I was just wondering if the default Auto-Sandbox level was safe enough for the average user. I hear a lot around the forums that some malware can go around partially limited and infect your computer. So I’m wondering, should I raise the auto-sandbox level on my computer from Partially Limited to something higher?
Some ransomware can bypass Partially Limited. I’d suggest at least using Limited. Some malware can bypass it, but from what I’ve seen it’s very rare. Untrusted so far has not been bypassed.
What about the new Fully Virtualized feature? From what I know it doesn’t seem to cause issues with running unknown software like anything over Partially Limited does.
Fully Virtualized is quite safe as well. I should have mentioned that as well. It has some small issues, but once again, being affected by them would be very rare.
You lose the data / changes that was made from the sandboxed application yes, however for that data you have the Shared Space which you can move the data to. I’d recommend seeing the Fully Virtualized sandbox as a volatile environment, it isn’t but it makes it easier to take pre-cautions.
@SanyaIV. Yes, we have Shared Space, but it’s only usefull when you can save something there. You can’t save (copy to the real system) things like savegames or program settings (if you changed them after the program was fully virtualized) that way.
Now if you could select what to copy from the sandbox to the real system (by program), then “fully virtualized” would be more useful. And for now I think that it is (along with manual sandbox \ kiosk) better suited for testing, rather then everyday protection.
Well you can manually navigate to C:\VTRoot\ and move the files to the real system, that’s what I do if I need something that was accidentally put in the sandbox. I think launching explorer.exe as fully virtualized would work too and then you can move the files to the shared space, going to look into that.
Edit: Yup, with explorer.exe not sandboxed you can move files from "C:\VTRoot" to anywhere else. With explorer.exe sandboxed you can move the files to the Shared Space or any other excluded folder you’ve chosen.
Actually from what I’ve found, fully virtualized applications can read pretty much anything, they just can’t modify the things. For example when I have my browser in the FV sandbox I can upload pictures from my pictures folder to sites, that folder isn’t in the exclusions. And from what I know, malware in the FV sandbox can still read keystrokes from the real system, so the firewall is really important here.
The recurring question which setting one would have O0
I imagine it depends whether it’s in the context of the functionality in the system or we discuss protection.
Myself I’m as much interested in having a suite that doesn’t brake the most important things in my system, like the importance of having a good installed protection.
So if it’s possible to merge these two aspects, which one should one choose ?