Sandbox Levels - Confused

What level should I set the Behavior Blocker - I currently use Restricted? (Languy99 also uses Restricted)If I run download in the Sandbox, how do I get it out, or do I have to re-download it/run it again

:slight_smile: :wink: :-TU ;D ;D :BNC

If you did not clean your sandbox the files will be in C:\VTRoot\ I belive.

  1. partially limited

  2. In the sandbox, You can save the file to the shared space.

I thought partially limited offers no protection against ransomware? :P0l

True, that’s why either you set BB to Restricted if you not under windows xp, but if you run under windows xp you should set BB to Untrusted, its seems that on windows xp Restricted can’t protect you from Ransomware

I believe that even Limited protects against ransomware. However, there are a few pieces of malware which can bypass Restricted. That’s why I currently advise Untrusted.

They really have to work on ransomware more. It’s really the top “selling” point of CIS. If they can’t block that by default, then it’s pointless really as it then provides the same protection as anyone else…