v3 with Sandboxie, compatible?

Are they compatible???

When I do the leaktest, PCFlank, in Sandbox, comodo v3 fails…

While I do the test outside the sandbox, it passes.

What can I do if I want the v3 prevent the sandboxed programs from accessing the Internet?

Please help~ thx~

Thats interesting.If you don’t get any answers on this forum,you could try the Sandboxie forum.I know you can set Sandboxie to allow only cetain programs access to the internet, by opening the main control window,right click on sandbox, choose sandbox settings,resource access,internet access,then enter which program will only be allowed to access the internet.
Maybe the problem is with Pcflank running Sandboxed,not Comodo

Today, the problem still occurs…

If I put the PCFlankLeaktest.exe in the sandbox (Sandboxed), the Defense+ will NOT notify me the program is accessing the Internet.

If I put it unsandboxed, the Defense+ will.

If I use v2.4, the v2.4 firewall can stop the access, no matter it is sandboxed or not.

Can anyone help and explain?

An old subject, sorry for reviing it. Could this happen because leak protection is not part of the firewall anymore but is handled by Defense+? If Sandboxie is a trusted program within Defence+, does this mean that any activity in the sandbox is not then not looked at by Version 3.0? If that was the case, would leaks matter anyway since everything in the sandbox is isolated from the rest of the system?

Any thoughts or comments?

I only Sandbox FF or IE. Not my entire system. Test will pass.

Under stand something. What happens in the Sandbox stays there. It is not effecting your OS. When you delete the Sandbox then so that deletes whatever you did in that Sandbox and has no direct effect outside the Sandbox. An example of this is to download and install a trusted program all under Sandboxie. Install the program under a sandbox. Then delete the Sandbox and try running that program. The program should nit run or else be completely deleted cause it was never actually installed on your hard drive but installed in a virtual drive inside Sanboxie.

Thanks Vettetech - I do understand all that. I think the original poster probably does too by the look of the posts. There seems to have been some experimentation done.

A reason why I have a bit of a worry about what was originally posted:
Suppose I somehow end up with malware inside the sandbox that can send out information. True it can’t harm the system because it’s in the sandbox. But perhaps I then do some online shopping that involves typing in my credit card number. Is there danger because the malware is inside the sandbox when a sandboxed financial transaction is being done. Perhaps an alert wouldn’t be given that something was trying to phone home if Defense+ hasn’t picked up on it. Maybe there’s no foundation in the worry but I’ve come here to find that out. Thanks for any answers.

My browsers aren’t actually installed in the sandbox but they can be made to open inside it. Sandboxie will gather everything that’s needed into the sandbox to do this. Every so often, the sandbox is emptied and then a fresh start is made with browsing sessions. This means that you don’t have to keep reinstalling a program everytime the sandbox is empied.

When I was using Sandboxie. I used FF and IE to launch sandboxed all the time. Then when done surfing delete the sandbox. Dont leave the sandbox when your done surfing.

mart44, your concern about online banking and shopping is perfectly justified IMHO. The only completely safe method is to empty the sandbox before visiting any banking and shopping sites, then empty the sandbox again afterwards before resuming general web surfing.

The other thing to consider is to edit the Sandboxie configuration ini file to add ClosedFilePath settings to lock down any folders (e.g. My Documents) where you have private confidential information stored, preventing read access to your personal data from within the sandbox.

The other reason that I like Sandboxie, apart from security, is privacy. When the sandbox is emptied, all traces of online activity are completely wiped from the PC, unrecoverably so if a secure deletion utility is used to shred the contents of the sandbox.

Thanks for your advice peterg. I will try and regiment myself to empty the sandbox both before and after an online transaction. It would be very good practise. Just one more thing. Do you think the following is why lole’s (the OP) test failed in Version 3.0 but not in Version 2.4?

I’ve tried this myself with v3.0.18.309 and got the same test results as the OP. D+ correctly monitors the attempt to access a protected COM interface when the PCFlank leak test is run outside the sandbox, but not when the leak test is run from within the sandbox.

In order to eliminate incorrect firewall configuration as a reason for failure, before conducting the leak test I set the D+ security level to Paranoid Mode, the Firewall security level to Custom Policy Mode, and did not make Sandboxie a trusted application.

So yes mart44, it looks as though you are right about D+ not properly monitoring activity in the sandbox. It appears that D+ only monitors the real COM interfaces, not the virtual environment that exists within the sandbox.

As to how significant this is, it depends on your point of view; the purpose of a sandbox is to contain malware, not to prevent it from running. It does illustrate what I was saying earlier though about the advisability of configuring Sandboxie to prevent unauthorised programs running inside the sandbox from having read access to your personal data.

What exactly is the status of a firewall with other virtual machine environments?

Can CFP3 run inside the virtual environment?

Where the VM is created in Windows can you run a different firewall inside and outside the VM?

I recall some discussion somewhere suggesting there are limitations on HIPS software based on how many of the low level operating system controls are in use. too many HIPS spoil the soup, so to speak. How does this apply to VM environment? I believe you can run a number of VMs at the same time, is there a limit other than memory of the “hard” machine?

Thanks again. It’s been good to get some opinions. It seems that this ever causing trouble is unlikely anyway …more a theoretical thing perhaps. I suppose the fact that 2.4 did detect the leak possibly gives it a slight edge over the version 3.0 in this respect. However, version 3.0 has many advantages in others.

I was using Sandboxie but I didnt care much for it. I download things everyday from trusted sites and always have been. Like Windowblind skins and Nvidia drivers. I hate recovering everything I download. I have been doing this for years without Sandboxie and not one infection in over 5 years.