Sandboxie

Its even so that an alerting AV pulled out the suspicious file from the sandbox in order to isolate it,its a post on one of the Sandboxie forums.

 

Thanks Huupi. I'm not exactly sure I understand what you mean though. Can you clarify your reply?
Are you saying that AV's quarantaine infected files by pulling them out of the sandbox and put them into their respective quarantaine folders?

 

Long story short, the AV is outside the sandbox, and is able to access the sandbox contents. It can detect the virus and yank it out. It has nothing to do with how secure is SandboxIE.

 

Exactly,it was the way it happens as i told you,peruse over at sandboxie forums,the post should be there.

 

never doubt that.

 

@Pedro: thanks for your answer. I'm not questioning how secure SandboxIE is (from what I have seen so far it's very secure and it complements my browsing habits/policy nicely)

@Huupi: I will try and find the post on the forum, thanks!

I will probably do only a bit of browsing in the sandboxes. Is there any need to adjust the 'Resource Access' settings? I'm not exactly sure what they all mean.

 

As long as your AV stops the .com files, etc from downloading you should be pretty safe. Zip, and RAR files are in themselves harmless until some applications opens or unpacks them. I don't think you have to do any adjustments.

For the record, I had a paid subscription to AVG Pro and still have time on the subscriptions, but uninstalled it to try the NOD32 on my wife and daughter's computers. NOD32 found 16 infiltrations, including Trojans, that were never found with the AVG. Needless to say, I'm registering them at the end of their respective trials. I had already installed Avast! Pro 4.7 on my computer and since it has a full year subscription, only recently bought, I'll live with it for the time being. However, I do thing the NOD32 is the better of the two.
However, Avast! Pro 4.7 did not allow me to even download a zip file from http://www.eicar.org/ and the only way I could download a zip file was with the secure site that was encrypted.

I'll update since typing my post there were responses.
1. The Avast! program did not snatch the eicar test virus out of the sandbox. It stopped it at the source out on the http site before it could even make it across to here.
2. In a secure site at eicar I did download the eicar.zip (compressed) file to one of my hard drives, and since it was secure it showed up, this time, in the sandbox. So I recovered it to same folder. I could have easily deleted it or sent it to some place for later checking if I wanted to.

So, I don't think the AV programs (at least not Avast! Pro) yank anything out of the sandbox. It was stopped at the moment of initial download and would NOT allow it to be even downloaded. In other words, in my log I saw that the virus was found and halted at the source website, and not on any drive in my computer.

 

Never thought that Avast Pro was that all intrusive,all the way...........to ISP.......to sourse,your kidding,but you meant another thing,do you !?!

 

For what i was trying to say, it still stands. The AV isn't affected by the presence of the sandbox, nor is SBIE's purpose.

Huupi: he means Avast! caught it while being downloaded, and prevented it being saved.

 

That is correct Pedro. When I request the file out at the website of eicar.org, the server there had to switch me to another section (at the website) that actually held the file for the download and present instructions to me if I wanted to save it or run it from there. At that point it was halted.
You are also correct my friend, that the sanbox and the AV are unaffected by each other, it (sandboxie) just provides additional security to your system. Kind of like a "virtual world".

 

Sorry if this sounds like a stupid question,if you downloaded a zip file and wanted to scan it with AV before recovering it from the sandbox,would you open the file (sandboxed ) and right click and choose scan with AV ? Or would you navigate to the C:/ sandbox folder (without exploring it ) and scan that.Would you do the latter, say if you wanted to use an online AV scanner.Cheers

 

You cannot use Sandboxie Control for virus scanning.
I navigate to the Sandboxie'd file in my File Mgr and do the right click scan there.
Same procedure for on-line virus submission.
When prompted to browse for upload, merely find suspect file (using your File Manager) in your Sandboxie'd files directory.

 

Thank you very much

 

Pleasure.
As long as you leave suspect file in Sandboxie's folder (except that you upload it for on-line scan), you should be quite safe until you determine the threat (or lack thereof) of said file(s).

 

Indeed so. I see a lot of similarity but in a drastically different manner then running say FD-ISR as SandboxIE captures EVERYTHING sandbox within a containment field and is easily dismissed if not found approved. No reboot needed.

 

Im posting this again as I posted in the Sandboxie forum and did not get a single reply! - See below:

I want to use Sandboxie to protect my PC from external infection. I have the registered version.

What I have in mind is to sandbox my Windows Live Shared Folders, My Messenger download folder, my Shareaza download folder etc - thus preventing nasties doing any damage. I can set this up myself.

I want to protect myself from nasties coming via email so want to cover Outlook - which I use to get my MSN email. If I set Sandboxie to force Outlook to run in the sandbox, will I loose any new diary entries, appointments, contacts that are added to Outlook when the sandbox is emptied?

will my AV (AVG AM) + (SAS) be able to scan downloaded files in the sandbox?

If I set Sandboxie to run the CD drive, external Hard drives etc in a sandbox, does this mean that any software installed from these drives will be lost when the sandbox is emptied?

I use NewsRover to gownload music etc(clearly, copyright free music...) from usenet. Do I need to sandbox Newsrover, or dust the download directories? I ask as Newsrover keeps a database of downloaded files, duplicate files etc which I guess would be lost when the sandbox was emptied. Is there a way to sandbox this application, but allow certain files to be automatically saved when the sandbox was emptied?

All advice welcome.

 

you will loose your email or set up a folder in My Documents. Save the email to that folder.

Yes your AV will scan anything Sandboxed.

Yes your stuff will be lost from the CD drive unless you set the option to recover on closing. How well this works I cant say.

That is all I know. The bestrule of thumb is to try.

 

I am just checking to see if anyone else has run into this problem. I installed Sandboxie [The latest version] and started having system crashing at shut down or re-boot. I uninstalled Sandboxie and the problem went away.

 

No problems here on 32 bit XP Pro. Are you still using Comodo w/Defense +? Maybe the HIPS is blocking one or more of the Sandboxie processes. the ss shows five that require rules for mine (System Sfaety Monitor). Did you try clearing the checkbox "When Windows starts" under: Configure-> Shell integration? Are you running 32 bit or 64 bit Windows? If 64, there is an older, unsupported version of Sandboxie available.

 

I am running 32 bit xp home. I have Comodo full with Defense+. I no longer have SSM. The check box you are referring to ,is it in Sandboxie?

 

Yes, it's in the menu bar of Sandboxie. I'm just thinking that one or more of the same processes (in my ssm screenshot) could be getting blocked by Comodo HIPS. I don't use the product so I'm not sure the best way to go about it unless you know of a way to reduce the impact the HIPS has such as a "learning mode" type feature you could enable so it does not block the processes from launching. Otherwise, you could try clearing that Sandboxie checkbox so it does not autostart at Windows login, then try launching it manually.

 

The system crashes on shutdown not startup. Comodo Defense+ is set to learn in Safe Mode.

 

I'm not sure what else to advise on. You could try checking Event viewer under: Control Panel-> Administrative Tools, and check the Application & System events for errors that may give a clue, but those alerts can be vague, difficult to decipher. I'm new to Sandboxie so I have little more to offer regarding it, too, unless you want to try a removal/re-install of it. Just make sure you have other applications closed if you do this.