Learning / Recording Mode

Ideas for enhancements to the software
Post Reply
dr3amcrush3r
Posts: 1
Joined: Sun Apr 17, 2011 11:13 am
Location: USA

Learning / Recording Mode

Post by dr3amcrush3r » Sun Apr 17, 2011 11:18 am

I wish there was a "learning" mode where sandboxie would permit the application to run completely trusted one time only but record or monitor all activity to a session log. Then, you could review what the application actually did and decide at that point to limit its access.

My thinking is that I'd like to lock down certain applications after I use them. For example, mediaplayers should not be writing to files. But some players, like GomPlayer are really hard to setup in Sandboxie.

I could record what Gom is doing then turn off access to anything I don't want it to do as well as limit access to drives, etc.

What do you think?

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun Apr 17, 2011 3:10 pm

I'm sorry but I think this feature request would be more appropriate for a malware analysis tool, and Sandboxie is not designed to be such a tool.
tzuk

MessageBoxA
Posts: 17
Joined: Wed Dec 29, 2010 2:53 pm

Re: Learning / Recording Mode

Post by MessageBoxA » Wed Apr 20, 2011 11:24 am

dr3amcrush3r wrote: My thinking is that I'd like to lock down certain applications after I use them. For example, mediaplayers should not be writing to files. But some players, like GomPlayer are really hard to setup in Sandboxie.
It would not matter anyway... With operating systems >= x64 Vista malware can bypass usermode hooks using native system calls (SYSENTER/Int 0X2E). Microsoft took away the ability to hook this without problems. Something needs to be done at the OS level. I think applications should be allowed to register an 'Access Mask' which gives or takes away access to system calls.

Btw what you are suggesting can actually somewhat be accomplished with the SBIE SDK for usermode calls into ntdll, kernel32 and user32. You could even edit the sandboxie.ini from the SDK to allow/disallow specific file paths. But its alot of work. :)

-MessageBoxA

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests