 |
 |  |
|
MitchE323
|
|
@jmonge Maybe post a new thread in Anything Else so we can isolate the settings you need, and you can post your ini file there.
|
|||||||||||
|
|||||||||||||
 |
| |
|
jmonge
|
|
sure mitch and thanks
|
|||||||||||
|
_________________ DefenseWall hips SandBoxie
|
|||||||||||||
|
| |
|
Peter2150
|
|
Thanks from me also Mitch.
|
|||||||||||
|
|||||||||||||
|
| |
|
MitchE323
|
|
You are all of course, quite welcome. Just to sum this all up, there are a couple of advantages in using ClosedIpcPath=! and ClosedFilePath=! along with ProcessGroup within a sandbox. As we have seen, you can control not only the running of outside programs, but the internet access of your own programs as well.
There is an additional point. I hear guys all the time say things like; "All programs are cracked sooner or later." They say that you have to also run this or that program because "Malware writers are always ahead of the game." They say that legitimate program developers have to play catch-up and react to whatever it is that the malware writers come up with. That may have been true in the past. But in this, The New Age, we are being Pro-Active. First of all, the malware is in a sandbox and has to figure that out (they are not even there yet). But secondly, the malware would also have to somehow overcome a closed IPC instruction. Then the hurdle of somehow gaining internet access is still waiting for that malware. I think we will be ok.  |
|||||||||||
|
|||||||||||||
|
| Using GUI | |
|
dogdog
|
|
As a generalisation it is better to use GUI to specify requirements and allow Sandboxie itself to modify Ini file. This works with internet access - Sandboxie sets up Process Group and creates appropriate closedfilepath instructions within Ini file.
Does the same comment apply to IPC access?? Will it also create process group automatically?? Presumably one uses IPC Access->Blocked Access and then add the programs that are the only ones to be allowed to run inthe sandbox?? |
|||||||||||
|
|||||||||||||
|
| |
|
soccerfan
|
|
Layered security that works! And all this from a single lean streamlined program. Now that's a novel concept  |
|||||||||||||
|
_________________ soccerfan
|
|||||||||||||||
|
| |
|
MitchE323
|
|
@soccerfan; I guess I believe in Laye........... oh forget it, I can't even bring myself to say it.
 |
|||||||||||
|
|||||||||||||
|
| |
|
MitchE323
|
|
@DogDog; This type of IPC setting is not possible without ProcessGroup (by definition 3 SandboxIE programs need to run). ProcessGroup was invented after the GUI was set up, so you need 'Edit Configuration' for that setting.
Be aware that the setting is ClosedIpcPath=! which includes the '!' mark which inverses the setting and turns it into a whitelist. So; ClosedIpcPath=X_Program would apply to X_Program and ClosedIpcPath=!X_Program would apply to all programs other than X_Program. |
|||||||||||
|
|||||||||||||
|
| |
|
dogdog
|
|
Not completely correct. If you use Resource Access-> Internet Access and specify more than one program, Sandboxie automatically creates the Process Group and uses the name of created Process Group in ClosedFilePath line Sandboxie creates in Ini file. Thought that there might be an equivalent function for the process that restricts the programs that can run ie that creates ClosedIpcPath?? |
|||||||||||||
|
|||||||||||||||
|
| |
|
dogdog
|
|
What is the mechanism in the "ClosedIpcPath=!X_Program" instruction that prevents programs other than X_Program from running. I have looked at the various user pages but cannot find anything to help me. I could not really see how the ClosedIpcPath page described the program blocking function you set out. |
|||||||||||||
|
|||||||||||||||
|
| |
|
dogdog
|
|
I clearly do not understand the mechanism. If ClosedIpcPath=! is a white list then I presumed that ClosedIpcPath= is a black list. I therefore added to the Ini file the instruction: "ClosedIpcPath=test.exe" on the presumption that this would stop the program called test from running. However the program called test could still run. What am I missing?? |
|||||||||||||
|
|||||||||||||||
|
| |
|
MitchE323
|
|
Of course it does. That page in the GUI was set up for Internet Access and LATER when ProcessGroup was invented Tzuk made the new GUI adaptable for ProcessGroup and that is what you see in the existing Internet Access page. Because there was no need for IPC restriction there was no page for that put in the GUI. http://sandboxie.com/phpbb/viewtopic.php?p=18867#18867 "And finally I revised the Internet Access page......." That update was 323.06 and the GUI was created in 3.20 |
|||||||||||||
|
|||||||||||||||
|
| |
|
MitchE323
|
|
DogDog, I was making a point on the exclamation point, not describing how to do a blacklist. Try it as ClosedIpcPath=Test.exe,*  |
|||||||||||||
|
|||||||||||||||
|
| |
|
MitchE323
|
|
IPC=Inter-Process Communication http://en.wikipedia.org/wiki/Inter-process_communication So..... ClosedIPC is Closed Inter-Process Communication..... |
|||||||||||||
|
|||||||||||||||
|
| |
|
dogdog
|
|
You have added ",*" to the line I had. What does the extra ",*" do?? If "ClosedIpcPath=!<restricted.> means that all the programs in the process group named restricted can run but all others are stopped. Then why doesn't "ClosedIpcPath=Test.exe" specifically stop program called Test from running given that the ! inverses the setting?? Is ClosedIpcPath=! different from OpenIpcPath=?? Still do not understand how Sanboxie is stopping any particular program from running?? Is it denying access to some particular resource?? Why was there no need for IPC restriction?? |
|||||||||||||||
|
|||||||||||||||||
|
 | Control Your Sandbox | |
|
||
Use the RSS feed to watch this topic for replies |
|
|