Alister

New Member
So I'm fairly new to Sandboxie I paid for it, I have an interest in running some software "long" term without deleting contents. If I was running something that potentially had a backdoor or trojan, constantly what information could it potentially see on my computer? I read a keylogger in sandboxie still successfully keylogs so presumably a backdoored software would be of some risk to me if i was running it forever and wasn't aware of it?

I no you can harden security of Sandboxie, would there be a method of customizing this, to make what I want more plausible? I no about drop rights and delete invocation. Tho with what I'm suggesting I assume neither would be of use.

Appreciate any help.
 

Littlebits

Retired Staff
Sandboxie does an excellent job blocking accidental malware infections but it is not the best solution to test live malware. The best solution is to get yourself a cheap system dedicated for testing malware and make sure you have your Windows disk to reinstall Windows if needed. Make backup images of your hard drive because you can easily restore Windows to its updated state. If not is not possible then use a virtualation software like VirtualBox (free) or VMWare Workstation (paid) or you can use VMWare Player which is free with limited features.

Some advanced malware has been known to be able to escape sandboxing applications and virtualation, although it is rare, it could still happen. Because that is something you need to think about, do you want to risk taking the chance of infecting your system?


On Sandboxie's default box, you can setup Restrictions and Resource Access to make your default box more secure but that still doesn't guarantee that you will not get a live infection on your system.

Thanks. :D
 

Alister

New Member
Well thanks for that reply, I was aware about virtualization software, however it is not my intention to "test" live malware. I have some "software" I would like to run in the "confines" of sandboxie, and if we assume it's definitely infected but may very well not be.. what would be the course of action to take, to ensure I am not gonna be up river in a boat without a paddle so to speak.

I have already considered, the best course of action would be to not run anything you think is possibly infected. Personally I haven't found many topics covering what I'm asking.
 

Littlebits

Retired Staff
Sometimes I run suspicious new installers or other executable files in Sandboxie to determine if they are trustworthy but I just use the DefaultBox default settings.

You can increase security by during the following.

On Sandboxie's main menu select "Sandbox" Create New Sandbox, name it whatever you want to example "Secure" and copy settings from DefaultBox.

Now go you new created Sandbox right click and select "Sandbox Settings".
On the Restrictions- Internet Access, select "Block All Programs".
On the Restriction- Drop Rights, select "Drop Rights from Administrators and Power Users Group".

On Resource Access, they are several sections File, Registry, IPC, Windows and COM, you will need to manually add the suspicious programs in each section under "Blocked Access" except for the Windows and COM sections.

Please note that some programs run in these settings will not fully function like web installers which require the Internet connections, programs that need components from Windows like .Net Framework, Java, Python, etc. Programs that require access to these sections may not function at all.

You can reserve this new Sandbox for unknown suspicious programs but under normal conditions, the DefaultBox settings should protect your system from infections of coarse phishing applications like Keyloggers will be able to function record info and send it to their servers but will not infect your system. If you suspect there is a Keylogger, then simply deny Internet Access and no info will be sent.

I hope that helps you.

Enjoy!! :D
 

Alister

New Member
Thanks for that suggestion was insightful, hmm primarily I'm thinking about running games more then other things.