Restrict program from reading my files

If it's not about a problem in the program
Post Reply
jeffdunham
Posts: 3
Joined: Fri Dec 22, 2017 3:58 pm

Restrict program from reading my files

Post by jeffdunham » Fri Dec 22, 2017 4:04 pm

If I'm not mistaken, when I run a program in sandboxie, it can still read my files, right? For example, when I installed and ran firefox from a sandbox, it still used my preferences, bookmarks and plugins from my actual firefox installation, what if I wanted a completely isolated copy of firefox to run in sandboxie, is this possible?

Sam777
Posts: 31
Joined: Sat Mar 28, 2015 5:39 pm

Re: Restrict program from reading my files

Post by Sam777 » Sat Dec 23, 2017 9:07 am

As you learned, programs can see outside of a sandbox. A work around to what you want is to have FF always in a sandbox and not installed outside of Sandboxie. I currently have 30+ sandboxes with FF and none of them see the settings of another, even when running at the same time.

If you need FF outside of a sandbox for some reason, the other option is to use Blocked Process Access created by wraithdu. Implementing this, will block programs from seeing outside of its own sandbox. This is listed in Contributed Utilities & Templates on the main forum page.

viewtopic.php?f=22&t=4885

jeffdunham
Posts: 3
Joined: Fri Dec 22, 2017 3:58 pm

Re: Restrict program from reading my files

Post by jeffdunham » Sat Dec 23, 2017 10:37 am

Thanks for your reply. That's a great idea to have multiple firefox isntallation inside sandboxie. Although I would prefer a real one. I was playing with the File access options. If I add my whole AppData folder to "Blocked access", firefox refuses to install at all, and if I add AppData to "Write only access", it installs fine, but the tabs keep crashing (maybe it can't read from appdata? which seems odd).

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Re: Restrict program from reading my files

Post by Guest10 » Sat Dec 23, 2017 12:16 pm

When installing Firefox in a sandbox you can hide the current Firefox files that are outside of the sandbox.
That way nothing from that install will be included in the sandboxed install.

Hide those items using Sandboxie's "File Access > Write-Only Access" setting:
https://www.sandboxie.com/ResourceAccessSettings#file

Sandbox Settings > Resource Access > File Access > Write-Only Access
This setting makes the folders that you select appear to be empty, when the Firefox install program runs in the sandbox.
Those folders will then be created inside of the sandbox, and the files in them will be used by the sandboxed Firefox.

1) Create the necessary sandbox for Firefox
2) Either Add the Write-Only Access settings needed to hide the Firefox folders outside of the sandbox, using the Sandbox Settings as listed above (assuming that this is where the current files are located):

C:\Program Files\Mozilla Firefox\
%AppData%\Mozilla\Firefox\
%Local AppData%\Mozilla\Firefox\

OR, just add the following lines to the configuration settings for that sandbox, using:
Sandboxie Control menu > Configure > Edit Configuration
(again, assuming that this is where the current files are located)

Code: Select all

WriteFilePath=C:\Program Files\Mozilla Firefox\
WriteFilePath=%AppData%\Mozilla\Firefox\
WriteFilePath=%Local AppData%\Mozilla\Firefox\
3) Save the sandbox settings, then right-click the Firefox installer file and "Run Sandboxed" - selecting the appropriate sandbox from the list, to install Firefox.

4) If you want, you can also use the Write-Only Access setting to prevent programs using that sandbox from reading the files in your computer's Documents folder. Programs will still be allowed to write to a Documents folder that's located inside of the sandbox, and the default Quick Recovery setting for the sandbox will allow you to recover those files to the Documents folder outside of the sandbox. I always uncheck Immediate Recovery for my sandboxes.

WriteFilePath=%Personal%\
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

jeffdunham
Posts: 3
Joined: Fri Dec 22, 2017 3:58 pm

Re: Restrict program from reading my files

Post by jeffdunham » Sat Dec 23, 2017 12:37 pm

Thank you. I tried this, adding Firefox appdata to the Write only access list, firefox installs fine and opens, but every tab crashes within about 1 second of loading the website. :/

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Re: Restrict program from reading my files

Post by Guest10 » Sun Dec 24, 2017 7:03 am

jeffdunham wrote:
Sat Dec 23, 2017 12:37 pm
Thank you. I tried this, adding Firefox appdata to the Write only access list, firefox installs fine and opens, but every tab crashes within about 1 second of loading the website. :/
Did you start with a newly created sandbox, with only the default settings, and then add the suggested settings?

WriteFilePath=C:\Program Files\Mozilla Firefox\
WriteFilePath=%AppData%\Mozilla\Firefox\
WriteFilePath=%Local AppData%\Mozilla\Firefox\

I just tried it again, and it works fine for me.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2337
Joined: Mon Nov 07, 2016 3:10 pm

Re: Restrict program from reading my files

Post by Barb@Invincea » Wed Dec 27, 2017 11:52 am

Hello jeffdunham,

Adding to what Guest10 explained:

Regarding Firefox crashing, have a look at this thread:
viewtopic.php?p=131074#p131074

Regards,
Barb.-

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest