Sandboxie help and configs

Status
Not open for further replies.

MetalShaun

Level 1
Thread author
Mar 3, 2011
424
I have been playing around with Sandboxie the last few day and would like to discuss a few things with any sandboxie experts here. Also if you are a sandboxie user feel free to post up your configurations (how many sandboxes , what restrictions etc you use) so we can see what other users are up to.

I have for the moment set up a sandbox for IE and Windows Live Mail. Internet access is retricted to IE,WLM and adobe reader only. Also i have blocked file acces to my data partition and allowed direct access to IE favourites.

So what i would like to know is
1. Do i need to add internet acces to anyother programs? e.g Java,Flash
2. When i need to update flash etc can i just run the updater out of the sandbox??? or do i need to update flash then delete the contents of the sandbox so the new version is then added to the sandbox the next time it is run inside??
3. Again i would love to here about how some of configure your sandboxes and if you hav any recomendations.

Cheers
Shaun
 

Tweak

New Member
Jan 8, 2011
274
I won't claim to be anything near an expert but I use SB on occasion. I do not think adding Flash, Java, SilverLight or other types of plug-in type programs is needed and possibly not a good idea to have things function 100% properly. I use one sandbox and really the only big change is to set for Auto Deletion of sandbox contents found under Delete>Delete Invocation. Under Restrictions I also confirm that Drop Rights is selected as it should be, beyond that I think the only other thing is how the browsers are setup as it pertains to what "Access" is allowed. Ff is bookmarks and history, cookies, and phishing databse, IE (which isn't used) set to Add Favs to Quick Recovery folders and cookies, lastly Opera which I just allow Access to bookmarks and the entire profile folder (probably not ideal for everyone but works for me best set this way).

EDIT: Appearance >>Display border around the window.(choose a color) <------- Also I do that, thanks for the reminder on that one Jack. Much of the rest is so specific to each user that is all to be configured as the specific user needs.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Here is how I setup my Sandboxie :
  • Appearance >>Display border around the window.(choose a color)
  • Delete>>Invocation>>Automatically delete contents of sandbox
  • . Program Start>>Forced Programs>>Add here the programs that are considerd entry points for malware like IM,Web Browsers,etc (Only available for Paid version..so hopefully you will win a license on our Giveaway) :p
  • Restrictions>>Drop Rights>>Drop rights from Administrators and Power Users groups
  • Applications>>Selected desired access/settings related to web browser favorites, bookmarks....
  • Applications>>Security/Privacy>>Select app. that you use from the list
  • Resource Access>>File Access > Blocked Access>>add any folder of your computer containing sensitive information (eg. “My Documents”).

You can find more info about each setting - here
 

JoeN

Level 6
Verified
May 10, 2011
287
There you go:
1. Create as many separate sandboxes as is required for your internet facing applications. Try to have one separate sandbox per internet facing application.
2. In each sandbox, use the appropriate start/run and internet access restrictions and only allow your program to start/run and access internet within its sandbox. You may also need to allow other programs depending on whether the application interacts with other processes.
3. In each sandbox, enable Drop my rights.
4. In each sandbox, block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
5. In each sandbox, configure Read-Only access to C:\WINDOWS
6. In each sandbox, force the relevant application to always run in its sandbox
7. Do not use any OpenFilePath rules for any internet browsers (note there are a few exceptions here, like enabling an OpenFilePath rule to allow direct access to Firefox phishing database)
8. You will need at least 2 browsers. One browser will be used for everyday browsing and other non-critical/sensitive activity.
9. The other browser will be used for online banking and other critical/sensitive activity.
10. For the browser in step 9, configure its sandbox to automatically delete whenever the browser closes.
11. Depending on the nature of your other internet facing applications, you may choose to also configure their respective sandboxes to automatically delete on closing.
12. This step is obviously optional: have one sandbox to test applications/malware in (the DefaultBox will do) where the only configurations are to enable automatically delete and block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
13. Create separate sandboxes for each USB/external drive hardware you have connected (or would connect) to your computer. Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
14. Create separate sandbox(es) for your CD/DVD drive(s). Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
setup by ssj100
 

MetalShaun

Level 1
Thread author
Mar 3, 2011
424
Thanks for the info guys. But what if i didn't want to empty my sandbox and wanted to update a program?? could i just run the updater out the sandbox and it would update the sandbox too??

Cheers
Shaun
 

moonshine

Level 7
Verified
Apr 19, 2011
1,264
I'm having problems with DropRights option since my browsers doesn't work properly with Internet Download Manager when the DropRights option is checked. Any solutions on this guys?
 

Tweak

New Member
Jan 8, 2011
274
@Metal, if for example you want to update Firefox launch it without being sandboxed and update it then run as you would inside sandbox.

@BoXX make sure it is checked for IDM under Applications and then Download Managers.
 

MetalShaun

Level 1
Thread author
Mar 3, 2011
424
I see where I am getting a bit confused here. I was thinking that when you ran a browser sandboxed the whole prgram was copied into the sandbox and ran from there, but I just checked and it seems only the user data, cookies and temp files etc are redirected to the Sandbox directory on the C drive.
 

Tweak

New Member
Jan 8, 2011
274
BoXX28 said:
Doesn't work right Tweak since my download manager also gets sandboxed.

Somehow you should be able to utilize the recovery related options but since I do not use a download manager I am not sure of any special settings or needs beyond adding the download directory so that recovery can be invoked.
 

HeffeD

Level 1
Feb 28, 2011
1,690
MetalShaun said:
I see where I am getting a bit confused here. I was thinking that when you ran a browser sandboxed the whole prgram was copied into the sandbox and ran from there, but I just checked and it seems only the user data, cookies and temp files etc are redirected to the Sandbox directory on the C drive.

Yes, basically anything that you encounter during a browsing section.

You can however, install things inside the sandbox. This way the whole shebang exists in the sandbox. If you decide to go this route however, you'll want to dedicate a sandbox to this single application and obviously not set the sandbox to auto-delete the contents. I've never used this method for long term application usage so I don't know if there are any gotcha's you'd need to watch out for.
 
D

Deleted member 178

ok there is my problem:

I create a specific sandbox for testing malwares, i put inside a folder called "Virus" , the sandbox is designed to force everything in it to be sandboxed, when i scan with my Avs the infected folder, everything goes normal, but when i want to clean it, they can't move or quaurantine the malwares.

someone has a suggestion?
 

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
Here's how mine is currently...
From top to bottom the settings i've changed...
Forced Programs:Icedragon
Dropped Rights:Ticked
Resource Access>File Access>Direct Access:my sessions extension local storage
WebBrowsers:IE (first top 3 options are ticked)
Dragon & Iron:(first top 3 options are ticked)
That's it everything else is default and I only use the default sandbox, any suggestions are welcomed
 
D

Deleted member 178

bo.elam said:
You use so many of them at the same time so let me ask you, which AV did you use for the test?

At that time it was CIS if my memory is good :D anyway it is past i don't use SB anymore since OAP is not very compatible with it, and if i should get back to CIS, the v6 will have full virtualization like SB.

Anyway thanks to reply, it will be still useful.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top