Sandboxie, USB's & Malware
- Thread starter Tony Cole
- Start date
- Status
- Jul 28, 2014
- 1,990
Hmmmm I think the answer is no, because if you get infected with say a cryptolocker it will encrypt all files and folders it can find, including the HDD or USB, the sandboxed version of it is basically to protect the rest of your computer if your HDD has malware and has begun encrypting. It will only encrypt within the sandbox and leave the rest of your computer alone.
Think of it like this, your real computer has run files X, Y and Z while inside your sandbox has fake copies that are called X', Y' and Z'. When you run a cryptolocker unsandboxed it will affect all unsandboxed files, meaning X, Y and Z. If you run it in a sandbox it will of course only affect the sandboxed files, X', Y' and Z'. Running your HDD in sandbox will only protect your computer from malware within the HDD because only the HDD is sandboxed. If you run a malware outside the sandbox and your HDD is plugged in, then the malware would encrypt all files, no matter in the sandbox or not.
What happens when you sandbox your HDD is that it makes a copy of the files into your sandbox folder, and temporarily stores it there until you close the session, in which all data is cleared.
I hope you understand my long explanation
Think of it like this, your real computer has run files X, Y and Z while inside your sandbox has fake copies that are called X', Y' and Z'. When you run a cryptolocker unsandboxed it will affect all unsandboxed files, meaning X, Y and Z. If you run it in a sandbox it will of course only affect the sandboxed files, X', Y' and Z'. Running your HDD in sandbox will only protect your computer from malware within the HDD because only the HDD is sandboxed. If you run a malware outside the sandbox and your HDD is plugged in, then the malware would encrypt all files, no matter in the sandbox or not.
What happens when you sandbox your HDD is that it makes a copy of the files into your sandbox folder, and temporarily stores it there until you close the session, in which all data is cleared.
I hope you understand my long explanation
- May 17, 2015
- 705
- Mar 15, 2011
- 13,070
In a such straightforward conclusion; any changes done will be revert and as long you properly configured, the result will be very slim to jump out.
If a serious case like you've run a ransomware (from USB) in sandbox and everything in the Windows Explorer are vanished; there's a possible to execute CMD within the batch file that suppose created earlier. Also helps to assigned prior on shutdown/restart function.
http://forums.sandboxie.com/phpBB3/viewtopic.php?p=94962
If a serious case like you've run a ransomware (from USB) in sandbox and everything in the Windows Explorer are vanished; there's a possible to execute CMD within the batch file that suppose created earlier. Also helps to assigned prior on shutdown/restart function.
http://forums.sandboxie.com/phpBB3/viewtopic.php?p=94962
- Aug 2, 2014
- 368
How about ClosedFilePath=X:\ Where X is your drive letter.
Close the path to each and every drive you wish.
Except C:\ (assuming this is your system drive/partition)
You can't ClosedFilePath C:\ please don't do that! Otherwise Sandboxie will not work ! Your sandboxed programs won't work !
This sandbox setting line goes into Sandboxie.ini in each sandbox you have. This way if a cryptomalware runs within a sandbox it will not have access to that/those drives. Although by default, i.e. without ClosedFilePath setting, Sandboxie will allow crypto-malware to encrypt the sensitive files within this virtual confined environment (sandbox) only, not in the real filesystem, just close the sandboxed program and delete contents then the encrypted files will be gone and your real sensitive files in the real filesystem are untouched. Yet I still use this ClosedFilePath line as an extra protection, just to "feel" safer. Besides this line will block access to any other sort of malware trying to read and steal/copy your sensitive files.
You can use this setting for USB drives or internal drives/partitions as well.
Close the path to each and every drive you wish.
Except C:\ (assuming this is your system drive/partition)
You can't ClosedFilePath C:\ please don't do that! Otherwise Sandboxie will not work ! Your sandboxed programs won't work !
This sandbox setting line goes into Sandboxie.ini in each sandbox you have. This way if a cryptomalware runs within a sandbox it will not have access to that/those drives. Although by default, i.e. without ClosedFilePath setting, Sandboxie will allow crypto-malware to encrypt the sensitive files within this virtual confined environment (sandbox) only, not in the real filesystem, just close the sandboxed program and delete contents then the encrypted files will be gone and your real sensitive files in the real filesystem are untouched. Yet I still use this ClosedFilePath line as an extra protection, just to "feel" safer. Besides this line will block access to any other sort of malware trying to read and steal/copy your sensitive files.
You can use this setting for USB drives or internal drives/partitions as well.
Last edited:
- Aug 2, 2014
- 368
I forgot to mention: except C:\ (assuming this is your system drive/partition)
You can't ClosedFilePath C:\ please don't do that! Otherwise Sandboxie will not work !
Please undo that change, again if C:\ is your system/OS drive !
Your sandboxed programs won't work !
Yes, any sandboxed application/program would isolate encryptors launched in the same sandbox in the first place, no doubt about that.
Last edited:
- Aug 2, 2014
- 368
Now if crypto-malware runs outside any sandbox, I think there's nothing Sandboxie can do against it, then I think of AppGuard which can effectively block the threat.
You should know there are other programs well matured able to stop encryptors too.
You should know there are other programs well matured able to stop encryptors too.
Last edited:
- Aug 2, 2014
- 368
Re-reading the OP once again, I say sandboxing your USB/external HDD or whatever is meant to stop spreading an infection from those drives to your real system. See? Is the other way around. This setting is to prevent infections from infected USB external drives to the real system.Morning Everyone:
I was pondering/wondering if I used Sandboxie and sandboxed my external HHD (which apparently you can do) if you did get infected would that stop it spreading to your USB/external HDD?
Tony
The other layer of protection is to BACKUP! BACKUP! and BACKUP! Be prepared for a new unknown incredibly advanced threat which can bypass all your security programs (quite unlikely nowadays)... but who knows.
- Status
