Sandboxie Settings Question [SOLVED]

If it's not about a problem in the program
Post Reply
Grenpara
Posts: 21
Joined: Wed Jul 28, 2010 7:00 am

Sandboxie Settings Question [SOLVED]

Post by Grenpara » Tue Nov 07, 2017 4:43 am

Hello,

I am writing to ask a question but first present some facts.

I have Sandboxie, Kaspersky & Malwarebytes and on top of that use multiple free online virus scanners.
About a week ago I got infected with a virus that none of my protection caught and somehow it made it out of sandboxie.
It encrypted one user account and then deleted system restore points and then totally locked Windows 8.1.

My computer repair store and I could not recover windows and I was forced to swap drive and reinstall Windows 8.1 64bit.
The other drive was low level formatted and is now a spare in a box.

Now my question(s):

What settings should Sandboxie be set too to avoid having this problem again?
I do not know what virus it was or how long it was on the system but I assume it infected me 2 weeks to a month ago.
I would like to be protected and i have never had this issue before with all my protection.
i do know from reading some forums others have had similar virus that was not caught, thou they were not using sandboxie or if they were they never mentioned it.

I use virustotal and Jotti's online virus file scan and they also never detected anything with any of the files I have tried in recent weeks.

So how can I better restrict programs run in sandboxie?
would it be safer to use vmware and install windows there and then install sandboxie on Windows os in vmware?

Thanks in advance
Gren

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2732
Joined: Thu Apr 23, 2009 2:17 am

Re: Sandboxie Settings Question

Post by bo.elam » Tue Nov 07, 2017 5:14 am

Grenpara, malware doesn't get out of the sandbox unless you recover it. You could restrict the sandbox but either way, using a restricted sandbox or a default settings sandbox, malware doesn't get out.You have to do it yourself. Perhaps you ran an installer unsandboxed that came with malware.

Bo

Grenpara
Posts: 21
Joined: Wed Jul 28, 2010 7:00 am

Re: Sandboxie Settings Question

Post by Grenpara » Tue Nov 07, 2017 7:08 am

bo.elam wrote:
Tue Nov 07, 2017 5:14 am
Grenpara, malware doesn't get out of the sandbox unless you recover it. You could restrict the sandbox but either way, using a restricted sandbox or a default settings sandbox, malware doesn't get out.You have to do it yourself. Perhaps you ran an installer unsandboxed that came with malware.

Bo
Hey Bo,

Thanks for the fast reply to my post, I really appreciate it.
I understand what you are saying but I am pretty sure about it. But if you say it can't get out that leaves me a followup question.
If I ran a program in Sandbox like normally and it uses internet could the program send something to a site and then at some point the site gains access to my network to infect the system?

I have no idea how I got infected or exactly when as the drive files/windows was to screwed up to recover anything as i could not even fix Windows with the Windows 8.1 disk. I am currently trying to get all my software keys reset so I can start installing my software again as I had lost a lot as I did not make a recent backup. (which should not happen again,)

Anyways thanks for the info and help.
Gren

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 1832
Joined: Mon Nov 07, 2016 9:10 pm

Re: Sandboxie Settings Question

Post by Barb@Invincea » Tue Nov 07, 2017 4:45 pm

Hello Grenpara,

Without information regarding which file escaped the Sandbox (if any), we cannot test nor verify that this is a Sandboxie issue.
If you could gather more details and provide repro steps, I should be able to test them.

Please, have a look at these threads regarding restricting sandbox access, as well as preventing ransomware:
viewtopic.php?p=128539#p128539
viewtopic.php?p=128046#p128046

Regards,
Barb.-

Grenpara
Posts: 21
Joined: Wed Jul 28, 2010 7:00 am

Re: Sandboxie Settings Question

Post by Grenpara » Wed Nov 08, 2017 6:43 am

Barb@Invincea wrote:
Tue Nov 07, 2017 4:45 pm
Hello Grenpara,

Without information regarding which file escaped the Sandbox (if any), we cannot test nor verify that this is a Sandboxie issue.
If you could gather more details and provide repro steps, I should be able to test them.

Please, have a look at these threads regarding restricting sandbox access, as well as preventing ransomware:
viewtopic.php?p=128539#p128539
viewtopic.php?p=128046#p128046

Regards,
Barb.-
Hello Barb,

Thanks for the information and reply, I appreciate it.

As for the program I dont have a clue i download 30 programs a day to play with and see if i like.
I get from Softpedia, Cnet.com and many others.
I am pretty sure it was a file search utility but really dont remember, I have spent a week trying to get my system working and had to have a shop reinstall windows. It was put on a new drive and I have been installing programs back since yesterday.

I will keep better track of what I install when i dont know it, but I had expected Kaspersky, Malwarebytes, Jottie's and Virus Total to alert me to bad programs. And none of them flagged anything and as said I run in sandboxie first just to make sure. Thou not all things will run in Sandboxie but I am sure in the last few weeks everything was run first in Sandboxie.

Anyways thanks for the help and info.
If I remember the program or I recall the name if I see it again I will post about it.
Thanks again
Gren

Grenpara
Posts: 21
Joined: Wed Jul 28, 2010 7:00 am

Re: Sandboxie Settings Question

Post by Grenpara » Tue Nov 14, 2017 4:48 am

Hello,

I have a followup issue maybe.
So I would like to know if sandboxie allows firefox to bypass it?

What I mean is I notice if I have firefox sandboxed and lets say I have a bunch of tabs open.
Then if I right click a tab and say bookmark all tabs and create a folder name and hit ok.
Then I right click sandboxie and terminate and then delete contents of sandboxie.

Now if I open firefox not sandboxed I will see a new folder [New Folder] in bookmarks list and inside it is all the tabs i bookmarked during sandboxie use but never recovered. So how is it that the bookmarks are saved if I did not use recover for them in sandboxie?
Is this normal and if it is not normal can this be happening with other files?

If you do not believe me I can make a video showing you eveything I do so you can see they are being saved outside of sandboxie.

Please let me know.
Thanks in advance
Gren

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2732
Joined: Thu Apr 23, 2009 2:17 am

Re: Sandboxie Settings Question

Post by bo.elam » Tue Nov 14, 2017 5:13 am

Grenpara wrote:
Tue Nov 14, 2017 4:48 am
So how is it that the bookmarks are saved if I did not use recover for them in sandboxie?
Is this normal and if it is not normal can this be happening with other files?
The bookmarks are being saved out of the sandbox because you are allowing access to bookmarks or the Firefox profile in Sandbox settings>Applications>Web browser>Firefox.

If you uncheck those settings, bookmarks will not be saved.

Bo
Attachments
Sin título.jpg
Sin título.jpg (102.64 KiB) Viewed 259 times

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 1832
Joined: Mon Nov 07, 2016 9:10 pm

Re: Sandboxie Settings Question

Post by Barb@Invincea » Tue Nov 14, 2017 4:27 pm

Hello Grenpara,

Adding to what Bo already covered:

https://www.sandboxie.com/FirefoxTips

Regards,
Barb.-

Grenpara
Posts: 21
Joined: Wed Jul 28, 2010 7:00 am

Re: Sandboxie Settings Question

Post by Grenpara » Tue Nov 14, 2017 9:16 pm

Hello Barb,

I'm so stupid it hurts...
Thanks for taking the time to answer my questions, I really do appreciate it.

Hope you and yours have a great upcoming Christmas / Holiday Season.
Thanks
Gren

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest