Author Topic: Wiping the Sandbox - how can I do this?  (Read 4978 times)

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Wiping the Sandbox - how can I do this?
« on: April 05, 2013, 05:07:53 AM »
Users may wish to delete the contents of the sandbox so the files cannot be restored. The sanbox itself provides no facility for this, but it can be achieved by another Comodo tool CSU (formerly CSC). The free version is sufficient.

To do this follow the following procedure:

  • Go into Control Panel ~ File and folder actions ~ View and choose 'show hidden files, folder and drives'. You can also untick 'hide system files' though this increases the risk of mistakenly deleting OS files
  • Enter then Exit from Kiosk - do not use 'Switch to Windows' - and close any other sandboxed processes (those running with a green border).
  • Open CSU and choose Shredder ~ Settings, then choose your deletion method. Random data is better than zeros, and 3 passes is reasonably secure. Gutmann is good but takes a long time. No deletion method is totally guaranteed.
  • Choose Shred files and folders. Navigate to C:\VTRoot and select the folder for deletion, being very very careful not to select C:\ or any files in it for deletion. To be thorough you can also select "C:\Windows\System32\drivers\fvstore.dat", but if you do so be very careful not to select any other files in that directory.
  • CSU will ask for confirmation, and warn about deletion on drive containing you OS, please double check you have not selected C:\ or any OS files before you confirm
  • CSU will now attempt deletion, but even if you have followed the above guidance there will probably be some files that it cannot delete without a reboot, so it will probably schedule a delete on reboot.
  • On reboot enter CIS ~ Sandbox tasks and do a Reset. This deletes registry keys. It is not possible to shred registry keys using CSU. You can sometimes delete them, but you may as well do that using sandbox Reset.
  • Just to check, navigate to C:\VTRoot using Windows Explorer. It should be gone. If it is not it probably means that the Safe Delete Driver has been disabled by the OS on your machine. If so you may find that repeating the above process from the invocation of CSU will achieve a wipe. If not then you need to investigate what files are left and report the problem in the forums. This where unticking 'hide system files' may come in, as you may not otherwise be able to see the files which CSU is refusing to delete.
  • Finally, reverse your changes to File and folder settings unless you are an expert user and understand the risks of keeping hidden and perhaps system files revealed



This FAQ has been prepared by a volunteer moderator – with input from many other moderators (Thanks everyone). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo. My particular thanks for treefrogs for helping to develop detailed recommendations and testing them
« Last Edit: May 23, 2013, 07:58:39 AM by mouse1 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek