Newbie ..sandbox setup help

Hi
I'm new here and not so expert about security setup things .start using sanboxie few days and trying to configure (setup) it perfectly.Following ssj100's sandbox setup guide but im litlebit confused about step 15 how can do this ? i mean i have to run windows explorer (explorer.exe) all the time sandboxed or what?

any help?

Thanks

Sorry for bad English

Yes, step 15 is a bit confusing actually. Don't worry, I'll try to clarify things soon with step by step instructions on how to carry out step 15 (I posted these step by step instructions on the Wilders forum once but I think that post is deleted now).

By the way, welcome to the forums!

Thanks ssj100 ..waiting for your step by step instructions

I have one more question if i enable DEP i know it is good for security but any negative ..i mean running program or installations like this?

Reason for employing step 15:

1. Eg. you download files into your "Downloads" folder from your sandboxed web browser.
2. Your "Downloads" folder is forced sandboxed.
3. Despite following 1. and 2., there is unfortunately no guarantee that the file(s) you have downloaded will open sandboxed when you double click on them. Don't get me wrong - most files probably will open sandboxed, but it is well known that some might not. For example, if Windows Picture and Fax Viewer or Windows Media Player are your default picture viewers and default video players respectively, browsing to your downloads folder and opening these files will result in them opening unsandboxed. In recent times, there have been a few other examples. I repeat, there is no guarantee that a forced folder will open all files sandboxed.
4. So how do we deal with this issue with Sandboxie? Here's how:
5. The idea is to open these files with a sandboxed explorer.exe. This doesn't mean force sandboxing explorer.exe itself. Instead, you simply have to open an instance of a sandboxed explorer.exe (via a conveniently placed shortcut):

1. Open "Sandboxie Control"
2. Click "Configure", then click "Windows Shell Integration"
3. Click "Add Shortcut Icons"
4. Select the sandbox you want to open your newly introduced files with a sandboxed explorer.exe
5. Since I usually (recover out of the sandbox and) place all newly introduced files on to my desktop (this is safe practise in my opinion, as malware simply can't execute by itself - you still have to run the file...and keep in mind I employ a system-wide default-deny anti-executable mechanism with a well configured SRP), I simply now have to select "Desktop", then "(explore folder)".
6. The shortcut will appear on your desktop and it will have the following command (which you can view by right clicking the shortcut and then clicking "Properties"):
"C:\Program Files\Sandboxie\Start.exe" /box:123456 "C:\WINDOWS\explorer.exe" /e,"ABCDEF"

123456: name of your selected sandbox
ABCDEF: path of your downloads folder (in my case, C:\Documents and Settings\XXXXXX\Desktop), where XXXXXX is the name of my user account.

I've purposefully given the above long-winded approach so that people can understand better how to do things via the Sandboxie GUI (Sandboxie Control). However, there are at least 2 other ways to do this and they are probably much faster. One other way involves the use of a Sandboxie third party application which automatically creates sandboxed shortcuts for you. The other way is as follows:

1. Right click a blank space on your desktop
2. Click "New", then click "Shortcut", then click "Browse"
3. Navigate to where "Start.exe" is (usually C:\Program Files\Sandboxie\Start.exe)
4. Click OK
5. Now you'll need to manually finish typing in the full command as above:
"C:\Program Files\Sandboxie\Start.exe" /box:123456 "C:\WINDOWS\explorer.exe" /e,"ABCDEF"
6. Click "Next"
7. Now type the desired name of your shortcut and click "Finish".

There you have it. Once this shortcut is created, place it somewhere conveniently - I place it on my Quick Launch bar. So whenever I download a file on to my desktop (or whichever is my downloads folder), all I simply need to do to guarantee that it opens sandboxed is to click on my shortcut and it will automatically open a sandboxed explorer.exe which automatically navigates to my downloads folder ("Desktop" in my case).

Take your time to go through the above and feel free to ask further questions - it can be quite complex for the novice user.

Mart wrote:Thanks ssj100 ..waiting for your step by step instructions

I have one more question if i enable DEP i know it is good for security but any negative ..i mean running program or installations like this?

I've never noticed any problems enabling DEP for all programs and services. If you do run into problems, you can simply add exceptions.

Thanks for nice explanations

here is my step 6 shortcut properties command if you can please check if it is correct
"C:\Program Files\Sandboxie\Start.exe" /box:SandboxieDownloads "C:\Windows\explorer.exe" /e,"C:\Users\xxxxx\Desktop" /e,"Sandboxie Downloads"

i have one folder in D drive name Sandboxie Downloads and that folder is forced sandboxed

Mart wrote:Thanks for nice explanations

here is my step 6 shortcut properties command if you can please check if it is correct
"C:\Program Files\Sandboxie\Start.exe" /box:SandboxieDownloads "C:\Windows\explorer.exe" /e,"C:\Users\xxxxx\Desktop" /e,"Sandboxie Downloads"

i have one folder in D drive name Sandboxie Downloads and that folder is forced sandboxed

That doesn't look right. It should be something like this:
"C:\Program Files\Sandboxie\Start.exe" /box:SandboxieDownloads "C:\Windows\explorer.exe" /e,"D:\Sandboxie Downloads"

Thanks ..This one work
"C:\Program Files\Sandboxie\Start.exe" /box:Downloads "C:\Windows\explorer.exe" /e,"C:\Users\xxxx\Desktop"D:\Sandboxie Downloads"

anyway i wants to ask another question
I created one folder in D drive name Movies and i added it options forced folder
now my question is if i browse default explorer.exe(Unsandboxed) and browse this folder and play any media file it will be open in Sandboxed or unsandboxed ?

Mart wrote:anyway i wants to ask another question
I created one folder in D drive name Movies and i added it options forced folder
now my question is if i browse default explorer.exe(Unsandboxed) and browse this folder and play any media file it will be open in Sandboxed or unsandboxed ?

It will most likely open sandboxed, unless Windows Media Player (WMP) is your default video player. If WMP is your default video player, then you may find some video files will open unsandboxed.

This is the case for all programs like Sandboxie, including GesWall and DefenseWall. In my opinion, Sandboxie beats them because you can still use a good security approach by opening files via a sandboxed explorer.exe, and therefore guaranteeing that all files will open sandboxed.

No its not working.Here what i did
I created one folder in D drive name Movies added it to forced folder and created one new sandbox named movies.My default media player VLC(Unsandboxed) .Now when i browse default explorer.exe (Unsandboxed) browse movies folder and play one media file VLC opened unsandboxed and folder is not sandboxed too.I know if i forced vlc run in sandbox thn it should be open sandboxed but thn there is no meaning to create Sanboxed folder which way im thinking to create

any idea??hope you will understand what im trying to say.....

Yes I think I understand what you're saying and I'm surprised that it's not opening VLC sandboxed when you play the video file. Let me try to reproduce it in my VM.

By the way, you're using a Registered version of Sandboxie right?

Yes Registered version..When i added one folder in forced folder options that means that folder Sandboxed.So if i browse normal way and if i play any media file from that folder it should be open sandboxed..or not?

Yes it should (in most cases). I just tested it and it works fine with VLC player - my media file (inside a forced folder) is opened sandboxed, even though I'm browsing it with an unsandboxed explorer.exe. I'm not sure why it's not working for you sorry. I'd suggest posting this issue on the Sandboxie forums, along with the OS you're using, 32-bit or 64-bit, and other third party security software you're using.

When you tested VLC was not in forced programs ?


anyway thanks for your kind help........

Mart wrote:When you tested VLC was not in forced programs ?


anyway thanks for your kind help........

Yes, VLC was not in forced programs. As I said, I'm not sure why it's not working for you. Good luck anyway. And no problem.

Hi Mart&ssj100!!

For me,I also use VLC as my default player,it is easier just to add it as a forced program,than to run down every folder I may have video content in.

If I have not gotten "cute" with blocked file restrictions,all vid files open in their default program,(VLC),and as it is a forced program,always Sandboxed.

nice thread,

respect,
noor

Yes noor that's the esaiest way but i m just curious when i added one folder in forced folder options it contains should be open sandboxed ..doesnt matter if i browse with an unsandboxed explorer.exe but its not working for me ..bad luck

Windows 7 Ultimate x86
Windows Firewall
Avast

Thanks ssj100 .Now its working ..

• You download vegeta.jpg.
• You open vegeta.jpg with a sandboxed explorer.exe.
• Here is the step I'm unsure of.
• You move vegeta.jpg to D:\Images.
• You open vegeta.jpg in the future with an unsandboxed explorer.exe.

What do you do in the step I'm unsure of?

Throwawayaccount123456 wrote:• You download vegeta.jpg.
• You open vegeta.jpg with a sandboxed explorer.exe.
• Here is the step I'm unsure of.
• You move vegeta.jpg to D:\Images.
• You open vegeta.jpg in the future with an unsandboxed explorer.exe.

What do you do in the step I'm unsure of?

A few things you can do to deal with this.  Before you move files around, you ideally should seek the opinion of a black-listing program (eg. virustotal, antivirus etc).  If you still want to open/run the newly introduced file(s) sandboxed, then you simply need to configure a Sandboxie (sandboxed explorer.exe) shortcut to the folder containing the newly introduced file(s) - in this case, it would be a shortcut to D:\Images.

ssj100 wrote:

Throwawayaccount123456 wrote:• You download vegeta.jpg.
• You open vegeta.jpg with a sandboxed explorer.exe.
• Here is the step I'm unsure of.
• You move vegeta.jpg to D:\Images.
• You open vegeta.jpg in the future with an unsandboxed explorer.exe.

What do you do in the step I'm unsure of?

A few things you can do to deal with this.  Before you move files around, you ideally should seek the opinion of a black-listing program (eg. virustotal, antivirus etc).  If you still want to open/run the newly introduced file(s) sandboxed, then you simply need to configure a Sandboxie (sandboxed explorer.exe) shortcut to the folder containing the newly introduced file(s) - in this case, it would be a shortcut to D:\Images.

Do you use two file explorers: one sandboxed for reading and one unsandboxed for writing?

Or do you open newly introduced files only the first time sandboxed to catch obvious malware without it writing to your real system?

Basically I always try to open/run everything sandboxed for as long as I feel is required.  If a file needs to be modified, then I would ideally scan it with a black-listing program before opening it unsandboxed.  Otherwise, for other files like videos, they can always be opened sandboxed even after they are moved from the main Downloads folder.

Before I move files out of my main Downloads folder, I usually scan the folder with Emsisoft Emergency Kit (EEK).  Then if all is clear (it always is), I would feel confident of moving the files out of the Downloads folder to a more permanent folder.  However, as I stated above, I still open files like videos sandboxed even after moving them.

Thank you for further detailing your setup.

ssj100 wrote:Basically I always try to open/run everything sandboxed for as long as I feel is required.  If a file needs to be modified, then I would ideally scan it with a black-listing program before opening it unsandboxed.  Otherwise, for other files like videos, they can always be opened sandboxed even after they are moved from the main Downloads folder.

ssj100 wrote:Before I move files out of my main Downloads folder, I usually scan the folder with Emsisoft Emergency Kit (EEK).

Is this Downloads folder sitting outside or inside a SBIE environment at all times? If it's not, then
doesn't that mean the files even though not opened yet with SBIE can be malicious?

ssj100 wrote:Then if all is clear (it always is), I would feel confident of moving the files out of the Downloads folder to a more permanent folder.  However, as I stated above, I still open files like videos sandboxed even after moving them.

The actual Downloads folder is of course sitting outside the SBIE environment. The files could indeed be malicious, but then how are they going to execute by themselves? Even if it's possible for them to execute by themselves, my security setup (at least back on Windows XP) had an anti-executable component to it (SRP).

But if you're downloading and recovering specific files (eg. video/music files) out of the sandbox and into this Downloads folder, I really can't see how they can spontaneously execute when you're not even viewing (reading) them unsandboxed.