 |
 | Questions about running programs sandboxed & using sandb |  |
|
Unknown_User_610
|
|
Hello everyone,
I have some questions regarding running sandboxed programs in sandboxie. If I run Firefox sandboxed, then download an .exe file to the sandboxed desktop (not the real desktop), & then I click on the .exe file to start the program, is the program automatically running sandboxed, or do I need to right click on the .exe file and select "run sandboxed" ? My concern is with keeping the program from making any changes outside of the sandbox. If I have a suspicious zipped or archived file downloaded to the sandboxed desktop, can I just use winzip or a similar program to unzip it to the sandboxed desktop, without fear that it could do any harm outside of the sandbox, or do I need to right click the archive file and choose "run sandboxed" so that winzip or a similar archive manager is running sandboxed ? Likewise, if I want to play a movie that is sitting on the sandboxed desktop, can I just open the movie with media player, or do I need to right click on the movie file and select "run sandboxed" ? I had an .exe file on my sandboxed desktop, then I right clicked on it and selected "run sandboxed". After running the program sandboxed, It appeared that it made changed to the registry outside of the sandbox. This was with sandboxie version 2.84. The file was suspicious & I think it contained spyware / malware, so perhaps the malware found a way to bypass sandboxie. In addition to the registry entry, the exe also created a prefetch file. I have since deleted the sandbox and prefetch file from my system, scanned for virus and malware & also searched my entire hard drive for the program name, but found nothing in each case. I just thought I would report this. Thanks for your help. John |
|||||||||||
|
|||||||||||||
 |
| |
|
street011
|
|
all child applications are usualy directly sandboxed, this is the whole idea of sandboxie, having a browser unable to spawn child scripts/applications that can infect the system.
when you click an exe file inside the sandboxie space it's automaticaly sandboxed. that is NOT the case with any other file types, avi / 7z / rar / jpg they will open unsandboxed if you just doubleclick them. can you point a link to the file you think infected your system, or at least made changes outside sandboxie? i'll try to reproduce the leakage and report back here. i myself have yet to come across an application that leaks outside the sandbox. |
|||||||||||
|
|||||||||||||
|
| |
|
Unknown_User_610
|
|
Hi Street011,
Thanks for your reply. I am afraid I no longer have the .exe file or the link, otherwise I would send it to you. Is it ok to right click on an .exe file and run it sandboxed, even though it's already inside of the sandbox ? Will this sandbox the file twice or cause problems ? I'm just thinking it's a good idea to get in the habit of right clicking and running things sandboxed as a safe-guard, even though they are already inside of sandboxie. This may be a good idea because if you unzip an infected file and the program you are using to unzip the file is not sandboxed, it seems the file could then use this as a way to get outside of the sandbox. The same thing would seem to apply to a movie file or any other program used to open a file that is inside of sandboxie. If you have a zipped archive file, or a windows movie file, as long as you right click on the file and run winzip, 7-zip, windows media player, etc., when you open the file, does this protect your system outside of the sandbox from infection ? Thanks John |
|||||||||||
|
|||||||||||||
|
| |
|
SnDPhoenix
|
|
ok heres how you do it, if you have an exe file in the sandbox, then you just double click it, it will automatically sandbox, now if there is something on your hd outside sandboxie, then you right click and select "run sandboxed". now, the only thing in a sandbox that will automatically sandbox are exe files, everything else will open unsandboxed, BUT outside sandboxie you can "run sandboxed" ANY file and it will open sandboxed, now if you do select a file that is in the sandbox, and right click it and select run sandboxed, it wont run sandboxed, it will only show this message:
(btw does anybody else get that message when right clicking a file already in the sandbox and selecting "run sandboxed" or is it just me  |
|||||||||||
|
|||||||||||||
|
| |
|
Unknown_User_610
|
|
Hi SnDPhoenix,
Thanks for your message. When I right clicked on the .exe file that was on the sandboxed desktop, and selected "run sandboxed" , the program ran and the two # sings showed up in the system tray at the bottom of the screen, on each side of the written name for that program, but the # signs did not show up in the title bar of the program itself. I did not get the message that you showed in your post. I wonder if right clicking & running an .exe file sandboxed, when the .exe file is already on the sandboxie desktop, is what caused the sandboxie to leak and allow the registry to be changed, and allow a prefetch file to be created outside of the sandbox ? If you want to play a movie, unzip and archive, or use some other type of file that is not an .exe file, that you have downloaded to the sandboxie desktop, how can you do it so that the program cannot make any changes outside of sandboxie ? Thanks John |
|||||||||||
|
|||||||||||||
|
| Re: Questions about running programs sandboxed & using s | |
|
mizzmona
|
|
John, In general, I would suggest simply using Sandboxie Explorer, which only runs sandboxed, to find and launch the downloaded files you also want sandboxed. To open Sandboxie Explorer: Function > Run Sandboxed > Any Program > Insert a dot "." and click Enter ------------ But here is a confusing thing for new users: Clicking the option to "Explore contents" of a sandbox opens an unsandboxed Windows Explorer ...into Sandboxie's sandbox storage folders (located under the BoxRootFolder). These folders are the actual location of the sandboxed files, not their "virtual" location. (For consistency, the sandbox folders are named for the "virtual" location of those files, however.) Now, when using a sandboxed program such as Sandboxie Explorer to explore file listings, one would instead look for sandboxed files in their "virtual" location, NOT in those BoxRootFolder folders of the same name. And, when you do explore your regular hard drive folders from a sandboxed program, any sandboxed files in a directory will be seen listed along with the regular files there... the sandboxed files "virtually" made to appear there by Sandboxie, even though they're stored safely away down in the BoxRootFolder. Since Sandboxie Explorer is running sandboxed, anything launched from it will also be sandboxed, even associated files. So, all you need to do to run a program or associated file while using Sandboxie Explorer is to doubleclick the file, just as you normally would if using Windows Explorer. For the most part, you probably wouldn't need to explore the "sandbox folders" unless it's to retrieve a file you want to save to the regular hard drive, or perhaps to study how a particular program has embedded itself when installed, or to insure that all the sandbox files are deleted... iow, you generally wouldn't go into the actual sandbox folders to run programs or launch files as these folders are more for Sandboxie's use, for storage and virtual operations, see? A bit wordy, and while it may not answer some questions directly, I hope this helps in some way. -Mona |
|||||||||||||
|
|||||||||||||||
|
| |
|
SBIE User
|
|
john,
Mona's post is very important. She has saved more than a few people from making the mistake of thinking they are using a sandboxed program when they are not. If you want to create a shortcut to Sandboxie Explorer, you can create a new shortcut and put the following code in the Target field:
As Mona said, anything you run from within Sandboxie Explorer will be sandboxed. Just remember that running programs from the regular Windows Explorer -- even if you got there from the Sandboxie tray icon and Explore Contents -- will not automatically sandbox them. (They will be sandboxed if you have them as "forced" programs with a licensed copy of Sandboxie, but otherwise they will probably run in the open.) Good luck. |
|||||||||||||
|
_________________ SBIE (Happy) User
|
|||||||||||||||
|
| |
|
mizzmona
|
|
Aw, you've been gone too long...  Remember, there are some safeguards on those folders. For instance, using unsandboxed Windows Explorer and doubleclicking executables in the sandbox folders will result in the executable running sandboxed. The executable file runs as a process with a known origin (in this case, the sandbox folders), which Sandboxie easily detects and intercepts. The thing to keep in mind is that batch files, scripts, etc. -- like text and image files -- are not executables and are instead opened into associated programs. (As you say, whether those associated programs would open sandboxed or not "depends"...)
Just FYI, -Mona |
|||||||||||||
|
|||||||||||||||
|
| |
|
Unknown_User_610
|
|
Hi Mona & SBIE User,
Thanks for your replies. Your feedback has helped to clear some things up, but I am still a little unclear on a few points. I did not realize that going to "explore contents" in the sandboxie-control would open an un-sandboxed windows explorer window (I should have noticed that though, since the # signs are not on the explorer window). Perhaps sandboxie should be changed so that by default, the "windows explorer" window that is used to explore the contents of sandboxie from the sandbox control, is always sandboxed automatically, along with any program that is used to open or manipulate the contents of the "sandboxed desktop" in defaultbox, or anything in the "explore contents" window of sandboxie. Actually, I thought that the sandoxie-control showed everything about the program, I did not realize that there was a "sandboxie explorer" feature or a "sandboxie start menu". Using the explore contents feature from the sandboxie control, it seems sandboxie puts everything (including downloaded files) at the following location... C:\Documents and Settings\HP_Administrator\Application Data\Sandbox\DefaultBox So, If I am running Firefox sandboxed, I download a program or some other file type to the "defaultbox" location above, then I want to use or activate the file but keep it from possibly infecting my system, can I just go to the "defaultbox" location above from withing sandboxie explorer, and then double click on the file ? It seemed that Mona was suggesting not to do this, but rather, just use sandboxie explorer to go to the desktop (not the defaultbox location, just the regular desktop shown by sandboxie explorer), double click the file there (the virtual location) and then run it that way. Is this basically the same thing as going to "explore contents" from within the sandboxie control and then right clicking on the file and selecting "run sandboxed" ? I would guess it's safer to activate the file from within sandboxie explorer, since even right clicking on the file could cause malware to infect the system before you even have a chance to select "run sandboxed". If your inside of sandboxie explorer, I guess your covered no matter what. I noticed that using sandboxie explorer, and double clicking on a PDF file located in the defaultbox, produces a message "the operation read is unsupported". However, if I right click on the same file and select "open", it opens with acrobat reader sandboxed. If I double click on a zipped 7-z file, the sandboxie explorer window reloads, but nothing happens. However, if I right click on the zipped file and select "open", then 7-zip runs sandboxed & opens the file. Now, if I use sandboxie explorer to open the virtual zipped file on the desktop (not the defaultbox desktop), just the regular desktop from withing sandboxie explorer, it will not open either by double clicking it or right clicking and selecting open. If I select "open with" and then select 7-zip, then I can unzip the file to the virtual desktop. The pdf file will open if I right click and select open, but if I double click, I get the same "operation read is unsupported message" as I get when trying to open a pdf file from within the defaultbox. Am I correct to assume that basically anything you do while under sandboxie explorer, will be deleted when the sandbox is deleted, and will not make any permanent changes to your system or files unless you recover the changes outside of the sandbox ? Sorry if my post is a bit lengthy, but I just wanted to have a clear understanding. I like the program and the concept and I will probably wind up buying a licensed copy. One thing I would suggest to add to sandboxie is a "up one level" button or tab from within sandboxie explorer, just like the regular windows explorer has. This would make navigation easier. Thanks again everyone, John |
|||||||||||
|
|||||||||||||
|
| |
|
SBIE User
|
|
I believe this focuses on the important point that Mona was making about accessing files in a sandboxed folder with Windows Explorer (or Explore contents from within Sandboxie). Executable files in a sandboxed folder opened that way will be sandboxed when opened with a double click. However, double clicking on associated files (not the executables that run them) -- like a .pdf file, which is associated with Adobe Reader, or a .jpg file that is associated with an image processor -- will cause the executables associated with them to run, perhaps outside the sandbox. (In your case, you were trying to call Adobe by clicking on an associated pdf document file, but Adobe Reader was apparently already sandboxed, so things got confusing.) For that reason, it is safer to use one of the following alternative approaches for opening files that you want to be sandboxed: 1. Force the program in the ini file (if you have a registered version of Sandboxie). Then, no matter how you open it, it will be sandboxed -- unless you have asked Sandboxie to temporarily disable forced programs. 2. Open the program from Windows Explorer by right clicking and choosing Run Sandboxed. 3. Open the program from within Sandboxie's tray icon by right clicking and choosing Run Sanboxed/Any Program. 4. Right click on Sandboxie's tray icon and choose Run Sandboxed/Any Program and then insert a single dot in the window. That will open Sandboxie Explorer, with which you may navigate to the executable and open it by double clicking. 5. Open Sandboxie Explorer directly using the shortcut I mentioned earlier and then navigate to the executable and double click on it. 6. Create a sandboxie shortcut for the specific program. To do that for Notepad, as an example, you would create a regular shortcut and then put the following in the Target field: "C:\Program Files\Sandboxie\start.exe" "C:\Windows\system32\notepad.exe" There may be even other ways to open programs or associated files in sandboxes, but this list should give you an idea. The main point I think Mona was making is that it is important to distinguish between running executable programs and calling executable programs by clicking on files (arguments) that are associated with them. Even .bat and .cmd files are actually arguments which call the executable command processor cmd.exe -- although many of us tend to think of them as executables themselves. Mona, did I get that right? I don't mean to speak for you. |
|||||||||||||
|
|||||||||||||||
|
| |
|
Unknown_User_610
|
|
Hi SBIE User,
Thanks for your reply.
Actually, in my description above, when clicking on the file pdf & 7-zip files, I was already in "sandboxie explorer", not "explore contents" from sandoxie control. I went to start, run, sandoxie, then "sandboxie explorer". I guess the main thing to keep in mind is try to do everything from sandboxie explorer & not windows explorer ? Thanks again, John |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
SBIE User
|
|
Either that or use right click and Run Sandboxed. I tend to use the right click/Run Sandboxed approach more often than Sandboxie Explorer for programs that I don't have set up as "forced" in my Sandboxie ini file -- but I "force" most Internet programs that I use regularly and don't have to worry about how I open them. (For example, I have my image processors, adobe reader, email programs and MS Office programs all as forced programs in addition to all my browsers. Essentially I force any program that connects to the Internet to be sandboxed and then I give them limited folder permissions.) |
|||||||||||||
|
|||||||||||||||
|
| |
|
tzuk
|
|
I am happy to say, the Sandboxie Explorer is going away soon. Thanks, Owen!  |
|||||||||||||
|
_________________ tzuk
|
|||||||||||||||
|
| |
|
Unknown_User_610
|
|
Hi everyone,
If we want to download something to a sandbox and keep it there, then run the program from the sandbox without infecting the system outside of the sandbox, what will be the likely method if sandboxie explorer no longer exists ? Do we just go to "explore contents", defaultbox, then find the file, right click, and choose "run sandboxed" ? Or will there likely be a better method ? Will you still have the "run any program under sandboxie" option ? Perhaps that is better than right clicking on a program in defaultbox using "explore contents". I like this program and the concept, but I need to learn more about it. Thanks John |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
SBIE User
|
|
John, For programs you "store" in a sandbox that is not deleted each session and which you wish to run from the sandbox on a regular basis, I would recommend creating a shortcut that runs them in a sandbox. Just create a new shortcut and put the following code in the Target field. I'll use notepad.exe as the example.
That would be easier, I think, than having to right click and use Run Sandboxed each time. |
|||||||||||||||
|
|||||||||||||||||
|
 | Questions about running programs sandboxed & using sandb | |
|
||
Use the RSS feed to watch this topic for replies |
|
|