Sandboxie help and configs

Discussion in 'Sandboxie (Invincea)' started by MetalShaun, May 12, 2011.

  1. MetalShaun

    MetalShaun New Member

    Mar 3, 2011
    370
    18
    Devon
    I have been playing around with Sandboxie the last few day and would like to discuss a few things with any sandboxie experts here. Also if you are a sandboxie user feel free to post up your configurations (how many sandboxes , what restrictions etc you use) so we can see what other users are up to.

    I have for the moment set up a sandbox for IE and Windows Live Mail. Internet access is retricted to IE,WLM and adobe reader only. Also i have blocked file acces to my data partition and allowed direct access to IE favourites.

    So what i would like to know is
    1. Do i need to add internet acces to anyother programs? e.g Java,Flash
    2. When i need to update flash etc can i just run the updater out of the sandbox??? or do i need to update flash then delete the contents of the sandbox so the new version is then added to the sandbox the next time it is run inside??
    3. Again i would love to here about how some of configure your sandboxes and if you hav any recomendations.

    Cheers
    Shaun
     
  2. Tweak

    Tweak New Member

    Jan 8, 2011
    250
    1
    North Carolina
    I won't claim to be anything near an expert but I use SB on occasion. I do not think adding Flash, Java, SilverLight or other types of plug-in type programs is needed and possibly not a good idea to have things function 100% properly. I use one sandbox and really the only big change is to set for Auto Deletion of sandbox contents found under Delete>Delete Invocation. Under Restrictions I also confirm that Drop Rights is selected as it should be, beyond that I think the only other thing is how the browsers are setup as it pertains to what "Access" is allowed. Ff is bookmarks and history, cookies, and phishing databse, IE (which isn't used) set to Add Favs to Quick Recovery folders and cookies, lastly Opera which I just allow Access to bookmarks and the entire profile folder (probably not ideal for everyone but works for me best set this way).

    EDIT: Appearance >>Display border around the window.(choose a color) <------- Also I do that, thanks for the reminder on that one Jack. Much of the rest is so specific to each user that is all to be configured as the specific user needs.
     
  3. Jack

    Jack Administrator
    Staff Member

    Jan 24, 2011
    8,653
    14,796
    Bucharest
    Windows 10
    Default-Deny
    Here is how I setup my Sandboxie :
    • Appearance >>Display border around the window.(choose a color)
    • Delete>>Invocation>>Automatically delete contents of sandbox
    • . Program Start>>Forced Programs>>Add here the programs that are considerd entry points for malware like IM,Web Browsers,etc (Only available for Paid version..so hopefully you will win a license on our Giveaway) :p
    • Restrictions>>Drop Rights>>Drop rights from Administrators and Power Users groups
    • Applications>>Selected desired access/settings related to web browser favorites, bookmarks....
    • Applications>>Security/Privacy>>Select app. that you use from the list
    • Resource Access>>File Access > Blocked Access>>add any folder of your computer containing sensitive information (eg. “My Documents”).

    You can find more info about each setting - here
     
  4. JoeN

    JoeN Level 2

    May 10, 2011
    134
    56
    There you go:
    setup by ssj100
     
  5. Ramblin

    Ramblin New Member

    May 14, 2011
    940
    134
    #5 Ramblin, May 14, 2011
    Last edited: Mar 21, 2014
    Ramblin
     
  6. MetalShaun

    MetalShaun New Member

    Mar 3, 2011
    370
    18
    Devon
    Thanks for the info guys. But what if i didn't want to empty my sandbox and wanted to update a program?? could i just run the updater out the sandbox and it would update the sandbox too??

    Cheers
    Shaun
     
  7. moonshine

    moonshine Level 6

    Apr 19, 2011
    1,218
    256
    Metro Manila
    Windows 10
    ESET
    I'm having problems with DropRights option since my browsers doesn't work properly with Internet Download Manager when the DropRights option is checked. Any solutions on this guys?
     
  8. Tweak

    Tweak New Member

    Jan 8, 2011
    250
    1
    North Carolina
    @Metal, if for example you want to update Firefox launch it without being sandboxed and update it then run as you would inside sandbox.

    @BoXX make sure it is checked for IDM under Applications and then Download Managers.
     
  9. Ramblin

    Ramblin New Member

    May 14, 2011
    940
    134
    #9 Ramblin, May 15, 2011
    Last edited: Mar 21, 2014
    Ramblin
     
  10. moonshine

    moonshine Level 6

    Apr 19, 2011
    1,218
    256
    Metro Manila
    Windows 10
    ESET
    Doesn't work right Tweak since my download manager also gets sandboxed.
     
  11. MetalShaun

    MetalShaun New Member

    Mar 3, 2011
    370
    18
    Devon
    I see where I am getting a bit confused here. I was thinking that when you ran a browser sandboxed the whole prgram was copied into the sandbox and ran from there, but I just checked and it seems only the user data, cookies and temp files etc are redirected to the Sandbox directory on the C drive.
     
  12. Tweak

    Tweak New Member

    Jan 8, 2011
    250
    1
    North Carolina
    Somehow you should be able to utilize the recovery related options but since I do not use a download manager I am not sure of any special settings or needs beyond adding the download directory so that recovery can be invoked.
     
  13. HeffeD

    HeffeD New Member

    Feb 28, 2011
    1,597
    12
    Yes, basically anything that you encounter during a browsing section.

    You can however, install things inside the sandbox. This way the whole shebang exists in the sandbox. If you decide to go this route however, you'll want to dedicate a sandbox to this single application and obviously not set the sandbox to auto-delete the contents. I've never used this method for long term application usage so I don't know if there are any gotcha's you'd need to watch out for.
     
  14. Ramblin

    Ramblin New Member

    May 14, 2011
    940
    134
    #14 Ramblin, May 16, 2011
    Last edited: Mar 21, 2014
    Ramblin
     
  15. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    ok there is my problem:

    I create a specific sandbox for testing malwares, i put inside a folder called "Virus" , the sandbox is designed to force everything in it to be sandboxed, when i scan with my Avs the infected folder, everything goes normal, but when i want to clean it, they can't move or quaurantine the malwares.

    someone has a suggestion?
     
  16. Overkill

    Overkill Level 30
    Trusted

    Feb 15, 2012
    2,105
    1,997
    USA
    Windows 7
    Default-Deny
    Here's how mine is currently...
    From top to bottom the settings i've changed...
    Forced Programs:Icedragon
    Dropped Rights:Ticked
    Resource Access>File Access>Direct Access:my sessions extension local storage
    WebBrowsers:IE (first top 3 options are ticked)
    Dragon & Iron:(first top 3 options are ticked)
    That's it everything else is default and I only use the default sandbox, any suggestions are welcomed
     
  17. Ramblin

    Ramblin New Member

    May 14, 2011
    940
    134
    #17 Ramblin, Aug 26, 2012
    Last edited: Mar 21, 2014
    Ramblin
     
  18. Ramblin

    Ramblin New Member

    May 14, 2011
    940
    134
    #18 Ramblin, Aug 26, 2012
    Last edited: Mar 21, 2014
    Ramblin
     
  19. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    At that time it was CIS if my memory is good :D anyway it is past i don't use SB anymore since OAP is not very compatible with it, and if i should get back to CIS, the v6 will have full virtualization like SB.

    Anyway thanks to reply, it will be still useful.
     
  20. Ramblin

    Ramblin New Member

    May 14, 2011
    940
    134
    #20 Ramblin, Aug 26, 2012
    Last edited: Mar 21, 2014
    Ramblin
     
Loading...
Similar Threads Forum Date
Need help to config Sandboxie Sandboxie (Invincea) Nov 7, 2012
Problems with IDM and Sandboxie Sandboxie (Invincea) Nov 26, 2017
Update Sandboxie 5.22 Released: Windows Creator's Fall Update is now supported Sandboxie (Invincea) Oct 31, 2017