Page 1 of 2
How to download and view it within SBIE?
Posted: Mon Aug 01, 2016 8:42 am
by sanbox man
I would like to download a document and view it within SBIE.
What is the best way to do this? Thanks.
Re: How to download and view it within SBIE?
Posted: Mon Aug 01, 2016 12:29 pm
by bo.elam
sanbox man wrote:I would like to download a document and view it within SBIE.
What is the best way to do this? Thanks.
The best way is to force programs to run sandboxed automatically. You can also force your Downloads folder so files that you recover there run sandboxed automatically when they are executed.
You can also right click files and select Run sandboxed or Send to>Sandboxie, and select the sandbox where you want to run the file.
Another way to run files sandboxed is to open View>Files and folders, Select the sandbox that you used to download the file, go to your Quick recovery folder, right click the download and select Run sandboxed. You can also go into the Sandbox folder in C Drive and click the download, it ll run sandboxed.
Bo
Re: How to download and view it within SBIE?
Posted: Tue Aug 02, 2016 2:45 am
by ssj100
I would suggest that the "best" way would be to have a "Downloads" folder where you download all files into. Then simply create a shortcut (sandboxed explorer.exe) to that folder.
Everyone will have slightly different approaches and setups, but with this method, you can guarantee that every file downloaded will always run sandboxed, and it's arguably as convenient as any other approach.
The problem with relying on forcing folders sandboxed is that not all programs within that folder will run sandboxed. I discovered this several years ago with images and videos that are opened with Windows software by default - Windows Photo Viewer (Win 7) for images and Windows Media Player for videos. A workaround is to not have those programs as default and use third party software instead. But after discovering this "bypass" of Forced Folders, I lost confidence in the feature.
And the problem with relying on forcing programs sandboxed is that you can't actually force Windows Photo Viewer to run sandboxed. Again, the workaround is to use third party software. But personally, I try to minimise the number of third party software installations on my system.
With the method of opening a sandboxed explorer.exe window, you ensure everything you open in your Downloads folder will always run sandboxed.
After typing the above, I managed to dig out some stuff from my good old days (which I think still applies to this day):
http://ssj100.fullsubject.com/t88-newbi ... p-help#488
http://ssj100.fullsubject.com/t311-sand ... boxie#2499
The fact that some files can trigger a process just by hovering the mouse over the file was my inspiration to use the above security approach. Here's evidence of such a potential exploit:
https://blog.didierstevens.com/2009/03/ ... gger-trio/
And found a rather interesting thread on bypassing SRP, but I also discussed the above exploit and why I modified my security approach:
http://ssj100.fullsubject.com/t313p50-b ... g-srp#2664
I had a little laugh when I read that I used batch commands to move files! That was a bit inconvenient, and I stopped doing that quite a while ago!
Re: How to download and view it within SBIE?
Posted: Tue Aug 02, 2016 8:49 am
by Craig@Invincea
Windows Photo Viewer
If in Windows 10, yes because this is a Metro app.
Same applies for Windows 8.1.
Re: How to download and view it within SBIE?
Posted: Tue Aug 02, 2016 3:43 pm
by bo.elam
ssj100 wrote:I would suggest that the "best" way would be to have a "Downloads" folder where you download all files into. Then simply create a shortcut (sandboxed explorer.exe) to that folder.
Everyone will have slightly different approaches and setups, but with this method, you can guarantee that every file downloaded will always run sandboxed, and it's arguably as convenient as any other approach.
Sandbox man, using the sandboxed explorer is a great way for running downloads sandboxed. I feel like ssj about it being the safest way to run files sandboxed. I always use the sandboxed explorer ro run files that I download that I am not 100% sure what they are and pictures. Like he said, anything you navigate to with the sandboxed explorer is guarantee to run sandboxed.
Bo
Dowload is always in SBIE enviroment. That's want I want.
Posted: Mon Aug 08, 2016 3:05 am
by sanbox man
I don't want the download to be outside SBIE environment at any time.Is this possible?
I would like the download, at all times, to be within SBIE environment. It would download
into SBIE then I would execute it from within SBIE environment ideally.
Example, I don't want this scenario: download to SBIE, Recover to Windows 8.1 downloads
folder (from SBIE), then Open download with SBIE from within Windows download folder
Instead I'm after: download to SBIE, Open file within SBIE, Delete Contents with SBIE (when finished)
Re: How to download and view it within SBIE?
Posted: Mon Aug 08, 2016 3:52 am
by Syrinx
Just about every browser available gives you the choice to run/open a downloaded file so that would be one way to go [any browser or program within SBIE will continue to operate in SBIE, including if a document you later open within requires a program that you may not have set to forced].
This next instance doesn't seem to be what you want so you can likely ignore this:
Another would be to ensure the target 'download' folder is a forced folder within SBIE [PAID] then launch it from there once it's downloaded. So unless you use Quick Recovery or OpenFilePath/OpenPipePath s the file will remain within SBIE. If you navigate to it with an unsandboxed program and intentionally open it there well, that would be your own fault.
If you download and open or RUN anything that was downloaded within a box via the boxed program(s), it will not start outside. If on the other hand you open up an (unsandboxed) explorer instance then navigate to the specific Sandbox folder followed by navigating to the download folder and copy it outside or otherwise launch it [I'm actually not sure how starting it within, from the unsandboxed program would be handled as I've never tried it but I wouldn't expect SBIE to do anything myself] there's a good chance whatever you open/run will be run outside if that folder hasn't been defined as forced.
In short, SBIE likely does exactly what you want already but it isn't 'User Proof'. Even if you define paths that are 'unprotected' so far as file changes there is no escaping [that I know of] a sandbox once a program is in it. This includes anything else this program launches/opens while it's inside [for that session]. The other instance I outlined is 'User Error'
While I'm one of those weird people that thinks transferring control of programs between boxes if rules are defined for both would be great I understand that it wouldn't be the easiest thing to pull off so I'm content with the way things are. Once in, always in! (Trademarked¿)
Re: Dowload is always in SBIE enviroment. That's want I want
Posted: Mon Aug 08, 2016 11:29 am
by Curt@invincea
sanbox man wrote:I don't want the download to be outside SBIE environment at any time.Is this possible?
I would like the download, at all times, to be within SBIE environment. It would download
into SBIE then I would execute it from within SBIE environment ideally.
Example, I don't want this scenario: download to SBIE, Recover to Windows 8.1 downloads
folder (from SBIE), then Open download with SBIE from within Windows download folder
Instead I'm after: download to SBIE, Open file within SBIE, Delete Contents with SBIE (when finished)
I think just removing Downloads from Quick Recovery will accomplish this.
Re: Dowload is always in SBIE enviroment. That's want I want
Posted: Mon Aug 08, 2016 12:51 pm
by bo.elam
sanbox man wrote:I don't want the download to be outside SBIE environment at any time.Is this possible?
I would like the download, at all times, to be within SBIE environment. It would download
into SBIE then I would execute it from within SBIE environment ideally.
What we have suggested are the proper ways to continue running files/downloads sandboxed after downloading is over. But I think to do exactly what you want would be for you to go into C:\Sandbox and look for the download in there and execute it from there. If you do this, keep in mind that all exes will run sandboxed from there and most files you download will run sandboxed but not all.
You can also run files sandboxed without having them recovered by going to the Files and Folders view within the Sandboxie UI. Open that view for the sandbox you are using and look for the downloaded file. When you find it, right click it and click Run sandboxed.
To run files sandboxed either way I explained above, you need to be using a sandbox were the program that runs the file is allowed to run in Start Run restrictions.
Bo
Re: How to download and view it within SBIE?
Posted: Wed Aug 10, 2016 2:15 am
by sanbox man
ssj100 wrote:
But personally, I try to minimize the number of third party software installations on my system.
Why?
Thank you that was informative.
ssj100 wrote:
I had a little laugh when I read that I used batch commands to move files! That was a bit inconvenient, and I stopped doing that quite a while ago!
Why did you stop?
Re: How to download and view it within SBIE?
Posted: Wed Aug 10, 2016 2:19 am
by sanbox man
Craig@Invincea wrote:Windows Photo Viewer
...yes because this is a Metro app.
What technically prevents Metro Apps from being sandboxed? Why can't they be?
Re: Dowload is always in SBIE enviroment. That's want I want
Posted: Wed Aug 10, 2016 2:27 am
by sanbox man
bo.elam wrote:...you need to be using a sandbox were the program that runs the file is allowed to run in Start Run restrictions.
Why don't some programs allow sandboxing? Why are they developed that way?
Re: How to download and view it within SBIE?
Posted: Wed Aug 10, 2016 3:01 am
by ssj100
sanbox man wrote:ssj100 wrote:
But personally, I try to minimize the number of third party software installations on my system.
Why?
Simple answer is that more software means more chance for exploitation.
sanbox man wrote:ssj100 wrote:
I had a little laugh when I read that I used batch commands to move files! That was a bit inconvenient, and I stopped doing that quite a while ago!
Why did you stop?
As I said, it was a bit inconvenient. I also tend not to view newly introduced files in my Downloads folder with a REAL explorer instance until I'm relatively sure they're clean (eg. VirusTotal, EEK, Digital Signatures, File Hash etc)
Re: Dowload is always in SBIE enviroment. That's want I want
Posted: Wed Aug 10, 2016 11:28 am
by bo.elam
sanbox man wrote:bo.elam wrote:...you need to be using a sandbox were the program that runs the file is allowed to run in Start Run restrictions.
Why don't some programs allow sandboxing? Why are they developed that way?
sanbox man, Start Run restrictions are in Sandbox settings>Restrictions.
Bo
Re: How to download and view it within SBIE?
Posted: Sun Aug 14, 2016 1:30 am
by sanbox man
ssj100 wrote:
I also tend not to view newly introduced files in my Downloads folder with a REAL explorer
This is what I was after. Which explorer do you use before then?
ssj100 wrote:...instance until I'm relatively sure they're clean (eg. VirusTotal, EEK, Digital Signatures, File Hash etc)
Virus Total is owned by Google - can they be trusted with privacy of files they scan I wonder?