Option: block all new processes in Internet Browser sandbox

[JimOfCR]

I love this product, but I worry about keyloggers that install and run during a sandboxed internet browser session. I would like the option to specify that a given sandbox only run programs from a configurable list. For example, a given sandbox could be configured for internet banking by allowing only Firefox.exe, SandboxieRpcSs.exe and SandboxieDcomLaunch.exe. Unless I am mistaken, at the moment program restrictions apply to all sandboxes. I guess this would involve moving the ProcessGroup key from Global to individual sandboxes. I would also like to have the option of being alerted when new processes start other than for those specified for a given sandbox (as opposed to being blocked). I always have Skype running it its own sandbox. I would like to tightly restrict this peer-to-peer program esp. since Sandboxie reported that it had blocked "generated keyboard and mouse events" for about 5 minutes from Skype a few days ago. Thanks for your consideration.

[Ruhe]

at the moment program restrictions apply to all sandboxes.

No, program restriction is a per-sandbox setting.


[GlobalSettings]
ProcessGroup=<InternetAccess_sbFirefox>,firefox.exe
ProcessGroup=<StartRunAccess_sbFirefox>,firefox.exe

[sbFirefox]
...
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\Udp6
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\Ip6
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\Udp
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\Tcp
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\Ip
ClosedFilePath=!<InternetAccess_sbFirefox>,\Device\Afd*
ClosedIpcPath=!<StartRunAccess_sbFirefox>,*
...

[MitchE323]

All of those items are already doable in Sandboxie Control. The processgroups remain in global, and are used per sandbox (as Ruhe has shown). The Sandboxie processes that are needed are included by default and you do not list them in Sandboxie Control, and they do not show in the sandboxie.ini file.

Look under 'Restrictions' in Sandboxie Control for 'Start/Run Access' and 'Internet Access'. Also on each of those tabs is a check box for alerts when other processes attempt to run, or access the internet.

[JimOfCR]

Wonderful. Thanks Mitch and Ruhe. I have set my default box for firefox only and my Skype sandbox for skype.exe and skypepm.exe only. Now, I will notify the friends whose computers I help to support to do the same. Since becoming confident with Sandboxie, I have been encouraging my less technical friends to start using this excellent product.