Application having Right Specific Rules

Ideas for enhancements to the software
Post Reply
n8chavez
Posts: 49
Joined: Tue Dec 04, 2007 1:58 pm

Application having Right Specific Rules

Post by n8chavez » Sat Feb 05, 2011 11:18 pm

This, to me, is the one thing that SBIE seems to be lacking, which will correct and chink in its armor. SBIE creates rules based on specific templates. I, for example have one sandbox created for Opera, which uses the rules that were determined safe to use with it. With the template I am able to keep an emails and bookmark charges (among other things) that I want to save. As another part of my system security I also use Shadow Defender, which enables me to get a clean slate on my system by just rebooting. The tricky thing is that I need to exclude certain directories from Shadow Defender so that my browser changes and email, is still there after the reboot. I think this is a semi-common approach. The fact that I have to exclude directories from Shadow Defender (or similar) and from SBIE means that both products have similar holes, ways that they are both vulnerable.

What is SBIE had the ability to specify which types of file types can be written in directories that already have direct or full access? That way, in my situation, I can specify that only Opera.exe can have the ability to write an *.mbs file to the mail directory. That way I am sure that no rouge malware was transfered because no .exe, .com, .bat, etc. file type was written. In that case, even though there is an exception made in my light virtualization application it is irrelevant because of SBIE's specific permissions.

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Sun Feb 06, 2011 7:54 am

You can already do that, although it may not be apparent since there's no obvious way to do that in Sandboxie's GUI.

If you select a folder for Opera to use as a Direct File Access folder, and want to limit it to files with a specific extension, just modify the setting to add that extension to the setting:

Once you select the program (Opera.exe) and the folder (C:\Anyfolder) you will see in the GUI listing for opera.exe:
C:\Anyfolder\

Just select that setting and use the "Edit/Add" button to edit the setting to:
C:\Anyfolder\*.mbs
and save your work.

The configuration file will show:
OpenFilePath=opera.exe,C:\Anyfolder\*.mbs
Opera can save a file with any filename (*) and a .mbs extension, to the folder outside of the sandbox.
Any file that does not have a .mbs extension will be saved inside of the sandbox.

Repeat the same process with another extension, if needed.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

n8chavez
Posts: 49
Joined: Tue Dec 04, 2007 1:58 pm

Post by n8chavez » Sun Feb 06, 2011 3:43 pm

Oh, I didn't know that. Thanks for letting me know. I've been trying to tighten the template a little and only allow Opera to write specific file types where they need to be written. I'm having a little bit of trouble with Opera. There are areas in the profile that appear to be files with no file types, yet the change date is recent so I know they are being used. How would I treat those. Also the below template seems to be very open-ended. Any ideas how I can close up the holes there?
[Template_Opera_Profile_DirectAccess]
Tmpl.Title=#4338,Opera
Tmpl.Class=WebBrowser
OpenFilePath=opera.exe,%Tmpl.Opera%\
OpenFilePath=opera.exe,%AppData%\Opera\*\Profile\
OpenFilePath=opera.exe,%Local AppData%\Opera\*\Profile\

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests