Sandboxie Configurations.

system · September 1, 2008, 12:11pm

Hi Guys,

Let’s start sharing some Tips, Tricks & Configurations around Sandboxie.

Thanks
Josh

system · September 1, 2008, 8:42pm

Yeah, I would like to see some tips, tricks and configs, but it seems no one wants to share their secrets? ;D

What about you Josh? Use it? What’s your set up?
I might be using Sandboxie in a not so distant future and would like to alot more about it…

fazio93 · September 1, 2008, 9:01pm

i’m just waiting for comodo sandbox…

system · September 2, 2008, 12:31am

Well first of all, Sandboxie is one of the reasons why I don’t use an AV. I use Sandboxie in conjunction with CFP 3. If you run your browser Sanboxed, and come across something that pop ups and tries to install (Malware, keylogger, etc). All I have to do is empty the Sandbox and it’s gone! It uses sophisticated sandbox technology to make it all virtual. But other Configurations are in place:

Main GUI>DefaultBox>Sandboxie Settings. Then open Delete>Invocation & Set “Automatically delete contents of sandbox” (Here the contents of Sandbox will be automatically deleted after you close last sandboxed program or if you close your browser, it will auto delete everything you surfed, etc).

See SandboxieSC2

So What do you do if you want to download a file and run it in your REAL PC but your browser is Sandboxed? All you gotta do is after you download a file, After you download a file you click “Recover” and the file is in on your desktop or download location ready to install on your real PC. If you don’t want the downloaded file on your PC click “Close” and the file will be gone like you never downloaded it.

See SandboxieSC1

You can also force your browser to automatically open Sandboxed. Most of the time, You right click a browser or any program to run Sandboxed. If you want to run your borwser automatically Sandboxed, Go to Main GUI>DefaultBox>Sandboxie Settings & Open “Forced Programs” And add (Eg Firefox.exe) in there in C:\Program Files\Mozilla Firefox\firefox Make sure you add by FILE.

See SandboxieSC3 & 4 for Firefox Config, You can do other browsers too. The Memory Usage is also light weight, Sandboxie uses 4 processes:

SandboxieDcomLaunch.exe (224 K)
SandboxieRpcSc.exe (944 K)
SbieCtrl.exe (1,320 K)
SbieSvc.exe (2,572 K)

That’s on my XP Machine. Anyway they are the tips I got for now, I am trying to still work out exclusions for Bookmarks so When I change bookmarks they are not lost by Browser is still sandboxed, etc. Once you configured it right it’s VERY good IMO. I will also off course give Comodo Sandbox a try when it’s out. Sandboxie is great for testing Applications, But I am still keep a sharp eye on Comodo DiskShield & Looking forward to Comodo Sandbox.

Josh

[attachment deleted by admin]

Star_Shadow · September 2, 2008, 12:59am

If you put Internet Explorer in the Forced Sandbox section like you did with FireFox, would Windows Update work on XP? Or, if you run IE in a sandbox without that configuration set, and there is a pop, would the pop up open IE in a new windows in Sandboxie, or running normally? I know in XP WU is done in the browser, but in Vista, it’s it own app.

Cheers.

system · September 2, 2008, 1:14am

That I don’t know. I am still trying to learn the app my self…

Josh

andyman35 · September 3, 2008, 5:47pm

Anything run from within a sandboxed IE will be sandboxed too,including WU.I’ve not checked if the updates can be recovered but I’d imagine so.

Kyle142 · September 4, 2008, 2:59pm

http://www.sandboxie.com/index.php?SandboxieIni
^ explains the .INI

These are my settings that I’m using and work well for me. Can anyone see where I can improve?

[GlobalSettings]
ProcessGroup=<InternetAccess_FIREFOX>,firefox.exe
ProcessGroup=<InternetAccess_ThunderBird>,thunderbird.exe,thunde~1.exe
ProcessGroup=<InternetAccess_IEXPLORER>,iexplore.exe
ProcessGroup=,iexplore.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe
ProcessGroup=,firefox.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe
ProcessGroup=,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe,thunderbird.exe
BlockDrivers=y
BlockWinHooks=y
BlockFakeInput=y

[DefaultBox]

ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
Enabled=y
AutoDelete=y
NeverDelete=n
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*
OpenFilePath=thunderbird.exe,%Local AppData%\Thunderbird
OpenFilePath=thunderbird.exe,%AppData%\Thunderbird
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles*\places*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles*\bookmark*
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
CopyLimitKb=3000000
CopyLimitSilent=y
BoxNameTitle=y

[UserSettings_47BE0530]

SbieCtrl_UserName=kyle clothier
SbieCtrl_ShowWelcome=N
SbieCtrl_NextUpdateCheck=1555555555
SbieCtrl_UpdateCheckNotify=N
SbieCtrl_HideWindowNotify=N
SbieCtrl_WindowLeft=253
SbieCtrl_WindowTop=108
SbieCtrl_WindowWidth=660
SbieCtrl_WindowHeight=450
SbieCtrl_Hidden=Y
SbieCtrl_ActiveView=40021
SbieCtrl_BoxExpandedView_DefaultBox=Y
SbieCtrl_AutoApplySettings=Y
SbieCtrl_SettingChangeNotify=N
SbieCtrl_BoxExpandedView_IEXPLORER=N
SbieCtrl_ReloadConfNotify=N
SbieCtrl_EditConfNotify=N
SbieCtrl_ColWidthProcName=250
SbieCtrl_ColWidthProcId=70
SbieCtrl_ColWidthProcTitle=310
SbieCtrl_ExplorerNotify=N
SbieCtrl_EnableLogonStart=Y
SbieCtrl_EnableAutoStart=Y
SbieCtrl_AddDesktopIcon=Y
SbieCtrl_AddQuickLaunchIcon=Y
SbieCtrl_AddContextMenu=Y
SbieCtrl_AddSendToMenu=Y
SbieCtrl_ExplorerWarn=N
SbieCtrl_BoxExpandedView_ThunderBird=Y
SbieCtrl_BoxExpandedView_FIREFOX=Y
SbieCtrl_TerminateWarn=N

[FIREFOX]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
AutoDelete=y
NeverDelete=n
ForceProcess=firefox.exe
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Udp6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Ip6
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\RawIp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Udp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Tcp
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Ip
ClosedFilePath=!<InternetAccess_FIREFOX>,\Device\Afd*
ClosedIpcPath=!,*
ClosedFilePath=%Personal%
RecoverFolder=%Desktop%
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles*\places*
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles*\bookmark*

[IEXPLORER]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
AutoDelete=y
NeverDelete=n
ForceProcess=iexplore.exe
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Udp6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Ip6
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\RawIp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Udp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Tcp
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Ip
ClosedFilePath=!<InternetAccess_IEXPLORER>,\Device\Afd*
ClosedIpcPath=!,*
ClosedFilePath=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms

[ThunderBird]

Enabled=y
ConfigLevel=4
AutoRecover=y
AutoRecoverIgnore=.jc!
AutoRecoverIgnore=.part
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
LingerProcess=trustedinstaller.exe
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=syncor.exe
LingerProcess=jusched.exe
LingerProcess=acrord32.exe
OpenFilePath=%AppData%\Thunderbird*
OpenFilePath=thunderbird.exe,%Local AppData%\Thunderbird
OpenFilePath=thunderbird.exe,%AppData%\Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\Software\Mozilla Thunderbird
OpenKeyPath=thunderbird.exe,HKEY_CURRENT_USER\Software\Mozilla Thunderbird
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Udp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Ip6
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\RawIp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Udp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Tcp
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Ip
ClosedFilePath=!<InternetAccess_ThunderBird>,\Device\Afd*
ClosedIpcPath=!,*

system · September 8, 2008, 9:19am

I’m gonna close this for now.

Josh