Hi guys since many members asked me how to tweak Sandboxie for better protection , i will show you my "personal" settings.
IMPORTANT NOTE: those are MY settings, i don't claim that they are the strongest or better tweaks you can do , but they just works fine with me.
I could tighten it some more but you will loose some comfort and it doesnt guarantee you that it will works on your machine. So better stick to those i will describe below
You have to know that those settings will generate more user interactions than default settings.
Some settings are only available in the paid version.
0- default sandbox (rarely used)
Restrictions: Drop rights > tick "drop Right from administrators and power users group."
1- Chrome x64 (always used while browsing)
Delete > Delete invocations > tick "automatically delete contents of sandbox" (this will ensure that any suspicious files are deleted when you close the browser)
Program Start > Forced Programs > add programs > select Chrome.exe
Program Stop > Leader Program > add program > select Chrome.exe
Restrictions :
- Internet Access > add program > select Chrome.exe ( this will only allow chrome to connect and nothing else)
- Start/Run Access > add program > select Chrome.exe ( this will insure that nothing except chrome is allowed to run)
- Drop rights > tick "drop Right from administrators and power users group."
Resources Access
- File Access > Blocked Access > add > (i personally add my other partitions)
Applications
- Web Browsers > Google Chrome >
i could untick more settings but my comfort will drastically be lowered , and i like some comfort
2- Download Folders' Sandbox profile
(for better convenience and safety, i highly suggest you to put your download folders on an other partition than your system.)
so there is how to sandbox your downloads folder(s), first ,we create thee sandbox:
go to : Sandbox tab (on top) > Create New Sandbox > name it as you want.
now go to your newly created sandbox settings:
Delete > Delete invocations > tick "automatically delete contents of sandbox"
(this will ensure that any suspicious files are deleted when you close the browser)
Program Start > Forced Folder > Add Folder> select your download folder(s)
beware that from now on, you have to click on "disable forced programs" (sandboxie tray icon) every time before running any files located in those folders.
Restrictions :
- Internet Access > click "Block all programs"
- Drop rights > tick "drop Right from administrators and power users group."
Resources Access
- File Access > Blocked Access > add > C: (or your system partition letter)
(so anything you download cant reach your system partition)
that's it for the Download Folder profile, the goal here , is to disallow any files you download to access the system partition, connect to internet or run without your consent.
-----------------------------------------------------------------------------------------------------------------
Now you have a general idea of how to set your browsers , i have other sandbox profiles (for Download folders, File Explorer, etc...) , listing each of them now will be too long.
So i will add some other profiles later so stay tuned.
Hope i helped you.
Update: Download Folder sandbox profile
IMPORTANT NOTE: those are MY settings, i don't claim that they are the strongest or better tweaks you can do , but they just works fine with me.
I could tighten it some more but you will loose some comfort and it doesnt guarantee you that it will works on your machine. So better stick to those i will describe below
You have to know that those settings will generate more user interactions than default settings.
Some settings are only available in the paid version.
0- default sandbox (rarely used)
Restrictions: Drop rights > tick "drop Right from administrators and power users group."
1- Chrome x64 (always used while browsing)
Delete > Delete invocations > tick "automatically delete contents of sandbox" (this will ensure that any suspicious files are deleted when you close the browser)
Program Start > Forced Programs > add programs > select Chrome.exe
Program Stop > Leader Program > add program > select Chrome.exe
Restrictions :
- Internet Access > add program > select Chrome.exe ( this will only allow chrome to connect and nothing else)
- Start/Run Access > add program > select Chrome.exe ( this will insure that nothing except chrome is allowed to run)
- Drop rights > tick "drop Right from administrators and power users group."
Resources Access
- File Access > Blocked Access > add > (i personally add my other partitions)
Applications
- Web Browsers > Google Chrome >
i could untick more settings but my comfort will drastically be lowered , and i like some comfort
2- Download Folders' Sandbox profile
(for better convenience and safety, i highly suggest you to put your download folders on an other partition than your system.)
so there is how to sandbox your downloads folder(s), first ,we create thee sandbox:
go to : Sandbox tab (on top) > Create New Sandbox > name it as you want.
now go to your newly created sandbox settings:
Delete > Delete invocations > tick "automatically delete contents of sandbox"
(this will ensure that any suspicious files are deleted when you close the browser)
Program Start > Forced Folder > Add Folder> select your download folder(s)
beware that from now on, you have to click on "disable forced programs" (sandboxie tray icon) every time before running any files located in those folders.
Restrictions :
- Internet Access > click "Block all programs"
- Drop rights > tick "drop Right from administrators and power users group."
Resources Access
- File Access > Blocked Access > add > C: (or your system partition letter)
(so anything you download cant reach your system partition)
that's it for the Download Folder profile, the goal here , is to disallow any files you download to access the system partition, connect to internet or run without your consent.
-----------------------------------------------------------------------------------------------------------------
Now you have a general idea of how to set your browsers , i have other sandbox profiles (for Download folders, File Explorer, etc...) , listing each of them now will be too long.
So i will add some other profiles later so stay tuned.
Hope i helped you.
Update: Download Folder sandbox profile
Last edited by a moderator:
