I am confused on the best way to limit an unknown files usage if you are unsure if the file is good or bad.
I set my CIS up wtih Chiron’s guide. I have BB set to “untrusted”.
When I go to load an program that is unknown, it auto-sandoxes the program as untrusted. This level of restriction keeps it from running. So I go into “Sandbox” settings and manually add the file as “Restricted” or “Limited” to allow it to run and still have some protection with the sandbox.
My question is:
Is this the right way to limit a program you are 95% sure is good?
What is BB exceptions used for? This seems like the same thing as adding an exception to the Sandbox.
When you add a program to the trusted list, can you also force the program to load as Restricted or Limited with the Sandbox exceptions?
Lastly, back to the original problem…tell me if I am doing this right. To limit access to a exe file, I add it to the Sandbox as Restricted or Limited. I then block internet access to the program in the firewall. If I add the program in the Sandbox, do I need to block internet access in the Firewall also, or does the Sandbox block internet access?
I’m trying to figure out a way to get the same level of protection with increased usability. However, as I’m sure you can understand, this is a very difficult task.
What I would recommend is that you use the methods I suggest in this article to find out if the file is dangerous. Then, if it is not, you can add it to your trusted files. That way it will never be sandboxed again, and thus will work correctly.
I suppose you could also do this. What this will do is run the file in a Fully Virtualized environment with whichever restriction level you choose. If you like you can certainly choose Limited. That should be safe enough. However, if you would like the program to run on your actual computer please follow the advice I give above.
To explain this please read this page of the online help file.
I don’t think so. I believe that if you define it as trusted it will not be restricted by either Defense+ or the Firewall component. I don’t believe there is a way around that, but I’m sure someone will correct me if I’m wrong.
Please see the first comment I made. However, if you do decide to add the file to the sandbox internet access is not automatically blocked. However, you should still receive an alert if it tries to access the internet, which you could just choose to block. Thus, no extra rules are required.
Please let me know if you have any other questions.