Sandbox BB Auto and Prompt difference

Could someone please explain the difference to me about how the software decides to either auto isolate (sandbox) or prompt to either run isolated,allow,block? Is it purely based on trusted certificates or vendors? Please refer to the two diagrams

Please be aware the CCleaner.exe in this case is actual malware.

[attachment deleted by admin]

I honestly don’t know, but my guess is that it only prompts when the application requests unlimited access, which I think/guess is administrator/elevated privileges? So basically I don’t know…

That could be it.? Having said that if you look at the first pic again under RUN ISOLATED it reads " Run the application with limited access rights " is this always the case even though i have set the sandbox to " Fully Virtualize " as can be seen in the second pic?

I’m not sure but I’d assume that if BB is set to FV then that button simply runs the application in the FV sandbox, I’m not sure though, it might possibly additionally apply some restrictions but like I said I’m not sure, I mostly use HIPS so this isn’t really my area.

Me too, im also new to the BB, much prefer HIPS like in version 5. I thought version 6 was horrible so i never used the first implementation of the BB. Anyway is there a way to disable the BB but still keep the Sandbox?

Not sure what you mean by that? You can manually sandbox programs even with BB disabled.

The first one occurs while running unknown installation packages in order to prevent placing them automatically in a sandbox which may be very inconvenient.

I see, but in that case I don’t like the the text for the pop-up, I think it should mention that it detected it as an installer rather than “just” asking for unlimited access…

I also have to agree with you on this.

Playing around with the BB settings. It seems as though you were correct. If the installers and up-daters as well as Elevated privileges alerts for unknown applications are checked, then the prompts are created. If unchecked it will allow execution of the installer with UAC but then sandbox. If its not an installer or updater it auto sandboxes as with pic 2.

the first prompt is for installers

Then why not mention it’s an installer rather than saying it requests unlimited access? Or perhaps mention both if both are true? 88)

both is true, if you click run unlimited it will give the installer the “installer/updater policy” which allows it to do whatever it wants

You can disable the installer policy alerts and make the sandbox handle them automatically. :slight_smile:

Yes but the alert doesn’t tell us that it is an installer, it just tells us that it requests unlimited access… It should in my opinion state that it is an installer and that it requests unlimited access…

And I still want the ability to edit the Installer/Updater Policy but that is off-topic.

add it to the wishlist

Which one? Prompt details or edit Installer/updater policy? ??? The latter I’ve already made a wish about and the former I don’t really care enough about to make a wish. :embarassed: :a0

There is setting in BB that i was nagging about for quite a while. So you get only the second popup even for installers or those that require unlimited access. You can still click “Don’t block anymore” below in the popup if you want it to have unlimited rights.

Excellent. thank you everyone for your responses. I do hope this will be fixed and detailed correctly in the prompt. In Regards the prompt showing “Limitited Acess Rights” when Sandbox is set to “Fully virtualise” Should this text then also be corrected to let the user know it is indeed set to FV (or any other mode set by the user ) if he/she runs isolated?