Ransomware and close SBXIwhen last SBXI program closes?

Ideas for enhancements to the software
Post Reply
NetCentric
Posts: 4
Joined: Mon Nov 09, 2015 1:22 pm

Ransomware and close SBXIwhen last SBXI program closes?

Post by NetCentric » Mon Nov 09, 2015 1:35 pm

I am a new Sandboxie user and forum member. I did read the "read this first" page. And searched. This has been asked at least twice before but there were no replies.

I would like it if when the last sand boxed program closes, that Sandboxie closes.

This seems reasonable as most people don't have programs running on their computer when they are not using them.

There may be good reason to leave Sandboxie running though. I understand that RANSOMWARE does not like Sandboxie and other virtual environments and goes away without doing anything. Since ransomware is why I am here, then I would want to have/leave it running all the time.

Thoughts would be appreciated.
Last edited by NetCentric on Mon Nov 09, 2015 1:52 pm, edited 1 time in total.

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by Craig@Invincea » Mon Nov 09, 2015 1:51 pm

NetCentric wrote:I am a new Sandboxie user and forum member. I did read the "read this first" page. And searched. This has been asked at least twice before but there were no replies.

I would like it if when the last sand boxed program closes, that Sandboxie closes.

This seems reasonable as most people don't have programs running on their computer when they are not using them.

There may be good reason to leave Sandboxie running though. I understand that RANSOMWARE does not like Sandboxie and other virtual environments and goes away without doing anything. Since ransomware is why I am here, then I would want to have/leave it running all the time.

Thoughts would be appreciated.
You mean the SBIE Driver? There are a lot of programs "running" in the background. Antivirus, drivers, etc..etc. The SBIE icon is in the task bar area, but once you close everything that is under SBIE control, it goes idle..with just a plain yellow wedge icon. When something is running under the authority of SBIE, that wedge has red dots on it (like a pizza) and that tells you it's actively running.

NetCentric
Posts: 4
Joined: Mon Nov 09, 2015 1:22 pm

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by NetCentric » Mon Nov 09, 2015 3:03 pm

Thanks for the reply Craig. I mean the SbieCtrl.exe and SbieSvc.exe running in the Windows Task Manager. I certainly appreciate that other programs like Antivirus etc. are running but those are actively doing something. If I have no programs running under Sandboxie however it is not actually doing anything (I assume).

I do understand that when the icon is in a "no pepperoni" state that there are no programs running under it but that makes me question why it needs to be running at all when that is the case.

Since Sandboxie starts up when I start programs under it I am wondering why it doesn't terminate when I close those programs. Keeping in mind my important caveat about ransomware.

Sorry if my SBXI abbreviation threw you off - I just made that up because of character limitations in the title for the post.

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2861
Joined: Wed Apr 22, 2009 9:17 pm

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by bo.elam » Mon Nov 09, 2015 3:04 pm

NetCentric wrote:
There may be good reason to leave Sandboxie running though. I understand that RANSOMWARE does not like Sandboxie and other virtual environments and goes away without doing anything. Since ransomware is why I am here, then I would want to have/leave it running all the time.

Thoughts would be appreciated.
By using the Forced programs feature, (this feature gets unlocked when you buy a Sandboxie license), Sandboxie can get close to what you wrote. If you force most of the programs that you run on a daily basis, including the ones you use for opening attachments, Sandboxie will protect you against ramsonware. For example, if you force your PDF reader, browsers and Office programs, this programs and the files they open, will run sandboxed automatically whenever you click a file or program icon.

Bo

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by Craig@Invincea » Mon Nov 09, 2015 3:21 pm

@Bo beat me to the response..lol

Forced programs is a great feature...... It takes "did I open that sandboxed" 2nd thought out of it...

You can configure SBIE to start only when you want it to as well...This is closer to to maybe you want by not having SBIE running if you're not using it like you mentioned..

http://www.sandboxie.com/index.php?Freq ... dQuestions

By default Sandboxie is configured to load and start automatically. To have Sandboxie load only when you need it, make the following changes.

In Sandboxie Control, open the Configure -> Windows Shell Integration and clear the checkbox When Windows starts to stop Sandboxie Control from starting.

Open the Windows Services configuration window: Start menu -> Control Panel -> Administrative Tools -> Services. Then locate the Sandboxie Service. Double click to bring up its properties window. Set its Startup type to Manual rather than automatic.
The driver component of Sandboxie is started by the Sandboxie Service.

Therefore, setting the service to start manually, indirectly also sets the driver to start manually.

Starting Sandboxie Control will also start the service. (But note that Administrative rights are required to start a service.)

NetCentric
Posts: 4
Joined: Mon Nov 09, 2015 1:22 pm

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by NetCentric » Mon Nov 09, 2015 4:52 pm

Thanks Craig. I have set the service to start manually and tested it successfully.

As for the, "can Sandboxie terminate after all the programs opened under it terminate" part of my question I'll just leave that with you as a feature request. In answer to the question, "Why?" the reason is again simply because I don't like to have programs running if they are not actively doing something.

I guess I could write my own script to terminate all Sandboxie related services and processes etc.

Thanks again for taking the time to get back to me earlier.

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 621
Joined: Fri Nov 13, 2015 4:11 pm

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by Syrinx » Sun Nov 22, 2015 8:38 pm

I second this request, I haven't bothered to find it but I recall making a similar thread when I was still a newb on btm. I'm right there with you on not wanting un-needed processes running. I've mellowed a bit on that point since I originally posted but I would still prefer to have an option to auto-close the GUI after all boxes are closed. Back then I was on a super old 32 bit machine (might have been the super old 64 bit machine with <4GB; hard to say for sure) with little RAM and it all mattered. These days it's a force of habit and a preference I haven't lost (and doubt I will). I even go so far as to NTLite a sysprepd Windows image...... I think I also had a problem (hasn't gone away but I've compensated) with the (IMO) ugly icon... used to /bug peter about that little opinion all the time. In fact my first post may have been about the icon, hmm...

Anyhow, if the devs were kind enough to move the deletion routine to the (original/real) sbiesvc instead of sbiectrl that would allow (those of) us (bothered by it) to never even need the GUI running unless we are making rule changes or experience problems!

[On a side note there's still a delete (sortof) bug when a program is started using runas, sbiectrl doesn't try to delete the correct box path, SBIE handles it just fine in every other instance...but here it uses the path from the user sbiectrl is running under. The workaround I STILL use is to define my own sandbox folder path without the user variable. /bug /bug /bug]

So if such a change was made we could disable the 'when a program starts in the sandbox' option and never load/see the gui unless we needed it for something. I think the border/outline may also have been handled there, but it's been a while and my memory stinks so don't take my word on that.
http://goo.gl/p8qFCf
https://www.youtube.com/watch?v=vIxWgVOCexU

NetCentric
Posts: 4
Joined: Mon Nov 09, 2015 1:22 pm

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by NetCentric » Mon Nov 23, 2015 11:08 am

Syrinx wrote:I second this request...
Upon searching further through the history of this forum I found several requests for this and the admins/devs never actually respond in any definitive way to any of them. So I built my own little script... this is for Firefox but you can get the idea from here.

To begin with I have the Sandboxie service set to manual. After using it (for Firefox or anything else) I run this script.

This first kills Firefox and any related tasks and then after a pause it deletes everything from the sandbox. Then it terminates the service and then deletes any Sandboxie folders or shortcuts that might be left over.

@echo off
taskkill /im FlashPlayerPlugin_19_0_0_226.exe /f >nul 2>&1
taskkill /im plugin-container.exe /f >nul 2>&1
taskkill /im firefox.exe /f >nul 2>&1
timeout /t 10 /nobreak
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_phase1
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_phase2
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_silent_phase1
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_silent_phase2
net stop SbieSvc
RD /s /q "C:\Sandbox\"
DEL "C:\Users\Rick\Desktop\Sandboxed Web Browser.lnk"
REM exit
REM Pause

I made a shortcut, gave it a nice icon and have this on a toolbar so with one click it's done.

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1658
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by Curt@invincea » Mon Nov 23, 2015 1:54 pm

If you want to start an application with no Sbie ctrl, you can use the start.exe option /nosbiectrl.
If you want to terminate everything running in Sbie, use option /terminate_all.

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 621
Joined: Fri Nov 13, 2015 4:11 pm

Re: Ransomware and close SBXIwhen last SBXI program closes?

Post by Syrinx » Mon Nov 23, 2015 6:47 pm

Curt@invincea wrote:If you want to start an application with no Sbie ctrl, you can use the start.exe option /nosbiectrl.
If you want to terminate everything running in Sbie, use option /terminate_all.
Yeah but then the auto-delete function doesn't work. Haven't tested that comment in the latest version but that was true for 4.x versions and I don't recall seeing anything about changes being made to it. Not a huge deal (It only takes 14-15MB of RAM and 115 handles-pretty low), I've learned to live with it being in my tray but I'd still prefer not to need it. I think the most interaction I have with the gui these days is to terminate a sandbox or reload my ini after I edit it.
http://goo.gl/p8qFCf
https://www.youtube.com/watch?v=vIxWgVOCexU

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests