Is Partially Limited Safe Enough?

Hello,

I was just wondering if the default Auto-Sandbox level was safe enough for the average user. I hear a lot around the forums that some malware can go around partially limited and infect your computer. So I’m wondering, should I raise the auto-sandbox level on my computer from Partially Limited to something higher?

Some ransomware can bypass Partially Limited. I’d suggest at least using Limited. Some malware can bypass it, but from what I’ve seen it’s very rare. Untrusted so far has not been bypassed.

I hope that was helpful.

Thanks.

What about the new Fully Virtualized feature? From what I know it doesn’t seem to cause issues with running unknown software like anything over Partially Limited does.

Fully Virtualized is quite safe as well. I should have mentioned that as well. It has some small issues, but once again, being affected by them would be very rare.

Ok Thanks, I’ll use Fully Virtualized for right now and hope everything goes well :slight_smile:

Don’t you loose all data \ changes if you set auto-sandbox to Fully Virtualized, once you clean sandbox? Or is it defferent?

You lose the data / changes that was made from the sandboxed application yes, however for that data you have the Shared Space which you can move the data to. I’d recommend seeing the Fully Virtualized sandbox as a volatile environment, it isn’t but it makes it easier to take pre-cautions.

I am using Fully Virtualized. I run the app in sandbox, I check it :-TU then if I trust it I add it to trusted files and running out sandbox :-TU :slight_smile:

@SanyaIV. Yes, we have Shared Space, but it’s only usefull when you can save something there. You can’t save (copy to the real system) things like savegames or program settings (if you changed them after the program was fully virtualized) that way.

Now if you could select what to copy from the sandbox to the real system (by program), then “fully virtualized” would be more useful. And for now I think that it is (along with manual sandbox \ kiosk) better suited for testing, rather then everyday protection.

Well you can manually navigate to C:\VTRoot\ and move the files to the real system, that’s what I do if I need something that was accidentally put in the sandbox. I think launching explorer.exe as fully virtualized would work too and then you can move the files to the shared space, going to look into that.

Edit: Yup, with explorer.exe not sandboxed you can move files from "C:\VTRoot" to anywhere else. With explorer.exe sandboxed you can move the files to the Shared Space or any other excluded folder you’ve chosen.

I think fully virtualized is the best option.

When a malware runs in Fully Virtualized, isn’t work the same as running in the real system? (i.e.: send data to netbots, private info, etc).

In other words, it protects your system because you can revert the damage. But what about the info sent by the malware allow in virtual?

no far from it. it will run in an isolated (virtual) environment where it cannot touch your real system.

Actually from what I’ve found, fully virtualized applications can read pretty much anything, they just can’t modify the things. For example when I have my browser in the FV sandbox I can upload pictures from my pictures folder to sites, that folder isn’t in the exclusions. And from what I know, malware in the FV sandbox can still read keystrokes from the real system, so the firewall is really important here.

Edit: Added a link to the bug report.

:o

System protection vs Data protection…

For Data protection we have around 9 patent applications that will be incorporated into CIS in the next releases (don`t know exactly when ).

Always leaving little teasers. 88)

Good to hear more good news! :-TU

and CIS always comes up with a new features :love:

Pic from tray:

The recurring question which setting one would have O0

I imagine it depends whether it’s in the context of the functionality in the system or we discuss protection.

Myself I’m as much interested in having a suite that doesn’t brake the most important things in my system, like the importance of having a good installed protection.

So if it’s possible to merge these two aspects, which one should one choose ?