VHD mount outside the sandbox.

[adyandrei28]

I wanted to test a software called Simple VHD manager inside Sandboxie.

Sandboxie 5.16 (64-bit);
Windows 7 64-bit.

The problem is that the VHDs are mounted outside the sandbox and I'm not sure, when testing, if these programs are safe.
I just need a very clean computer and this is why I prefer to use Sandboxie, to don't trust these portable apps.

Here are screenshots of the problem: http://imgur.com/a/fkoiW
The vhd has been mounted outside: http://imgur.com/tZohleX

Antivirus I use: Windows Defender (it's default)
I scan with Emsisoft Emergency Kit every week.

[Barb@Invincea]

Hello adyandrei28 ,

Can you please provide steps to reproduce the problem and bit more info regarding what's going on?
Just to clarify, you will not be able to mount drives inside Sandboxie as that usually requires low level drivers, which cannot be installed inside Sbie.
However, you may be able to run the application Sandboxed, depending on what are you trying to do.

Regards,
Barb.-

[Syrinx]

/Grumble

[Syrinx]

https://www.wilderssecurity.com/threads ... st-2682044

[Barb@Invincea]

Hello Syrinx,

I did some testing when this thread was originally posted, and other than mounting existing drives outside the Sandbox, everything else triggered by the program was Sandboxed. Did you see a different behavior?

I tried creating a VHD via the program and it failed, I tried modifying the drive via the Sandboxed program and it did not modify the host. Played with menus and adding options, etc etc, nothing affected the host (except for the drive mounting).

I made the devs aware when this thread was posted. If they find a way to change this behavior, it will be posted here.

Regards,
Barb.-

[Syrinx]

Nope, nothing inside was able to run anything it mounted via the mounted drive [but the fact remains it is mounted on the actual system] without getting sandboxed itself. The exception is of course if the user navigates to or decides to 'open' something from said mounted drive outside of a sandboxed app (and this area now exists there) which is sort of the anti-thesis of sandboxie IMO. Without pre-made/allowed rules nothing inside SBIE should be able to 'create' a new file (let alone a new drive with files) outside of sandboxie where a user might then be tempted to explore thinking SBIE wouldn't allow such an escape...

I be mad tho (aka cra-cra) so who cares what I think?!

On my end I added:
ClosedFilePath=*\Windows\*virtdisk.dll
&
ClosedFilePath=\Device\MountPointManager

to counteract this potential 'oversight' in the time being.

Still plan on /grumbling loudly every so often however until 'properly rectified' :P.

Love ya /wink

[Barb@Invincea]

Hey Syrinx,

Thanks for the update.
As stated before, if/when this behavior is fixed, we will be providing an update in this thread.

Regards,
Barb.-