3rd party AV with Sandboxie, or not?

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#1
I understand that Sandboxie has not updated their templates since they were bought by Invincea, and that there is a potential for Sandboxie to interfere with the functioning of the AV, due to Sandboxie's agressive hooks into the Windows kernel, and other reasons. They recommend to use the native Windows Defender, which doesn't conflict.

What do you Sandboxie users run on your PCs? WD, or third-party AV? Or you aren't so concerned about AV, since you are sandboxed anyway?

I was using Webroot SA, but I saw that SBIE doesn't even have a template for it at all, and furthermore, webroot has its own sandbox feature, and that made me concerned about hidden conflicts.
 

Sandboxie Help

From Sandboxie
Developer
Verified
Joined
Feb 26, 2016
Messages
23
#2
Correction. A/V conflicts with Sandboxie. Please get that straight. And we list the conflicts. We don't hide that.

The aggressive hooks are needed, but unless you're a Dev supporting a program that has to work with Windows XP -Win 10 while working with a multitude of browsers, programs, security, tokens, etc.etc.etc.etc.etc. it's hard to grasp.

There are 6 million A/V vendors it seems like. It's not our job to work with EVERY ONE of them. As we have our own proven, industry leading function to do...sandboxing-isolation- A container. Sorry we didn't dedicate resources to one particular A/V vendor. Your priorities are wrong it appears. Do you want to rely on A/V? Or proven containment????

The templates open up holes in the sandbox and/or allow the A/V to work by ignoring the SB container. There are many other A/V software we've tested that works with SBIE. That's updated in our forum regularly and other long term, seasoned SBIE users have agreed Defender is all you need if your are curious what MAY be in the sandbox.

Again, if SBIE is your primary protection, then the "extra" layer is just that...a feel good layer to see what is in the Sandbox.

As for templates, That's not only an invincea issue. The original creator of SBIE wasn't a fan of templates either. Why should we waste resources on making A/V work with us when it's not needed overall & usually directly interferes with our product? We do that as a courtesy.

As for other "Sandboxing" programs, well.... All I can say, there is only one Sandboxie. Proven. For over a decade. With 4+ million users.

But you have Webroot....
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#3
There are 6 million A/V vendors it seems like. It's not our job to work with EVERY ONE of them. As we have our own proven, industry leading function to do...sandboxing-isolation- A container. Sorry we didn't dedicate resources to one particular A/V vendor. Your priorities are wrong it appears. Do you want to rely on A/V? Or proven containment????
Hey, I use Sandboxie too, my intent was not to criticize. You're doing a great job over there. I am just asking the community for input and advice, since I'm not a dev or a tester, and an ordinary user like me will let files out of the sandbox sooner or later, so it's good to have an effective AV as well. After all, some malware hides itself in a virtualized environment, so you can never be sure.
The goal is multi-layered protection, in my opinion.
 

Morvotron

New Member
Joined
Mar 24, 2015
Messages
278
#4
Correction. A/V conflicts with Sandboxie. Please get that straight. And we list the conflicts. We don't hide that.

The aggressive hooks are needed, but unless you're a Dev supporting a program that has to work with Windows XP -Win 10 while working with a multitude of browsers, programs, security, tokens, etc.etc.etc.etc.etc. it's hard to grasp.

There are 6 million A/V vendors it seems like. It's not our job to work with EVERY ONE of them. As we have our own proven, industry leading function to do...sandboxing-isolation- A container. Sorry we didn't dedicate resources to one particular A/V vendor. Your priorities are wrong it appears. Do you want to rely on A/V? Or proven containment????

The templates open up holes in the sandbox and/or allow the A/V to work by ignoring the SB container. There are many other A/V software we've tested that works with SBIE. That's updated in our forum regularly and other long term, seasoned SBIE users have agreed Defender is all you need if your are curious what MAY be in the sandbox.

Again, if SBIE is your primary protection, then the "extra" layer is just that...a feel good layer to see what is in the Sandbox.

As for templates, That's not only an invincea issue. The original creator of SBIE wasn't a fan of templates either. Why should we waste resources on making A/V work with us when it's not needed overall & usually directly interferes with our product? We do that as a courtesy.

As for other "Sandboxing" programs, well.... All I can say, there is only one Sandboxie. Proven. For over a decade. With 4+ million users.

But you have Webroot....
I can think on many ways to say that without being so agressive.

Regarding to your question @shmu26, i've only used Sandboxie back on Windows 7 or virtual machines. On this Windows version, Sandboxie seemed to work well with my antivirus software, which name i can't remember right now. On virtual machines, i only tested Sandboxie on its own. Here on Windows 10 i've had way too many problems to install it and make it work, and very little time to ask for assistance on the forums, so i just rely on my main AV and tiny weightless complements to maximize security. Now about compatibility, Sandboxie Help Account has just said everything that could be said.
 

FleischmannTV

Level 7
Verified
Joined
Jun 12, 2014
Messages
319
OS
Windows 10
#5
The goal is multi-layered protection, in my opinion.
I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.
 

XhenEd

Level 27
Content Creator
Verified
Joined
Mar 1, 2014
Messages
1,661
OS
Windows 10
Antivirus
Default-Deny
#6
Someone's having a bad day at Invincea. :D

Anyway, if a software is not in the current incompatibility list of Sandboxie, then I think that it may work fine. But, of course, any problem should be reported, so that adjustments can be made.
 
Likes: Yash Khan

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,222
OS
Windows 10
Antivirus
Default-Deny
#7
I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.
i disagree, an OS should be protected from all attack vectors , if a single product does it , good, if not you need to fill the holes; in that case you need other softs , this is called the "multi-layer".

you have a firewall = layer
you have a AV = layer
you have an anti-exploit = layer

now those layers can be covered by a single product or by many.

What do you Sandboxie users run on your PCs? WD, or third-party AV? Or you aren't so concerned about AV, since you are sandboxed anyway?
i'm using WD because i use Win10 ; i don't like Real-time AV.

I was using Webroot SA, but I saw that SBIE doesn't even have a template for it at all, and furthermore, webroot has its own sandbox feature, and that made me concerned about hidden conflicts.
sandboxie is a full virtualization mechanism while the one in WSA is policy-one. nothing to conflict. at one time time i used both together but never used WSA sandbox; Sandboxie was safer and more convenient.
 
Last edited:

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#8
I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.
that's interesting, so what is your security
I am of sorry if this sounds condescending, but in my opinion this so called "multi-layered protection" approach is a fallacy advertised by security forums and producers of companion products. The foundation of falling for this fallacy is the lacking of understanding how 1. Windows works, 2. malware works, 3. how malware prevention products work.
could you please elaborate a little bit?
I assume your approach is to use a single security product to its max?
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#9
I can think on many ways to say that without being so agressive.

Regarding to your question @shmu26, i've only used Sandboxie back on Windows 7 or virtual machines. On this Windows version, Sandboxie seemed to work well with my antivirus software, which name i can't remember right now. On virtual machines, i only tested Sandboxie on its own. Here on Windows 10 i've had way too many problems to install it and make it work, and very little time to ask for assistance on the forums, so i just rely on my main AV and tiny weightless complements to maximize security. Now about compatibility, Sandboxie Help Account has just said everything that could be said.
I saw from your security configuration that you use kaspersky. That's probably why you had grief from SBIE on windows 10.
The only way I could get chrome to start up sandboxed with your configuration was by temporarily exiting kaspersky.
 
Joined
Jan 22, 2017
Messages
210
#11
I have Kaspersky Total Security working with Chrome in Sandboxie but I had to disable scanning encrypted connections in Kaspersky but this is only for Chrome.

Hitman Pro Alert works as well.

* Note I found that running Chromium or Chromium trunks like Iron browser or Brave Browser disabling encrypted connections scaning was not needed.
 
Last edited: