Sandboxie [Discussion]

I would also recommend using Sandboxie. Whatever happens stays in the Sandbox and never gets written to the hard drive. Have Comodo would have prevented it cause you would have gotten a D+ alert and you could have click block.

Well, that’s not really true, as it’s written to the hard drive. But yes, everything you do in sandboxed mode will get written to \Documents and Settings%username%\Application Data\Sandbox, and stays there until you remove it.


Not so true. It may be in that folder but its not really there unless you remove it. Try installing something under a Sandbox. Then empty the sandbox and you will not see the program installed. Like it never happened.

But until you empty the sandbox. The content is in the HD.
What you really mean is that nothing gets written in the real folders.

I find the idea of Sandboxie very interesting. However, unless you know which apps you need to put in the sandbox, you’d have to put them all in. Not practical. Since the subject of this thread is drive-by installs, maybe putting just the browsers you use (Firefox and IE) in the sandbox is enough?
But what about the things you want to keep from the browsing session? Bookmarks. Downloads. And probably other stuff too. Can you decide to keep those things before throwing away the sandbox?

Is a sandbox somehow superior to running in a virtual machine like VMWare? I’ve tried a VMWare browsing appliance. Seems to run pretty well (I was running Firefox on Linux under VMWare). However, in a short time it seemed to fall apart (lots of errors and finally, no useful functionality). So I got rid of it.


if you need to save a D/L and you was in the sand~box there is a option to retrieve the D/L

There is good help for this is the Sandboxie forums. I run IE and FF Sandboxed when I need to. If I am installing or trying something new I simply run it under a sandbox.

Hi dudes, Sandboxie rules so far as to ease of use & functionality IMHO for browsing, never had issues using it.

I made a custom cleaner folder for CCleaner. Now when I want to empty my Sandbox I simply click CCleaner.

I’m feeling confused with this whole sandbox thing. I understand most of it just not the bit about whether or not you empty the sandbox.

I.E. You download a file which is fine and virus free and want to keep that and then you download another one which isn’t virus free, how do you perminently download the non-virus one and get rid of the virus one? Do you have to empty the sandbox and re-download the good one?

Maybe I should read their website lol


EDIT You can use Quick Recovery for only the file which is virus free any time and leave the virus one in the sandbox screenshots below.

[attachment deleted by admin]

I heard when you browse, After you close your browser Sandboxie cleans EVERYTHING OUT (When Running Your browser in Sandbox off course).


Only if you select that option. I like using CCleaner instead.

It depends on how you use it. The are a few options.

You can, for instance, create an open file path so sandboxie lets that folder be written.
Like setting your “safe downloads” folder. Firefox bookmarks, etc.

Or you can set the Quick Recovery .

The Quick Recovery feature makes it easier to extract files (and even whole folders) that are created and saved by sandboxed programs. It scans a few sandboxed folders, which have to be selected in advance, and lists the files (and folders) it finds within them. These files (and folders) can be recovered into the corresponding location outside the sandbox, or to any location. Like, set it to delete automatically when closing the browser, but open quick recovery (this watches your chosen folders), so you can review if you want to keep anything.

It’s been a while since i really used it. But one thing you can be certain, by reading the website you will understand it all.
If you’re really interested -

Got to agree with ragwing and disagree with you.

“Not really there” means what exactly? The file is indeed written on the HD as Ragwing says just not where windows think it is. Sandboxie actually redirects the file changes to another file directory. But trust me the files are indeed there… When you empty the sandbox, sandboxie simply deletes those files in the redirected folder…

So if you download a keylogger into say c:\whatever, it is actually written on c:\sandbox\whatever (not a real example).

Better sandboxes like sandboxie, actually interact with windows explorer, so the files look like where they are supposed to be.

I would say VM type software is superior, though it is more costly in terms of resources. You must understand that when you run sandboxie, safespace etc, you are still running stuff on the same computer. Anything run sandboxed is isolated by the sandboxing program true, but sandboxed programs are still running on the same system, they are just blocked from accessing parts of the “real” system by the sandbox program.

VM apps work differently. They actually use code to create a “virtual machine”.

In fact after installing vm, you need to turn/boot up the vm , install an OS in it just as if you own a new pc. But vm browsing appliances, make it simple for you, by preinstalling some free linux OS with firefox or whatever so it is ready to go.

You then run stuff in that virtual machine. From the point of view of anything you run in VM, it is running not on your computer , but another computer… This is a much higher level of isolation = greater security in that sense.

Sandboxing: A new method of protection
Submitted by virusp on Wed, 04/30/2008 - 10:45.

The newest method of protection against malware is called Sandboxing. This method uses a secure space within the hard disk (sandbox), within which all files downloaded from the internet, including viruses, are stored-and executed- safely. In a few words, even if a file is infected, it is not allowed to infect the operating system, only the secure space. After a reboot this space can be restored to its original status and all changes made by the virus are ERASED.

The disadvantage of this method is that it is not familiar nor easy-to-use for most novice users, at least not as the “traditional” antivirus and anti-spyware programs.

Its advantages are that it needs no updating like “traditional” antivirus and anti-spyware programs plus the fact that if configured properly, it makes the operating system completely secure against anything downloaded from the internet.

The Sandboxing method is used by the freeware programs

* Sandboxie
* SafeSpace

Sandboxing differs from the “classic” Virtualization of VMWare and VirtualPC because the user does not need to create another virtual operating system in the hard disk. Nevertheless, many VMWare and VirtualPC fans insist on using them -instead of Sandboxing- mainly because they can use their exact virtual operating system ever after the main operating system gets erased or upgraded.

* 3349 reads


:stuck_out_tongue: Vettetech, some virusses are made to bypass such things ;D


Stop arguing with me all the time Xan. I have my Sandbox locked down tight. I have it set up so the only thing running in or out of the sandbox is what I tell it to. I restricted all access to other folders. And yes could something jump out, yes and thats why I have NOD32 and Comodo. Surfing under a sandbox has been proven very effective my young lad.