Sandbox and connecting to net

david_banner · February 2, 2013, 1:35pm

I ran a suspicious exe on an old pc just to see the sandbox work in v 6. It ran and said there is a part that can not be installed click to install it manually I did and it tried to connect to net.

Can programs in the sandbox connect to the net or was the one I clicked manually not in the sandbox even though it was part of one that was?

Sandbox is surrounded by green.I would suggest the green line is a bit thicker. It is easy to use though

SanyaIV · February 2, 2013, 1:50pm

Programs from within the sandbox can still access the Internet.

david_banner · February 2, 2013, 2:08pm

Thank you. If sandboxed exe connected to malware and downloaded some trojan would the trojan be in the sandbox or on the hard drive?

SanyaIV · February 2, 2013, 2:28pm

Whatever a sandboxed files does, it does within the sandbox. So if it downloads a malware then that should also be downloaded to the sandbox and if executed it would be executed within the Sandbox.
It should however be noted that the files are actually stored on the hard-drive since it would take too much to have everything in the RAM and where else are you going to have the data/information? It’s located in a hidden folder on the system drive called “VTRoot” I think this folder is only created after something is run in the sandbox and when you reset the sandbox this folder will be removed. But don’t worry, CIS will keep things within VTRoot from getting out.

At least this is the information I’ve gathered about the sandbox, there might be some minor deviations and do note that this is what is supposed to happen in theory and most probably happen in practice but I don’t know if it’s possible for malware to perform some exploit to get out or not, that is for someone else to comment on but it’s safer than just running them outside of the sandbox! Also note that this is what I’ve gathered from running “Fully Virtualized” I do not know if everything I’ve said applies to partially limited etc.

david_banner · February 2, 2013, 2:34pm

SanyaIV post:4:

Whatever a sandboxed files does, it does within the sandbox. So if it downloads a malware then that should also be downloaded to the sandbox and if executed it would be executed within the Sandbox.
It should however be noted that the files are actually stored on the hard-drive since it would take too much to have everything in the RAM and where else are you going to have the data/information? It’s located in a hidden folder on the system drive called “VTRoot” I think this folder is only created after something is run in the sandbox and when you reset the sandbox this folder will be removed. But don’t worry, CIS will keep things within VTRoot from getting out.

At least this is the information I’ve gathered about the sandbox, there might be some minor deviations and do note that this is what is supposed to happen in theory and most probably happen in practice but I don’t know if it’s possible for malware to perform some exploit to get out or not, that is for someone else to comment on but it’s safer than just running them outside of the sandbox! Also note that this is what I’ve gathered from running “Fully Virtualized” I do not know if everything I’ve said applies to partially limited etc.

very helpful explanation thanks. I note you are not 100% sure of some things

SanyaIV · February 2, 2013, 2:40pm

Good, because I’m just a user like you. I got my information from usage and skimming the forums.

treefrogs · February 2, 2013, 2:46pm

I have the firewall set to show all alerts so I can control what connects to the net whether it’s sandboxed or not.
A rule set or option would be good to have control over all sandboxed connection attempts but still have minimal “general” alerts Ie safe mode and FW set to low alerts.