I am an advanced user and have the BB set to fully virtualized. My question is, if a screen locker (ransomware is sandboxed) will I be able to delete the content of the sandbox, or will the screen be locked and non-usable?
The screen might get locked, in such a case just reboot and then reset the sandbox.
Is this the same for e.g., FBI ransomware; which also runs in safe mode?
If they are “installed” in the FV sandbox then they shouldn’t be allowed to auto-start after reboot, unless you change this setting in BB settings yourself.
Edit: In the event that it locks the screen both in normal Windows and in Safe mode then you can boot from a live CD and remove the data in C:\VTRoot\ and then reboot, however remember that the drive might have a different drive letter if using a Windows live CD and it will look different as well in a Linux live CD. But CIS should still not allow it to auto-start.
Thank you Sanya