Program Alerts based only on extension

[CB]

I tried to put in the wild card character in program alerts for *.pdf but it didn't work so I assume it's because it was looking for the filename of "*" instead of seeing it as a wildcard. This feature would be great because of the vulnerabilities that often arise around certain file types like pdf's and quicktime files before there are patches available to address the potential malware vulnerabilities. I looked and didn't see this point posted and apologize if it is a duplicate request.

If there is a way to automatically run SB by adding it to filetypes in explorer for PDF's then I would appreciate any info that anyone could provide in that regards so that it starts every time for a particular extension. I tried "Start.exe c:\adobe\reader\acrobat.exe" but it wouldn't accept it.

This would be valuable for this program because I'm not about to open VMware to read a pdf file but I would like to have protection against javascript malware that could be included in such a file without turning off/on pdf scripting when needed.

Thanks

[MitchE323]

Well, If I am getting your question correctly - extensions have default openers. In your case, with pdf's, I assume your default opener is Adobe Reader. If you set the opener as a Forced Program, then any extensions that are set as the default will open sandboxed. This will be system wide and cover all of the pdf's on your computer.

[CB]

Well, If I am getting your question correctly - extensions have default openers. In your case, with pdf's, I assume your default opener is Adobe Reader. If you set the opener as a Forced Program, then any extensions that are set as the default will open sandboxed. This will be system wide and cover all of the pdf's on your computer.

Thanks for replying. It seems that your saying that you can use only extensions in the "Forced Programs" configuration and have it work but since I don't currently have the registered version, I didn't have that option to experiment with so I tried to use Windows explorer to start SB by default for the .pdf extension with the actual viewer application to open that extension as a following parameter but File Manager didn't allow it [at least in the format that I tried]. Maybe someone knows of an acceptable format that will work...

The question I have now is why can't you use an extension only in CONFIGURE-ALERT PROGRAMS and have it work? Is it designed that way to limit functionality so that you purchase the "full" program or is it simply an oversight? I tried both ".pdf" and "*.pdf"... is there a different way to represent an extension that will work in ALERT PROGRAMS?

btw: I'm not "faulting" the developer if it's designed to encourage the purchase of the product but instead wondering why it would work in one aspect of the application but not another because it seems that the ALERT PROGRAMS doesn't accept extensions in either version of this app. It's good to know that it can function with extensions only in the paid version in part so thanks for that information.

[Guest]

Well, If I am getting your question correctly - extensions have default openers. In your case, with pdf's, I assume your default opener is Adobe Reader. If you set the opener as a Forced Program, then any extensions that are set as the default will open sandboxed. This will be system wide and cover all of the pdf's on your computer.

Thanks for replying. It seems that your saying that you can use only extensions in the "Forced Programs" configuration and have it work but since I don't currently have the registered version, I didn't have that option to experiment with so I tried to use Windows explorer to start SB by default for the .pdf extension with the actual viewer application to open that extension as a following parameter but File Manager didn't allow it [at least in the format that I tried]. Maybe someone knows of an acceptable format that will work...

The question I have now is why can't you use an extension only in CONFIGURE-ALERT PROGRAMS and have it work? Is it designed that way to limit functionality so that you purchase the "full" program or is it simply an oversight? I tried both ".pdf" and "*.pdf"... is there a different way to represent an extension that will work in ALERT PROGRAMS?

btw: I'm not "faulting" the developer if it's designed to encourage the purchase of the product but instead wondering why it would work in one aspect of the application but not another because it seems that the ALERT PROGRAMS doesn't accept extensions in either version of this app. It's good to know that it can function with extensions only in the paid version in part so thanks for that information.

Dang...I wish I could have edited this without replying again. I reread your reply and realized I had misunderstood it. Evidently, extensions don't work in either of these areas but your method is a way to resolve it. It may not be optimal for when you use multiple applications on the same file type or for an application that uses multiple file types which may not all be vulnerable to a security risk but thanks for pointing out that it can still function as a macro protection method. I still think it would be a nice added feature for either version for micro-control of what gets sandboxed.

[MitchE323]

OK, in reading the opening post there is a difference in the 1st and 2nd paragraphs. The first paragraph asks about Alert Programs. I will describe what happens here, in the registered version. If I add *.exe to the list and open calc.exe, Sandboxie will alert me. If I place *.pdf on the list, there is no alert. So there is no attempt at enticing registrations. I believe that in the case where an extension can not just open on its' own and requires an opener - there is no alert. It is because you are opening Adobe Reader, and then Adobe Reader is opening the pdf. So it is probably Windows that can not accept a *.pdf instruction, in this manner. (Tzuk may correct me here). But for the pdf files that concern you, placing acrobat.exe as an Alert Program may do the trick.

Just check that acrobat.exe is the one you want in Task Manager. For me, with Adobe Reader 9, it is Acrord32.exe.

Now, the 2nd paragraph of the first post is asking about sandboxing by extension. Sandboxing, and not just alerting. That is what I was answering in the previous post. Sorry for the confusion.

It's good to know that it can function with extensions only in the paid version in part so thanks for that information.

Ok, I see in your post that you now understand this is wrong. Just to re-say; If I want all of my pdf's to open sandboxed, I set Acrord32.exe as a Forced Program. For bmp's my default opener is Paint Shop Pro, and I set Psp.exe as a Forced Program. For .doc it is Winword.exe that is set as a Forced Program, and so on.

[tzuk]

It's called Program Alerts because it deals with programs. A PDF document is not a program, but AcroRd32.exe is. So if you want to get an alert about PDFs, you can add AcroRd32.exe to the list of program alerts.

[Ruhe]

It's called Program Alerts because it deals with programs. A PDF document is not a program, but AcroRd32.exe is. So if you want to get an alert about PDFs, you can add AcroRd32.exe to the list of program alerts.

All the long posting above consolidated into three sentences

[MitchE323]

All the long posting above consolidated into three sentences

Consolidated; Shorter would be 'condensed'.

[dynarx]

All the long posting above consolidated into three sentences

Consolidated; Shorter would be 'condensed'.

'shrunk'



D

[CB]

It's called Program Alerts because it deals with programs. A PDF document is not a program, but AcroRd32.exe is. So if you want to get an alert about PDFs, you can add AcroRd32.exe to the list of program alerts.

This is the "Feature Requests" posting area isn't it?

I now know that it doesn't [yet] but why can't it also mean that any PROGRAM that opens a particular type of file extension will be offered or forced into a sandbox? All I'm pointing out from the very first post is that having the option to "micro-control" what gets sandboxed based on file extension would be a useful feature and I was trying to get confirmation that it's not an already included feature of the registered version.

With so many programs now having the ability to work with so many file types, it makes sense to be able to protect your system from those particular file types [with embedded code] that can cause harm without forcing the "universal" apps that can open them to always run sandboxed even when they may only be opening a text file.

Thanks for your response Mitch.

[MitchE323]

I was trying to get confirmation that it's not an already included feature of the registered version.

I will describe what happens here, in the registered version.

I got ya CB, I understood what you were asking, and that is why I replied as I did. Also, YQW. But... gotta keep this short. BYE

[tzuk]

Unfortunately, CB, it doesn't work that way. Your computer runs programs, not documents. When you click a PDF file, a program starts, which later goes on to open the document, render it visually and let you interact with it.

The only possible way to do what you want is what I suggested, that you put AcroRd32.exe as an alert program (but the same is true for a forced program if you have the registered version).

This is the "Feature Requests" posting area isn't it?

Yes, but that does not mean that every feature request is possible or feasible. In this case I'm saying it isn't and I advise an alternative.

[CB]

Unfortunately, CB, it doesn't work that way. Your computer runs programs, not documents. When you click a PDF file, a program starts, which later goes on to open the document, render it visually and let you interact with it.

The only possible way to do what you want is what I suggested, that you put AcroRd32.exe as an alert program (but the same is true for a forced program if you have the registered version).

This is the "Feature Requests" posting area isn't it?

Yes, but that does not mean that every feature request is possible or feasible. In this case I'm saying it isn't and I advise an alternative.

Yes...the computer runs programs to open documents so why can't Sandboxie offer to associate itself as the default program for a particular extension and then give the user a choice as to what PROGRAM will run in SB to open that document or set a default? I'm not a professional coder but it doesn't seem like it would be "unfeasible" to me.

Besides, I've seen a lot of talented coders accomplish things that were once considered not possible so I'll leave this suggestion in their hands as to whether it can or is worth it for them to do.

PS: I would also like Sandboxie to make me coffee in the morning.

[tzuk]

Yes...the computer runs programs to open documents so why can't Sandboxie offer to associate itself as the default program for a particular extension and then give the user a choice as to what PROGRAM will run in SB to open that document or set a default? I'm not a professional coder but it doesn't seem like it would be "unfeasible" to me.

Not feasible in the sense that it's a bad idea that has the potential to introduce problems into the system. If you think that's the best idea ever then you're free to tweak your associations accordingly -- you don't need me or anyone else to do that.

[Guest]

Yes...the computer runs programs to open documents so why can't Sandboxie offer to associate itself as the default program for a particular extension and then give the user a choice as to what PROGRAM will run in SB to open that document or set a default? I'm not a professional coder but it doesn't seem like it would be "unfeasible" to me.

Not feasible in the sense that it's a bad idea that has the potential to introduce problems into the system. If you think that's the best idea ever then you're free to tweak your associations accordingly -- you don't need me or anyone else to do that.

I don't believe I said it's the best idea ever...just useful. I attempted to "tweak" my file associations hoping that I could "pipe" a program into SB Start.exe like an antivirus program accepts a file parameter to scan ie. "vscan c:\file" but I suppose the executable has to be programmed to accept parameters in order for that to work. If this were done I could accomplish my goal as associating an extension like a pdf to SB Start.exe alone without a recognizable target application isn't going to work since SB won't understand the file type.

BTW, I don't understand your concerns over the association of file types since nearly every program you install today asks to be the default association for the file types that it handles. Frankly though, I think the commandline use of parameters for SB to start a chosen application within it after it starts is the better and seemingly easier option anyway which would avoid any concerns with Windows applied associations while allowing manually applied associations.

Lastly, I'm just realizing that you might be the programmer of SB and if so, I want to assure you that I mean no disrespect as this is a nice program. I just think that it could further separate itself from the numerous "virtual machine" methods of protection by allowing a finer ability to control when and what it runs sandboxed...meaning: it's a feature that would make licensing the full version appealing to me.