Sandboxie safe place to unzip infected files?[SOLVED]

If it's not about a problem in the program
Post Reply
Suzanne2

Sandboxie safe place to unzip infected files?[SOLVED]

Post by Suzanne2 » Sat Sep 15, 2012 7:35 pm

I am a website designer.

I have sometimes had sites hacked.

I would like to be able to unload the zip backup files of a site locally and scan them with antivirus and do checks for virus files, modified htaccess files etc.

I am wary of downloading potentially hacked site files as I do not want to infect my machine and then infect my other sites, and the machines of site visitors....

Would sandboxie be a suitable, safe environment to do my scans and checks?
Is there a size limit to sandboxie space?

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Re: Sandboxie safe place to unzip infected files?

Post by Guest10 » Sun Sep 16, 2012 7:50 am

Suzanne2 wrote:Would sandboxie be a suitable, safe environment to do my scans and checks?
I think it's an excellent environment for unzipping and examining files.

Create a sandbox for that use:
Open Sandboxie Control's window (the tray icon) and use "Sandbox" > Create New Sandbox

You will likely want to turn off Immediate Recovery, and "Remove" the default Recovery Folders for that sandbox.
Use the "Sandbox" menu, or right-click the sandbox name in the window:
Sandbox Settings > Recovery > Quick Recovery (and) Immediate Recovery

Check the settings at:
Configure > Software Compatibility
to see what programs have been automatically detected on your computer, and what pre-defined templates have been applied for use in all sandboxes.
The settings in these templates (in the templates.ini file) will be applied to this sandbox in addition to the settings that show in Sandbox Settings. Sometimes a template, such as one for a download manager program, will allow a specific program using that sandbox to save items out of the sandbox. You can select an item there and use "Remove" so the template will not be applied to all sandboxes.

I prefer to start 7-Zip or Winzip first, by right-clicking its shortcut and using Run Sandboxed to select a sandbox to use.
Navigate to the archive file and extract the files. They will be extracted in the sandbox you selected for the file manager to use, whether the archive file is located in the same or a different sandbox, or is outside of any sandbox.
So you could have the archive file in a sandbox where your sandboxed browser downloaded it (such as DefaultBox), and run the file manager using the sandbox that you created to unarchive the files for examination.
Suzanne2 wrote:Is there a size limit to sandboxie space?
No, there's no limit on the size of a sandbox.
When you're done, just use Delete Contents for the sandbox.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

ddfeder
Posts: 7
Joined: Mon Oct 20, 2014 4:29 pm

Re: Sandboxie safe place to unzip infected files?

Post by ddfeder » Wed Apr 19, 2017 12:47 pm

Thank you for the great idea. However, my Anti Virus (AVG) won't allow any infected files to run. If I understand the above then as long as I'm operating within a sandbox I can run a suspect file as long as I except that area from my virus protection software?

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2337
Joined: Mon Nov 07, 2016 3:10 pm

Re: Sandboxie safe place to unzip infected files?

Post by Barb@Invincea » Wed Apr 19, 2017 1:20 pm

Hi ddfeder,

You could do that. However, as safe as Sandboxie is, please do read this entry before you proceed (just to be aware):
https://www.sandboxie.com/index.php?Fre ... ns#HowSafe
Also make sure to follow the instructions provided above regarding blocking host access to Sandboxed applications (in case you are using templates, etc..).

Other than that, if you proceed with caution, Sandboxie is a fantastic environment to examine files and see what they do.

Regards,
Barb.-

ddfeder
Posts: 7
Joined: Mon Oct 20, 2014 4:29 pm

Re: Sandboxie safe place to unzip infected files?

Post by ddfeder » Wed Apr 19, 2017 3:13 pm

Thanks for the prompt reply. When I saw the date of the post I thought the thread might be dead so I posted the question elsewhere. But I am most appreciative of your response,

Dov

ddfeder
Posts: 7
Joined: Mon Oct 20, 2014 4:29 pm

Re: Sandboxie safe place to unzip infected files?[SOLVED]

Post by ddfeder » Wed Apr 19, 2017 5:22 pm

If I can impose again - and this is about AVG so I don't even know if it is the right place to be asking but ....

1. I've created a new sandbox call "arena"
2. Modified settings as per above suggestions
3. Downloaded and saved zipped file to "arena"
4. AVG notified me of maleware and deleted threat
5. Opened AVG Menu/Settings/Components/Resident Shield --> Turned off for 10 minutes
6. Opened AVG Menu/Settings/Components/Software Analyzer --> Turned to Always Ask
7. Opened AVG Menu/Settings/General/Exceptions --> added: D:\Sandboxed Downloads\*
8. Re-downloaded and saved zipped file to "arena"
9. Extracted file to "Temp" folder in "arena"
10.AVG interrupts extraction and deletes file.

So - should I switch to McAffee?

Thanks in advance for any direction/suggestions you can give me -

Dov

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2337
Joined: Mon Nov 07, 2016 3:10 pm

Re: Sandboxie safe place to unzip infected files?[SOLVED]

Post by Barb@Invincea » Fri Apr 21, 2017 11:16 am

Hello ddfeder ,

http://ccm.net/faq/26301-avg-disable-th ... on-feature
You may want to run some google searches to see if there's anything else you need to do.

As for switching to another one, that's entirely up to you. We have a thread with a lot of information regarding Antivirus software and their compatibility with Sandboxie, which might help you make a decision.
Please have a look at this:
http://forums.sandboxie.com/phpBB3/view ... 11&t=21539

Regards,
Barb.-

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests