if you run a program sandboxed via right-clicking the application and selecting run in sandbox, what degree of protection does it provide? Does it use the new full virtualization technology? I have seen reports of sandboxing not preventing auto-run entries from happening on the real system and worry that right-clicking and running something suspicious in sandbox that way may not give me the protection I had assumed it gives.
Can anyone clarify this?
Thanks.
Selecting the option to run in sandbox does in fact run it in the Fully Virtualized (FV) Sandbox. Thus, anything the file tries to do is done to the FV environment and not to the real computer.
Ah thanks for that. The only other question I have right now is, when I try and manually sandbox something via creating a rule, fully virtualized is missing on that screen. You know, the screen where you can also restrict runtime in seconds and memory usage etc. Should FV be an option on there?
Please post a screenshot of the window you’re referring to.
Adding the programs in that way will make it run with Full Virtualization. However, even on top of that you can choose an additional restriction level.
Regardless of which Restriction Level you choose it will be running in the Fully Virtualized Environment.
So no matter what you set it to, nothing is changed on the system? So these things are in addition to total isolation? Such as abilities like starting programs and reading clipboard but does not effect the level of “write” protection of the system as a whole?
Yes, regardless nothing they do can affect the real system. These are extra restrictions applied to the program running in the FV environment.