Sandboxing Browser

Hello everyone!

I want to ask who knows if it is possible to make automatic sandboxing browsers? One can do it manually:
Defence+ → Run a Program in the Sandbox → Select… (here to choose the link of the browser or its *.exe module) → Run as (Limited or Partially limited, if I choose Untrusted or Restricted then the browser doesn’t work)… VERY VERY INCONVENIENT…

Who knows is it possible to make it JUST BY ONE CLICK - just as we do clicking at a link of a program?

Thank you.

Right click the desktop Icon > Run In Comodo sandbox

Add it to “Always Sandbox” list (CIS > Defense+ > Computer Security Policy > Always Sandbox (tab))

Hope this helps

Thank you for your answer.
I don’t have this item ‘Run In Comodo sandbox’ how can I fix it? (I have CIS 5.3 Premium).

Oops! I forgot it doesn’t work with links;

You’lll have to use the second method (adding it to “Always Sandbox” list)

My memory is getting hazy :stuck_out_tongue:

Yes, it works. Thank you.
Is there simple way to download from a sandboxed browser?

Lots about sandboxing browsers etc here.

Best wishes


!ot! More like your memory is overworked and underpaid :slight_smile:

Thank you for the link I found there possible way:;msg414046#msg414046

When working in your virtualised application you will see your files in their normal places.

However when looking for the files in Windows Explorer, or working in you application non virtualised, you will not see any virtualised files.

You will find these instead in a hidden folder (mis-spelling intentional):

C:\vritualroot<application name>\harddrive<application data path minus C:backslash>

To see hidden files in Windows Explorer, navigate to Tools ~ Folder Options ~ View and tick the appropriate box.[/b]

Very convenient. Just save the files in the sandboxed browser then copy them from the virtualroot by the not sandboxed explorer.

Maybe somebody knows there are some other tricks? It would be nice to learn them as well.

Thank you.

Thank you guys, I’ve sandboxed as much as I could: now I am using all my browsers, Skype, email client, GoogleEarth and Winamp being sandboxed (and dropmyrigts-ed). The only cons I see - browsers seem to start a bit slower, and skype - much slower that’s all. If somebody wants to share his/her experience in manual sandboxing - you are welcome.

Interesting discussion.

However if your sandboxing with partially limited or limited privledges and your connecting as a limited user with your browser, I feel sancboxing is not gaining you any more security. In WIN 7, your set up by default as a limited user.

The real issue is with WIN XP where your an admin by default. Most PC users are clueless as to the dangers of surfing with admin privledges. Since I started using IE8 in XP as a limited user via use of SysInternal’s PSEXEC, I have not had one security incident from the web.

If you really want Internet security, create a virtual machine and surf there. You can run with no restrictions and if you get infected, just rebuild your virtual machine. Of course, your PC must have the hardware resources to run the virtual machine concurrent with your base OS.

Thank you for your answer, DonZ

  • that’s just my case
  • Now I’m using DropMyRights. Is this SysInternal’s PSEXEC better then DropMyRights?
  • unfortunately I’m not the only user of my comp. Other users just won’t care about VM usage.

Thank you.

I wanted to run normally with admin rights but surf as limited. Obviously I am not protected when not surfing but that is what sandboxing is for - right?

You create another desktop icon for IE and give it this property:

To run Internet Explorer as with limited-user privileges use this command:

psexec -l -d - e “c:\program files\internet explorer\iexplore.exe”

or wherever IE is located on your PC. I named that icon “IE - Limited.” I then renamed the original desktop IE icon “IE - Admin” to keep them straight.

Note that you can only access full IE options from the original IE icon.

I tried Drop My Rights and could not get it to work with IE8.

Ref: PsExec - Sysinternals | Microsoft Learn

I see. So they both - DropMyRights and PsExec, as it follows from their descriptions do the same.
DropMyRights goes good with my IE8.

Thank you.