Trying To Understand How I'm Protected [SOLVED]

[TheCardCheat]

Hi, hopefully no one gets too snarky with why I'm asking this and just ends up pointing me to the "FAQ how Sandboxie works" section. It's not easy for computer illiterate people like me. Even though I've been using SB for a couple years now one thing I've never really fully grasped is this really basic question.........So I do see the yellow border around my browser and I see it in some other places too.........but when I download some software into my Windows "Downloads" folder I don't see a yellow border around that. When I run the software through Virus Total and maybe get 1 out of 40 antivirus's saying there may be a potential hazard in there I always delete it and get bummed out. My question is simply, if I run the program from my downloads folder without a yellow border is my computer still safe from anything happening? Is the border around my browser an all encompassing one for my entire computer, or am I supposed to do something special in preferences to get the border also around a certain folder? Thanks. And sorry for such a basic question.

Chris

[Syrinx]

but when I download some software into my Windows "Downloads" folder I don't see a yellow border around that.

Any file created or modified by a program that is sandboxed is kept within the sandbox by default unless you use recovery to 'move' it out or have rules set up otherwise. Without knowing what you have set previously (eg what rules are in place via the sandboxie.ini) it's possible that you have set this folder as on Open Path which then allows the sandboxed program to store them in the real location. Once again, by default, such exempted areas are not protected by sandboxie. If you *want* them to be - you can add them as forced folders but this is not done by default and would require the paid version. Feel free to check the C:\Windows\sandboxie.ini and post the contents here so we can see if this is the case. Alternatively you can check the Sandbox Settings > Resource Access > File Access > Direct Access and Sandbox Settings > Resource Access > File Access > Full Access areas of each box.

if I run the program from my downloads folder without a yellow border is my computer still safe from anything happening?

The 'yellow border' while displayed by default, is actually optional. More important is if the program is running within sandboxie. I understand why you might expect to see the yellow border however if you have never changed the default settings. To check a program you can go to the Sandboxie control window > Menu > File > Is Window Sandboxed?

If you haven't set the folder as forced within sandboxie and are navigating to it via a standard explorer window, chances are it's not getting sandboxed.
Also if you want to run a downloaded file in a sandbox without specifying the entire download folder as forced you can just right click on it and select 'Run Sandboxed'

Is the border around my browser an all encompassing one for my entire computer, or am I supposed to do something special in preferences to get the border also around a certain folder?

No, it's only for those programs (or folders) which you have set sandboxie to isolate.
While a program is sandboxed, it is isolated from changing things on the actual system. [at the risk of added confusion, there are rules you can add to 'poke holes' in this protection but they don't exist by default]
At the same time, you still won't suddenly see a border around an un-sandboxed explorer instance while navigating to view a folder that is 'forced', but if you then launch something from such a 'forced folder' whatever you launch from it will be sandboxed in the designated box and should show the expected border (if you haven't tweaked that part of the settings to change the border or not display it at all).

In short, Sandboxie works by isolating specific programs [or programs started from a specific area] which all need to be defined by the user. After such a protected application is started and sandboxie forces it inside, anything *it* runs while in the box will also be kept within the same sandbox even if it isn't on the list specifically.
That doesn't cover 'user initiated' launches (via explorer or another un-sandboxed program) from a download folder that hasn't been set up as forced within Sandboxie.

What I did for my kids PC was to open the downloads folder via Direct Access for the browser box I set up and then also added the folder as forced within sandboxie. (Sandbox Settings > Program Start > Forced Folders) This allows the files to be saved in the standard place but keeps sandboxie in the picture for anything launched there, even if someone navigates to it using explorer or another un-sandboxed file viewer.

Once again, at the risk of added confusion, I feel the need to specify that this does NOT mean if you were to launch something such as an unsandboxed PDF viewer and then used it to 'open' a .pdf that was saved in the download folder that sandboxie would suddenly sandbox the viewer even if it is opening something from a forced folder.

[bo.elam]

My question is simply, if I run the program from my downloads folder without a yellow border is my computer still safe from anything happening?

Here is my take. If your Downloads folder is set as a Forced folder, then programs and files that run out of the Downloads folder will run under Sandboxies protection when they get executed.

Is the border around my browser an all encompassing one for my entire computer, or am I supposed to do something special in preferences to get the border also around a certain folder?

The yellow border can be enabled and disabled in Sandbox settings>Appearance. The border ONLY applies to programs. Thats why you dont see the border around a forced folder when you open it but you do see it in files and programs that you run out of the Forced folder.

The only exception for this is when you force your USB drives. If you force your USB drives, when you first plug the flash drive in, the USB drive folder pops up open using a sandboxed version of Windows explorer, and with the yellow border around it.

Note1. There are a few programs that will not run sandboxed out of a Forced folder. What I do to make sure all programs and files that run in my computer run sandboxed every time is combine using Forced programs, Forced folders and the sandboxed Windows explorer.

Note2. When you upload a file to Virus total, and it gets flagged by one or two scanners, thats usually a false positive. You can ignore it. Just be careful what you download and where you get the installer or file from. Try getting installers from the developers site.

Bo

[TheCardCheat]

Wow, it took me two years to finally ask this and I'm glad I did. First off, thank you guys for all the info. I think I may have been under a little bit of false security for these couple of years though. Ok, so I had to read through this two or three times slowly and I "think" I understood it, but again, possibly not, lol. Oh, and I have the free version with barely a tweak made, just to clarify.

So what I'd like to do - but from what I understand this cannot be done in the free version - is set up a folder that I can run a potentially "suspect" program in. Syrinx, you mentioned an alternative by way of Run Sandboxed through the context menu - can this be done in the free version.....and if so, does it have the same desired affect as if I was opening the program in the paid forced folder?

As for the false sense of security - I somewhat thought that what I d'loaded and opened Sandboxie was protecting me from. But at the same time - and this is why I finally asked the question - I always had this feeling that it just didn't seem to add up of why I was d'loading something, then had to recover it FROM the Sandbox to place it in a folder that didn't appear to me to actually be sandboxed, hence not being protected. So I think I was right in my assumption of that? Ok, so I just read through a bit of the FAQ section and I'm probably as confused as ever now of what I'm really being protected from. Who knows, maybe I just don't have enough experience with actually getting infected by something to know what I'm being protected from. I suppose when I'm browsing through internet sites there's the potential of things within that site that can spread malware, or a virus, or a trojan that I'm being protected from? I think, and this is purely naivety on my part, that I've always thought of bad things happening to someone's computer when you "open" something, or "run" something, like a program, or email, or torrent. Either way, I'll continue to use SB because it's a part of my security wall, doesn't seem to slow down my browsing one bit, and I know it's got the potential to protect me from something, lol. But please, if there is any way for me to run programs while sandboxed in the free version I REALLY want to know how to do that.

Bo, I've also always been told that if 1 out of 40 scanners flag something that it's probably a false positive........the problem for a neanderthal brain like mine is when you see something flagged in bright red with names like trojan and backdoor and then google them, you always get nine thousand articles that show those words in computer forums with the heading "How To Get Rid Of The xyz Virus"...........so in the end you don't know what your looking for, you get freaked out, and even though you think it's a false positive you get frustrated and bummed and then just end up deleting the file. Out of about ten or so programs that I've wanted to run I've only been able to come across one that I clearly found out was a false positive.

Thanks, Chris

[Barb@Invincea]

Hello TheCardCheat,

can this be done in the free version.....and if so, does it have the same desired affect as if I was opening the program in the paid forced folder?

Here's what you can do to launch applications/folders inside Sandboxie:
Right-click on your Sandbox --> Run Windows Explorer (you will notice it launches with a # and a yellow border). Anything that you open inside that Windows Explorer session will launch Sandboxed.
Also, you can run programs/folders by right-clicking on them and selecting "Run Sandboxed".

I'm probably as confused as ever now of what I'm really being protected from

Sandboxie is not an Antivirus, so it is not scanning files when you download them. However, it allows you to isolate said files and see what happens when you run them/analyze them -without affecting your computer.
For example, if you download a file in a Sandboxed web browser, it will stay inside the Sandbox until you recover it.

Regards,
Barb.-

[TheCardCheat]

FANTASTIC!!!!! This is exactly what I'm looking for! Damn, so super happy. Thank you so much to all three of you for the help and please disregard my opening "snarky" statement.........I was way off base. I've now asked two questions and gotten excellent responses and help both times. Till next time........