I was just wondering if the default Auto-Sandbox level was safe enough for the average user. I hear a lot around the forums that some malware can go around partially limited and infect your computer. So I’m wondering, should I raise the auto-sandbox level on my computer from Partially Limited to something higher?
You lose the data / changes that was made from the sandboxed application yes, however for that data you have the Shared Space which you can move the data to. I’d recommend seeing the Fully Virtualized sandbox as a volatile environment, it isn’t but it makes it easier to take pre-cautions.
@SanyaIV. Yes, we have Shared Space, but it’s only usefull when you can save something there. You can’t save (copy to the real system) things like savegames or program settings (if you changed them after the program was fully virtualized) that way.
Now if you could select what to copy from the sandbox to the real system (by program), then “fully virtualized” would be more useful. And for now I think that it is (along with manual sandbox \ kiosk) better suited for testing, rather then everyday protection.
Well you can manually navigate to C:\VTRoot\ and move the files to the real system, that’s what I do if I need something that was accidentally put in the sandbox. I think launching explorer.exe as fully virtualized would work too and then you can move the files to the shared space, going to look into that.
Edit: Yup, with explorer.exe not sandboxed you can move files from "C:\VTRoot" to anywhere else. With explorer.exe sandboxed you can move the files to the Shared Space or any other excluded folder you’ve chosen.
Actually from what I’ve found, fully virtualized applications can read pretty much anything, they just can’t modify the things. For example when I have my browser in the FV sandbox I can upload pictures from my pictures folder to sites, that folder isn’t in the exclusions. And from what I know, malware in the FV sandbox can still read keystrokes from the real system, so the firewall is really important here.