Is it right: if I would install a program (in a sandbox) containing a virus / dialer / Trojan or any kind of malware, adware etc. or execute an exe-file containing a virus / dialer / Trojan or one which installs any kind of malware, adware etc. I would see in "Sandboxie Control" what / which kind of malware (if any) was really installed with this program, and I could detect each file / folder / modification which are done / created by the malware in "Sandboxie Control"?
So this means, when there is not any suspicious file / malware in the sandbox the program is installed in, respectively the exe-file is executed in, there won't be any malware what might have been installed by installing the program / executing the exe-file and so this program / exe-file doesn’t contain any malware. And this would mean, I could install the same program (execute the exe-file) as usual on the operating system outside a sandbox without any risk?
And this malware, respectively its activities wouldn't have any influence on the outside of the sandbox?
Nice greetings, Dirk
Detecting malware in a sandbox?
Moderator: Barb@Invincea
If you install a program inside a sandbox, then any anti-virus program that you have running (outside of the sandbox) will be able to look inside the sandbox for signs of malware.
You can look at the Sandboxie Control window to see the names of processes that are running - but a process can start and stop very quickly, so you might not see one that runs and then ends. Any process that runs will be sandboxed, so unless you have allowed programs in that sandbox to make changes outside of the sandbox, then changes cannot escape into your hard drive.
Some people say that they don't run any anti-virus programs, and depend on Sandboxie to keep them safe. If you never let anything out of the sandbox, and you set up Sandboxie's Restrictions to keep unknown programs from running, then I guess that you are pretty safe. In my view though, programs in sandboxes can be tried-out for as long as you want, but are meant to be eventually deleted.
It's possible for a program to detect that it is running in a sandbox and appear to be safe, but not be safe when installed outside of the sandbox.
It's also possible that a program installed in a sandbox has a virus that is not yet detected by an anti-virus program. Whether installed inside or outside of the sandbox, it might not be detected until the anti-virus program is updated - if it's a new virus. So, I think that there is an advantage to continuing to use an anti-virus program, as well as a software firewall that asks for permission before allowing a program to access the Internet.
So, no you can't say that installing the program outside of the sandbox, after trying it inside a sandbox, has no risk. Try out programs in a sandbox when you can, keep your anti-virus program updated, and try to get programs from sites that you can count on to check their files before they allow you to download them.
You can look at the Sandboxie Control window to see the names of processes that are running - but a process can start and stop very quickly, so you might not see one that runs and then ends. Any process that runs will be sandboxed, so unless you have allowed programs in that sandbox to make changes outside of the sandbox, then changes cannot escape into your hard drive.
Some people say that they don't run any anti-virus programs, and depend on Sandboxie to keep them safe. If you never let anything out of the sandbox, and you set up Sandboxie's Restrictions to keep unknown programs from running, then I guess that you are pretty safe. In my view though, programs in sandboxes can be tried-out for as long as you want, but are meant to be eventually deleted.
It's possible for a program to detect that it is running in a sandbox and appear to be safe, but not be safe when installed outside of the sandbox.
It's also possible that a program installed in a sandbox has a virus that is not yet detected by an anti-virus program. Whether installed inside or outside of the sandbox, it might not be detected until the anti-virus program is updated - if it's a new virus. So, I think that there is an advantage to continuing to use an anti-virus program, as well as a software firewall that asks for permission before allowing a program to access the Internet.
So, no you can't say that installing the program outside of the sandbox, after trying it inside a sandbox, has no risk. Try out programs in a sandbox when you can, keep your anti-virus program updated, and try to get programs from sites that you can count on to check their files before they allow you to download them.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Yes, indeed, a really good post, many thanks, Guest10,
All my questions are answered without exception.
Yes, I have a firewall and an anti virus program running.
Many thanks, nice greetings, Dirk
All my questions are answered without exception.
Yes, I have a firewall and an anti virus program running.
Yes, I do so, too, but VirusTotal's restrictions allow files only not bigger than 20 MB or so. And many files or most of the ones I check there are displayed to be malicious, so there often is at least one of the about 20 scanners showing a file to be positiv. It is hard to evalute, whether such a file is malicious indeed or not. And it is estonishing how many viruses / malware programs are overlooked using one single anti virus program on your system, only.I also use VirusTotal to check out sandboxed files before considering whether or not to recover them.
Many thanks, nice greetings, Dirk
Do I understand right: that means running a program in a sandbox could cause damage (outside of the box), if the program contains or is malware of any kind? So, even though running in sandboxie, it might cause harm outside of the sandbox?If you never let anything out of the sandbox, and you set up Sandboxie's Restrictions to keep unknown programs from running, then I guess that you are pretty safe.
Nice greetings, Dirk
No, sandboxed programs will not cause harm outside of the sandbox.Dirk wrote:Do I understand right: that means running a program in a sandbox could cause damage (outside of the box), if the program contains or is malware of any kind? So, even though running in sandboxie, it might cause harm outside of the sandbox?
Who is online
Users browsing this forum: No registered users and 0 guests
