

Morvotron

Level 7
Verified
Mar 24, 2015
307
Correction. A/V conflicts with Sandboxie. Please get that straight. And we list the conflicts. We don't hide that.

The aggressive hooks are needed, but unless you're a Dev supporting a program that has to work with Windows XP -Win 10 while working with a multitude of browsers, programs, security, tokens, etc.etc.etc.etc.etc. it's hard to grasp.

There are 6 million A/V vendors it seems like. It's not our job to work with EVERY ONE of them. As we have our own proven, industry leading function to do...sandboxing-isolation- A container. Sorry we didn't dedicate resources to one particular A/V vendor. Your priorities are wrong it appears. Do you want to rely on A/V? Or proven containment????

The templates open up holes in the sandbox and/or allow the A/V to work by ignoring the SB container. There are many other A/V software we've tested that works with SBIE. That's updated in our forum regularly and other long term, seasoned SBIE users have agreed Defender is all you need if your are curious what MAY be in the sandbox.

Again, if SBIE is your primary protection, then the "extra" layer is just that...a feel good layer to see what is in the Sandbox.

As for templates, That's not only an invincea issue. The original creator of SBIE wasn't a fan of templates either. Why should we waste resources on making A/V work with us when it's not needed overall & usually directly interferes with our product? We do that as a courtesy.

As for other "Sandboxing" programs, well.... All I can say, there is only one Sandboxie. Proven. For over a decade. With 4+ million users.

But you have Webroot....

I can think on many ways to say that without being so agressive.

Regarding to your question @shmu26, i've only used Sandboxie back on Windows 7 or virtual machines. On this Windows version, Sandboxie seemed to work well with my antivirus software, which name i can't remember right now. On virtual machines, i only tested Sandboxie on its own. Here on Windows 10 i've had way too many problems to install it and make it work, and very little time to ask for assistance on the forums, so i just rely on my main AV and tiny weightless complements to maximize security. Now about compatibility, Sandboxie Help Account has just said everything that could be said.
 

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
The goal is multi-layered protection, in my opinion.

I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Someone's having a bad day at Invincea. :D

Anyway, if a software is not in the current incompatibility list of Sandboxie, then I think that it may work fine. But, of course, any problem should be reported, so that adjustments can be made.
 
  • Like
Reactions: Deleted member 2913
D

Deleted member 178

I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.

i disagree, an OS should be protected from all attack vectors , if a single product does it , good, if not you need to fill the holes; in that case you need other softs , this is called the "multi-layer".

you have a firewall = layer
you have a AV = layer
you have an anti-exploit = layer

now those layers can be covered by a single product or by many.

What do you Sandboxie users run on your PCs? WD, or third-party AV? Or you aren't so concerned about AV, since you are sandboxed anyway?

i'm using WD because i use Win10 ; i don't like Real-time AV.

I was using Webroot SA, but I saw that SBIE doesn't even have a template for it at all, and furthermore, webroot has its own sandbox feature, and that made me concerned about hidden conflicts.

sandboxie is a full virtualization mechanism while the one in WSA is policy-one. nothing to conflict. at one time time i used both together but never used WSA sandbox; Sandboxie was safer and more convenient.
 
Last edited by a moderator:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.
that's interesting, so what is your security
I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.
could you please elaborate a little bit?
I assume your approach is to use a single security product to its max?
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I can think on many ways to say that without being so agressive.

Regarding to your question @shmu26, i've only used Sandboxie back on Windows 7 or virtual machines. On this Windows version, Sandboxie seemed to work well with my antivirus software, which name i can't remember right now. On virtual machines, i only tested Sandboxie on its own. Here on Windows 10 i've had way too many problems to install it and make it work, and very little time to ask for assistance on the forums, so i just rely on my main AV and tiny weightless complements to maximize security. Now about compatibility, Sandboxie Help Account has just said everything that could be said.
I saw from your security configuration that you use kaspersky. That's probably why you had grief from SBIE on windows 10.
The only way I could get chrome to start up sandboxed with your configuration was by temporarily exiting kaspersky.
 

Kubla

Level 8
Verified
Jan 22, 2017
355
I have Kaspersky Total Security working with Chrome in Sandboxie but I had to disable scanning encrypted connections in Kaspersky but this is only for Chrome.

Hitman Pro Alert works as well.

* Note I found that running Chromium or Chromium trunks like Iron browser or Brave Browser disabling encrypted connections scaning was not needed.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top