Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Warning Welcome to MalwareTips.com, a free community where people like yourself come together to discuss and learn about PC security and computers.
    As a guest, you can browse and view the various discussions in the forums, but you can not create new threads or reply to an existing one unless you are a registered member. By joining our free community you will have access to post threads, start private conversations with other members, respond to polls, upload content and access many other special features.
    Registration is fast, simple and absolutely free, so please join us today!
  2. Emsisoft  Mobile Security GiveawayEXCLUSIVE MalwareTips.com: Emsisoft Mobile Security Giveaway

    Get a free license key for Emsisoft Mobile Security to protect your Android smartphone. We are giving away Emsisoft Mobile Security license keys for our awesome members!

    Get an Emsisoft Mobile Security license key!

  3. Zemana AntiLogger Unlimited GiveawayEXCLUSIVE: Zemana AntiLogger Giveaway

    Get a free license key for Zemana AntiLogger. We are giving away 300 Zemana AntiLogger license keys for our awesome members!

    Get a Zemana AntiLogger license key!

  4.  NoVirusThanks EXE GiveawayEXCLUSIVE MalwareTips.com : NoVirusThanks EXE Radar Pro Giveaway

    Get a free license key for NoVirusThanks EXE Radar Pro. We are giving away NoVirusThanks EXE Radar Pro license keys for our awesome members!

    Get a NoVirusThanks EXE Radar Pro license key!

  5. ZoneAlarm 2015 Extreme Security GiveawayEXCLUSIVE MalwareTips.com:ZoneAlarm 2015 Extreme Security Giveaway

    Starting with April 17,2014 get a free license key for ZoneAlarm 2015 Extreme Security. We are giving away ZoneAlarm 2015 Extreme Security license keys for our awesome members!

    ZoneAlarm 2015 Extreme Security Giveaway starting on April 17,2014

  6. Windows XP End Of Support

    After 12 years, support for Windows XP has ended on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system. Without critical Windows XP security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information. Many software vendors will no longer support their products running on Windows XP as they are unable to receive Windows XP updates. Most PC hardware manufacturers will stop supporting Windows XP on existing and new hardware.

  7. Tip of the Day Always keep an eye on what you click and download, including music, movies, files, browser plug-ins or add-ons
    Be wary of pop-up windows that ask you to download software or that offer to fix your computer. Often these pop-ups will claim that your computer has been infected and that their download can fix it – don’t believe them. Close the window and make sure you don’t click inside the pop-up window. Do not open files of unknown types, or if you see unfamiliar browser prompts or warnings asking you to open a file. Sometimes malware may prevent you from leaving a page if you land on it, for example by repeatedly opening a download prompt. If this happens, use your computer’s task manager or activity monitor to close your browser.

[How To] Use Sandboxie

Discussion in 'Sandboxie' started by Nathan Wootton, Oct 30, 2011.

  1. Nathan Wootton

    Nathan Wootton Regular Member

    Joined:
    May 25, 2011
    Messages:
    284
    Likes Received:
    0
    Trophy Points:
    45
    Ino many of you know how to use Sandboxie so this is aimed for the people who are new to it :biggrin:

    What is Sandboxie?

    Sandboxie is very useful to check whether or not a program is infected, you can also use it to test out your botnet. Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.



    1. Download
    HTML:
    http://www.sandboxie.com/index.php?DownloadSandboxie
    (Proceed through the installation)

    2. Using Sandboxie
    Open Sandboxie : Start > All Programs > Sandboxie > Sandboxie Control


    Run File : Right-Click Suspected File > Run Sandboxed


    Change Display : View > Files and Folders


    Observe Folders : Sandbox DefaultBox > All files and Folders

    3. Analysing Output

    Now that you've ran your program you're probably wondering What does this all this mean? Now is when you analyze Sandboxie to check if the program has dropped any files. In the All files and Folder sub-menu you can observe the exact location of dropped files.

    How do I know if my program's infected?

    To decide whether or not a program is infected you have to think. Should this program drop files? For example : I've downloaded a crypter and decided to check it out in Sandboxie. Now immediately after I run it, I get a file dropped :


    Settings :
    To prevent against stealers acquiring your firefox passwords while using Sandboxie go to :
    Sandbox>Default Box>Sandbox settings> Resource Access>File Access>Blocked Access>Edit/Add
    and copy paste the following lines : (one by one)

    %Local AppData%\Mozilla\
    %AppData%\Mozilla\
    \Device\Mup\


    The same for Chrome and Opera

    You can also disable the program from accessing the internet, this option is also found in Sandbox settings.

    NEW! To bypass the Anti-Sandboxie that some malware uses, you need to disable the Sandboxie indicator that is in the titles of windows running in Sandboxie "#".

    To do this go to Sandboxie>Rick-click on your sandbox>Sandbox Settings>Appearance>check "Don't show Sandboxie indicator...". (This method of detecting sandboxie isn't used by all malware however.)
    Extra Info.

    Keep in mind that if you receive an error, and your program is unable to run in Sandboxie, it is most likely that it's a virus and has implemented Anti-Sandboxie. DO NOT RUN IT OUTSIDE SANDBOXIE! (see 'Settings' spoiler to know how to bypass anti-sandboxie)

    Once you are done with Sandboxie, Right-Click on the Sandbox and chose Terminate Programs. Also, remember to empty your SandBox after every use by Right-clicking>Delete Contents.

    When you see [#] [#] around the title on the window, you know it's Sandboxed. Unless you have these indicators disabled (see 'Settings')

    Well i hope this helps new people to sanboxie :angel:
  2. AyeAyeCaptain

    AyeAyeCaptain Regular Member

    Joined:
    Feb 24, 2011
    Messages:
    558
    Likes Received:
    0
    Trophy Points:
    60
    Not a bad effort at all, nice one for taking the time to create it... About the whole password stealing though, using Lastpass or other variations would also combat this. I think you have explained it well enough though for all users to understand so top marks for that.

    Don't use Sandboxie myself even though it's one of a few things that is worth paying for, but currently stick to CIS Bundled effort (cannot wait for v6 with full virtual... ).

    Would rep + but thumbs up/down does not seem to be visible for me still?? Jack?? lol.
  3. McLovin

    McLovin Active Member

    Joined:
    Apr 18, 2011
    Messages:
    8,237
    Likes Received:
    28
    Trophy Points:
    147
    Thanks for the guide Nathan. I don't really use SandBoxie because when I had Avast I used their one.
  4. Exorcizm

    Exorcizm Regular Member

    Joined:
    Oct 28, 2011
    Messages:
    496
    Likes Received:
    1
    Trophy Points:
    45
    Good Guide Nathan! I'm sure many people using that sandbox will find it useful! :)
  5. Overkill

    Overkill Regular Member

    Joined:
    Feb 15, 2012
    Messages:
    1,792
    Likes Received:
    14
    Trophy Points:
    82
    If I allow direct access to everything within my browser can malicious content slip through the sandbox?

    In the browser settings what is NOT recommended to tick for direct access?
  6. McLovin

    McLovin Active Member

    Joined:
    Apr 18, 2011
    Messages:
    8,237
    Likes Received:
    28
    Trophy Points:
    147
    Your reply to a topic that was started in October last year.
  7. Littlebits

    Littlebits Super Moderator Staff Member

    Joined:
    May 4, 2011
    Messages:
    3,166
    Likes Received:
    664
    Trophy Points:
    292
    Nice guide, I don't use Sandboxie on a daily basis, only when I want to run a suspicious program. I see no need to run trusted programs inside of a sandbox.

    Thanks.:D
  8. Ramblin

    Ramblin Active Member

    Joined:
    May 14, 2011
    Messages:
    978
    Likes Received:
    122
    Trophy Points:
    127
    Ramblin
    Last edited: Mar 21, 2014
  9. HeffeD

    HeffeD Super Moderator

    Joined:
    Feb 28, 2011
    Messages:
    1,666
    Likes Received:
    0
    Trophy Points:
    80
    This is what I do as well.

    I also gave direct access to AdBlock Plus' extension folder so it is able to update the subscription blocklist databases. Otherwise you'll be downloading a new one each browsing session. Not a big deal bandwidth-wise because they are a small .txt file, but it puts unnecessary strain on the subscription servers.

    I don't allow access to cookies, because it's nice to have those wiped along with everything else when I close the browser. (Yes, I'm aware you can set the browser to do this as well) If there is a persistent cookie I'd like to keep, I just start the browser outside the sandbox, set the cookie, then close the browser and restart in the sandbox.
  10. Ramblin

    Ramblin Active Member

    Joined:
    May 14, 2011
    Messages:
    978
    Likes Received:
    122
    Trophy Points:
    127
    Ramblin
    Last edited: Mar 21, 2014
  11. HeffeD

    HeffeD Super Moderator

    Joined:
    Feb 28, 2011
    Messages:
    1,666
    Likes Received:
    0
    Trophy Points:
    80
    I didn't know that. Thanks for the tip!

    Changes made accordingly. :)
  12. Overkill

    Overkill Regular Member

    Joined:
    Feb 15, 2012
    Messages:
    1,792
    Likes Received:
    14
    Trophy Points:
    82
    Ok, I'd love for someone to make a tut either written or video that explains the best settings for sandboxie.
  13. Ramblin

    Ramblin Active Member

    Joined:
    May 14, 2011
    Messages:
    978
    Likes Received:
    122
    Trophy Points:
    127
    Ramblin
    Last edited: Mar 21, 2014
  14. Ramblin

    Ramblin Active Member

    Joined:
    May 14, 2011
    Messages:
    978
    Likes Received:
    122
    Trophy Points:
    127
    Ramblin
    Last edited: Mar 21, 2014
  15. Overkill

    Overkill Regular Member

    Joined:
    Feb 15, 2012
    Messages:
    1,792
    Likes Received:
    14
    Trophy Points:
    82
    In opera it doesn't give as many options, so if I allow all 3 do you think that is wise?
    Basically bookmarks and preferences are pretty safe to allow but nothing else including the entire folder to whichever browser?

    Something interesting happened to me the other day...

    I had everything enabled in the chrome options while I was testing against malware and my av caught a cache file that was in my chrome user data folder after I had close sbie, so that is partially why i'm asking because evidentally it escaped because it was a file from my testing.
  16. Ramblin

    Ramblin Active Member

    Joined:
    May 14, 2011
    Messages:
    978
    Likes Received:
    122
    Trophy Points:
    127
    Ramblin
    Last edited: Mar 21, 2014
  17. Littlebits

    Littlebits Super Moderator Staff Member

    Joined:
    May 4, 2011
    Messages:
    3,166
    Likes Received:
    664
    Trophy Points:
    292
    Of coarse it is possible to click on infected documents but if you stay within trusted websites, this is very rare to encounter. It has never happened to myself since I've been using the web. If I get careless and visit an infected site then yes this could happen. If you use Google Chrome as your main browser the likelihood of this happening is even more remote since Google Chrome opens all documents by default with Google Documents online with limited rights, files are not saved locally. Just one of the security features of Google Chrome that puts it ahead of other browsers. Installing external reader however can overwrite Google Chrome default actions when opening documents. Google's own pdf reader is a good example. These Google security features only exists within Google Chrome, other Chromium browsers use external readers. You can however install add-ons to allow you to open files with Google Documents with Firefox, Microsoft Office, Google Toolbar for IE, Firefox, Opera, IE, Chromium and others online services besides Google Documents.

    Thanks.:D
  18. Umbra Polaris

    Umbra Polaris Testing And Review Expert Staff Member

    Joined:
    May 17, 2011
    Messages:
    9,013
    Likes Received:
    1,178
    Trophy Points:
    497
    ok i have some questions,

    I created a sandbox forcing all contents of an especially created "Download" folder to run in it (that was the easy part)

    now when i download a .torrent file from my browsers (Icedragon/Dragon) , in normal situation, they open the torrent file automatically after the end of the download in µtorrent.

    But now when i download the torrent from my sandboxed browsers in the forced folder above, the torrent can't be open by µtorrent, i didn't find the workaround yet.

    my goal is to download a torrent from my sandboxed browser then opening it in a sandboxed µtorrent then run automatically the downloaded file into a sandbox.

    any ideas?
  19. jasonX

    jasonX Regular Member

    Joined:
    Apr 13, 2012
    Messages:
    225
    Likes Received:
    22
    Trophy Points:
    37
    Is someone using SBIE for online banking....? I seem to think that this can be used as a tool for such but do not know how-to..? Any ideas...? What config should be used with that...?
  20. Umbra Polaris

    Umbra Polaris Testing And Review Expert Staff Member

    Joined:
    May 17, 2011
    Messages:
    9,013
    Likes Received:
    1,178
    Trophy Points:
    497
    You can create a sandbox with your secondary browser forced, set as only program allowed to run and access internet, with dropped rights, set as leader.

    it is what i did. i don't know if it is the best settings for that.

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads: [How Sandboxie
Forum Title Date
How-To Articles, Tips and Guides [How-To] directly upgrade Windows 8 to Windows 8.1 without all updates Mar 14, 2014
How-To Articles, Tips and Guides [How-To] Know if we can use 2 antiviruses in SAME time and set them Mar 13, 2014
Comodo [How-To] Block Malicious Websites or Ads with Comodo v7 Web Filter Mar 7, 2014
How-To Articles, Tips and Guides [How to] block all ads on ROOTED android devices Jan 1, 2014
Safe Online Practices [How To] Twitter, Login Verification May 23, 2013

MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.