There needs to be an option in the unrecognized files window to not only delete the files that would be sandboxed, but also undo any changes that they made.
For example in the third part of a review done by Languy99 it turned out that one of the rogues was able to create folders and files in the programs folder and these were detected by Malwarebytes. This is fine as the computer itself was not infected, but it could scare some users from using CIS. CIS should be able to clean up after itself.
I would like to see the option to track and undo any changes that sandboxed files have made to the computer. Let me know what you think.
Possibly, but that’s currently not enabled for files that are automatically sandboxed.
Even if it were there would still be advantages to allowing files to run in a sandbox very similar to that of V5 and give the option to remove all traces if you changed your mind. That way information could be saved to the actual hard-drive without worry of infecting the computer or similar worries.
I’d just like to see the next sandbox have a few more options and features.
If they’re fully virtualized, all changes will be stored in the app’s folder in vritualroot. That can be easily deleted although an auto-delete option might be more convenient.
I think what you want is a rollback feature of some kind, that would automatically commit changes at a certain point unless you press a button to delete all changes. Is that what you’re looking for? That would be hard to implement as you potentially have other programs that could be modifying the same files as the sandboxed app so committing a sandboxed file could overwrite other changes by non-sandboxed apps.
I think it could just keep track of what the program itself creates, like with CPM, and then delete any files or folders it creates. I suppose it wouldn’t have to undo all changes, but just get rid of anything a sandboxed file creates.
I think he refers to the ‘automatically delete contents’ feature available in Sandoxie, wherein all the traces created by the program say firefox (including cookies) are deleted when the application is closed i.e. when Sandboxie become inactive. (Which, by the way is not activated by default)
That could be a good feature for dealing with malware, but may affect functioning of many (too many) legitimate programs if it is enabled for autosandboxing and may give headaches to many novice users. May be an option in the alert for ‘enable full virtualisation’ may be helpful for CIS to delete the contents.