Feedback on 'Introduction to the 6.0 Sandbox' and 'Using the Sandbox' stickies

You guys may be interested in looking systematically at the extent of virtualisation.

If so please see this new sticky: here and post some results.

Procmon is quite a fun tool :slight_smile:

Best wishes


And thanks guys there are some things I need to add to the Introduction as a result of your posts.

New article on Kiosk and manual sandbox here. Hope this helps.

This is outside the scope of the Introduction, as the introduction only deals with virtualisation.

But glad is was answered anyway :slight_smile:

This article now updated to clarify this: here.

If you want to know more please consider contributing to this community effort here.

Best wishes


mouse1, how strong is the sandbox in Win x64, if it has some limitations compared with Win x32?

You can tick this one for X64 system.

[attachment deleted by admin]

Egemen has indicated that a kernel-level hook has been used for the sandbox, and stated that this is stronger than Sandboxie which uses a user level hook.

I’m guessing that this does apply to x64, as it was with x64 systems that Sandboxies was if I remember correctly having problems.

I personally am a little worried by the results of my tests with procmon. They do appear to show some leakage, but I cannot be sure this is what it is, and that it is unintended, without comment from the devs, and the devs have made no comment yet. They could (but only could) be interpreted as suggesting that registry and kernel virtualisation was hooking in at different levels, too.

It would be good to get a few more people testing with procmon and form a consensus…

Sorry to present so unclear a picture, but it’s all I have.

Best wishes

Thank you for your comprehensive answer!

Interested in “Banking & other apps where private communication” usage and read some of the guide.

  1. Is this “Create a subdirectory of(on?) your desktop call it Banking.” essential. If that’s just for a tidy desktop, then, it should be deleted to avoid complication of the procedures. The procedures may already too much for a normal user.

  2. I do use a separate browser for secure tasks. But I’m hesitate to use any electronic storage(like password managers) to store passwords for the critical sites. So it is not possible for me to access the sites via a password manager. Is it really unsafe to use bookmarks for the critical sites in the secure browser? Is it possible to configure D+ to protect the bookbarks in the secure browser?

Thanks hkoj, your comments are very much appreciated. There are reasons, I think good ones, but there may be better ways of achieving the same thing.

Will respond with the reasons in detail tomorrow am and move this post to the alpha guides feedback thread if that’s OK with you.

Best wishes and many thanks again


2. I do use a separate browser for secure tasks. But I'm hesitate to use any electronic storage(like password managers) to store passwords for the critical sites. So it is not possible for me to access the sites via a password manager. Is it really unsafe to use bookmarks for the critical sites in the secure browser? Is it possible to configure D+ to protect the bookbarks in the secure browser?
Unfortunately if you use browser bookmarks they will be cleared each reset, unless you exclude the file(s) concerned from virtualisation. If you do exclude them then any bookmarks created by malware will persist across resets, giving the possibility of malware confusing you. Browser bookmarks are a common attack point for banking exploits.

Better options for you might be:

[ol]- Use Keepass or other password manager to store URLs but not passwords. Should work OK. I’ll maybe make clear this is an option I think when I update the guidelines. Thanks for drawing this to my attention.

  • Create the shortcuts/directory in the shared space. Malware could still create confusing shortcuts, but it would have to be targeted at CIS.
  • Use browser bookmarks, exclude the files involved from virtualisation, but lock down the bookmark files using HIPS. Complex (hence not suggested) but probably most convenient[/ol]

It’s important if people are going to use the Kiosk for more than one of these purposes. Just for convenience otherwise, so I could say it’s optional if you don’t want to use the Kiosk for multiple purposes. Thanks for drawing this to my attention.

The idea is to ensure people use the right browser and other software instances for the right purpose. Having the folder and the .exe labelled with the purpose name will assist this. A double check. Having all the links in one directory will make it more convenient for people to use the right software copies.

Many thanks again for your comments, I’ll amend accordingly.

Best wishes


By the way the reason why the general guideline suggests removing pre-installed Kiosk desktop clutter is two fold:

  • The security of a banking Kiosk is increased if Banking’s the only thing people do there. Encouraging them to play games in the Kiosk is not a great idea as games site often host malware
  • If you click on a desktop shortcut [edit: except the ones in the tablet pane] you will invoke the default browser, in many cases this will be IE, which is about the most insecure browser possible. There’s a risk people will then use this for their banking. You can of course change the default browser so its different in the virtulaised environment. But then you’s lose theat setting on reset

Note that you can remove shortcuts from the Kiosk, without removing them from the standard windows desktop.

Best wishes


Thanks for your suggestions. I may try option 1 or 3.

As you’ve suggested, add-on such as Adblock plus, can be installed in the secure browser. Am I right that the add-on and any other configure not to be cleared after sandbox reset should be installed before moving the “portable browser program folder” to “C:\Program Files (x86)\RunVirtualised\Banking\Browser” folder?

It’s best to create a new portable installation in the C:\Program Files (x86)\RunVirtualised\Banking\Browser, instead of moving an old one if you can. (Just in case of some sort of historical infection, and to ensure the browser works correctly). After installation in that folder install any add-ons you want.

Best wishes


I am trying to use Roboform everywhere in the virtual browsers… So far no luck. Any suggestions. What settings would make this work? I tried excluding the roboform folders from virtualisation, but it didn’t work…

:frowning: And I don’t want to type my passwords 15 times a day or remain connected via cookies.

Have you tried the new Beta, it may help?

Otherwise if you give me some idea of the difficulties you are facing, I may be able to help

Basically the approach is:
0) Install broswer outside Kiosk

  1. Install password management software outside Kiosk/Sandbox
  2. Locate data file in secure space, or in other directory with shared virt/non-virt access
  3. Make shortcuts accessible in Kiosk to run both virtualised from

I have a good one.
everytime i launch firefox 17.0 with the latest flash player non beta installed.
CIS 6 sandboxes it at as partially limited and locks up firefox. Firefox is not responding or any anything like that.

it just hangs and you have to kill it with the task manager and try another browser. all browsers work except Firefox.

I have tried adding it as a behavior block exception, a trusted app by the firewall.

I am running Comodo Antivirus 2639 with the restored tvl from 2626 beta.
I Have Bitdefender 2013 AV only. I have Superantispyware and just the evals of malware bytes and hitman pro. this is the only problem with it. Although if I uninstall Bitdefender and Install Avast it works fine.

Bit Defender support says to to uninstall comodo, super anti spyware , and malwarebytes and hit man pro
and won’t talk to me. They say i can only run their product. So forget their support. But i am want to keep bitdefender antivirus.

Active shields are bitdefender and Superanti spyware. i also tried adding trusted applications and processes in bit defender for for Firefox but it makes no difference. I wish i could stop CIS 6 from sand boxing as in the log

it only does this with firefox. Opera works fine, Chrome works fine, and Internet explorer 10 works fine.
The system is

Windows 8 Pro with Media Center x64
8 Gigs ram
Intel quadcore 2.5ghz
1tb WD Black 7200 Rpm
Nvidia GeForce 460

It would just be nice to have firefox back again.
i also tried the beta 18 of fire fox and the new beta flash.
and also went back to firefox 16 and current flash all with same results


Thanks very much for this information please could you report it as a bug in the Beta bugs topic, using the format requested there.

Thank you very much in anticipation

Best wishes


I would like the Auto sandbox set to limited instead of Partially limited buy default so it does better vs rasomware and Fake AVs