This, to me, is the one thing that SBIE seems to be lacking, which will correct and chink in its armor. SBIE creates rules based on specific templates. I, for example have one sandbox created for Opera, which uses the rules that were determined safe to use with it. With the template I am able to keep an emails and bookmark charges (among other things) that I want to save. As another part of my system security I also use Shadow Defender, which enables me to get a clean slate on my system by just rebooting. The tricky thing is that I need to exclude certain directories from Shadow Defender so that my browser changes and email, is still there after the reboot. I think this is a semi-common approach. The fact that I have to exclude directories from Shadow Defender (or similar) and from SBIE means that both products have similar holes, ways that they are both vulnerable.
What is SBIE had the ability to specify which types of file types can be written in directories that already have direct or full access? That way, in my situation, I can specify that only Opera.exe can have the ability to write an *.mbs file to the mail directory. That way I am sure that no rouge malware was transfered because no .exe, .com, .bat, etc. file type was written. In that case, even though there is an exception made in my light virtualization application it is irrelevant because of SBIE's specific permissions.
Application having Right Specific Rules
You can already do that, although it may not be apparent since there's no obvious way to do that in Sandboxie's GUI.
If you select a folder for Opera to use as a Direct File Access folder, and want to limit it to files with a specific extension, just modify the setting to add that extension to the setting:
Once you select the program (Opera.exe) and the folder (C:\Anyfolder) you will see in the GUI listing for opera.exe:
C:\Anyfolder\
Just select that setting and use the "Edit/Add" button to edit the setting to:
C:\Anyfolder\*.mbs
and save your work.
The configuration file will show:
OpenFilePath=opera.exe,C:\Anyfolder\*.mbs
Opera can save a file with any filename (*) and a .mbs extension, to the folder outside of the sandbox.
Any file that does not have a .mbs extension will be saved inside of the sandbox.
Repeat the same process with another extension, if needed.
If you select a folder for Opera to use as a Direct File Access folder, and want to limit it to files with a specific extension, just modify the setting to add that extension to the setting:
Once you select the program (Opera.exe) and the folder (C:\Anyfolder) you will see in the GUI listing for opera.exe:
C:\Anyfolder\
Just select that setting and use the "Edit/Add" button to edit the setting to:
C:\Anyfolder\*.mbs
and save your work.
The configuration file will show:
OpenFilePath=opera.exe,C:\Anyfolder\*.mbs
Opera can save a file with any filename (*) and a .mbs extension, to the folder outside of the sandbox.
Any file that does not have a .mbs extension will be saved inside of the sandbox.
Repeat the same process with another extension, if needed.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Oh, I didn't know that. Thanks for letting me know. I've been trying to tighten the template a little and only allow Opera to write specific file types where they need to be written. I'm having a little bit of trouble with Opera. There are areas in the profile that appear to be files with no file types, yet the change date is recent so I know they are being used. How would I treat those. Also the below template seems to be very open-ended. Any ideas how I can close up the holes there?
[Template_Opera_Profile_DirectAccess]
Tmpl.Title=#4338,Opera
Tmpl.Class=WebBrowser
OpenFilePath=opera.exe,%Tmpl.Opera%\
OpenFilePath=opera.exe,%AppData%\Opera\*\Profile\
OpenFilePath=opera.exe,%Local AppData%\Opera\*\Profile\
Who is online
Users browsing this forum: No registered users and 1 guest