I was just thinking about ideas that would make SBIE even better than it is. I came up with one. What if SBIE was able to determine what kind of filetype was able to be written in allowed directories. I have an Opera sandbox, which allows read/write access to the Opera profile directory. The only files of interest to me there, that I cannot specify individually, are *.mbs files, which store Opera's emails. What if only *.mbs files were allowed to write themselves to that directory? That would eliminate my worry about giving blanket read/write access to the (or any) directory.
I do not run a resident malware scanner. I rely on Shadow Defender, which also is allowed to write to the Opera profile directory.
Just an idea....
What File Writes
If you do not give direct access to the entire folder (or to a folder that's above that one), then you can already restrict a specified program to write only .mbs files to the folder. No need for a feature request.
First use Sandbox Settings to set up Direct Access to the entire profile folder, using the "Add" button.
Or, just select that Direct Access setting in the Direct File Access list if you already have it.
Then while that setting is selected, click the "Edit/Add" button and put *.mbs at the end.
OpenFilePath=opera.exe,C:\path\to\profile folder\*.mbs
First use Sandbox Settings to set up Direct Access to the entire profile folder, using the "Add" button.
Or, just select that Direct Access setting in the Direct File Access list if you already have it.
Then while that setting is selected, click the "Edit/Add" button and put *.mbs at the end.
OpenFilePath=opera.exe,C:\path\to\profile folder\*.mbs
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Thank you for your help with that, I didn't know it was possible. I uses to just use the SBIE Opera template, but now I don't have to. I do need a little help with tweaking a few things though. After making the changes I notices that Opera is not aware of when I delete emails; they are still shown as new and in the same view as before they were deleted when I restart Opera. Also, my IRC rooms have been de-listed I don't know what else needs to have read/write permissions, but any help would be appreciated.
ProcessGroup=<StartRunAccess_Opera>,opera.exe,amazonmp3downloader.exe,amazon~1.exe,ledit.exe,dllhost.exe,media center 15.exe,mediac~1.exe,media,excel.exe,msaccess.exe,mspub.exe,ois.exe,powerpnt.exe,pptview.exe,mediae~1.exe,winword.exe,packageinstaller.exe,packag~1.exe,jp2launcher.exe,java.exe,halite.exe,pdfxcview.exe,pdfxcv~1.exe,werfault.exe
ProcessGroup=<InternetAccess_Opera>,opera.exe,videoget.exe,amazonmp3downloader.exe,amazon~1.exe,jrworker.exe,jrservice.exe,jrserv~1.exe,media center 15.exe,mediac~1.exe,packageinstaller.exe,packag~1.exe,jp2launcher.exe,java.exe,halite.exe
[Opera]
ConfigLevel=6
AutoRecover=y
RecoverFolder=D:\Downloads
RecoverFolder=%Personal%
LingerProcess=wuauclt.exe
LingerProcess=devldr32.exe
LingerProcess=trustedinstaller.exe
Enabled=y
AutoDelete=y
NeverDelete=n
DeleteCommand=C:\Program Files\BCWipe\BCWipe.exe Delete -UD1 -NoSwapFile -Hidden "%SANDBOX%"
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\cookies4.dat
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\contacts.adr
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\notes.adr
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\urlfilter.ini
OpenPipePath=opera.exe,%AppData%\Opera\Opera\profile\wand.dat
OpenPipePath=amazonmp3downloader.exe,%Personal%\
OpenPipePath=SandboxieRpcSs.exe,%Personal%\
BoxNameTitle=y
ClosedFilePath=!<InternetAccess_Opera>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_Opera>,\Device\Udp6
ClosedFilePath=!<InternetAccess_Opera>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_Opera>,\Device\Ip6
ClosedFilePath=!<InternetAccess_Opera>,\Device\RawIp
ClosedFilePath=!<InternetAccess_Opera>,\Device\Udp
ClosedFilePath=!<InternetAccess_Opera>,\Device\Tcp
ClosedFilePath=!<InternetAccess_Opera>,\Device\Ip
ClosedFilePath=!<InternetAccess_Opera>,\Device\Afd*
ClosedFilePath=C:\Program Files\LnS
ClosedFilePath=C:\Program Files\Shadow Defender
ClosedFilePath=C:\Program Files\AnVir\
ClosedFilePath=\Device\Mup\
NotifyStartRunAccessDenied=y
Template=Opera_Force
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
Template=Opera_Mail
Template=Opera_Bookmarks_DirectAccess
DropAdminRights=y
NotifyInternetAccessDenied=y
OpenFilePath=%AppData%\Opera\Opera\bookmarks.adr
OpenFilePath=%AppData%\Opera\Mail\*.mbs
OpenFilePath=%AppData%\Opera\Opera\contacts.adr
OpenFilePath=%AppData%\Opera\Opera\notes.adr
OpenFilePath=%AppData%\Opera\Opera\urlfilter.ini
OpenFilePath=%AppData%\Opera\Opera\wand.dat
OpenFilePath=%Local AppData%\Opera\Opera\icons\*.idx
OpenFilePath=%Local AppData%\Opera\Opera\icons\*.ico
OpenFilePath=opera.exe,%AppData%\Opera\Opera\urlfilter.ini
ReadKeyPath=HKEY_CURRENT_USER\Software\Soft4Ever
ReadFilePath=C:\Windows\Sandboxie.ini
ClosedIpcPath=!<StartRunAccess_Opera>,*
I'm not familiar with Opera, but this reminds me of the way Thunderbird stores it's emails in files.
TB would have a file called "InBox" which holds the actual emails, but it also has a file called "InBox.msf" which acts like a kind of index file:
Indexing the emails that are in the InBox file.
Maybe you can examine the Opera profile folder in the sandbox, with Windows Explorer, after you delete an email.
Make note of the time you deleted the file and look for other files in the sandbox that show the same time stamp.
TB would have a file called "InBox" which holds the actual emails, but it also has a file called "InBox.msf" which acts like a kind of index file:
Indexing the emails that are in the InBox file.
Maybe you can examine the Opera profile folder in the sandbox, with Windows Explorer, after you delete an email.
Make note of the time you deleted the file and look for other files in the sandbox that show the same time stamp.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
I'm having a little trouble finding out just what files need read/write access. Again, I don't feel comfortable using the built-in template because it gives that access to the entire profile directory. If I cannot solve it this way, what about looking at it another way; what about denying read/write access to certain file types. It seems to me there is no point in allowing *.exe, *.com, *.bat, *.vbs, etc. to write to Opera's profile? Or am I wrong here? Would that not allow me to tighten the reins, so to speak?
I think I may have solved it I sent myself an email, exited, then started Opera again. The message was still there, as it should be. Then I deleted that email, along with the copy stored in "sent", emptied the trash, exited, and restarted opera. Neither message was there, which was the intended result. Below is the read/write portion of my Opera config that seems to work for what I wanted. The only way I was able to get this to work was by allowing access to every file that was modified outside the sandbox when I received and deleted email, done by time stamp. I tried to be as specific as I could with respect to limiting read/write to filetypes. Let me know if this works for everyone interested, and if it should theoretically work for all mail.
The only thing I'm having trouble with now is that news feeds are not displayed where they should be, but rather in my incoming mail view.
The only thing I'm having trouble with now is that news feeds are not displayed where they should be, but rather in my incoming mail view.
OpenFilePath=%AppData%\Opera\Opera\bookmarks.adr
OpenFilePath=%AppData%\Opera\Mail\store\*.mbs
OpenFilePath=%AppData%\Opera\Opera\contacts.adr
OpenFilePath=%AppData%\Opera\Opera\notes.adr
OpenFilePath=%AppData%\Opera\Opera\urlfilter.ini
OpenFilePath=%AppData%\Opera\Opera\wand.dat
OpenFilePath=%Local AppData%\Opera\Opera\icons\*.idx
OpenFilePath=%Local AppData%\Opera\Opera\icons\*.ico
OpenFilePath=%AppData%\Opera\Mail\index.ini
OpenFilePath=%AppData%\Opera\Mail\*.txt
OpenFilePath=%AppData%\Opera\Mail\indexer\indexer.axx
OpenFilePath=%AppData%\Opera\Mail\indexer\indexer.ax
OpenFilePath=%AppData%\Opera\Mail\accounts.ini
OpenFilePath=%AppData%\Opera\Mail\omailbase.dat
OpenFilePath=%AppData%\Opera\Mail\indexer\indexer.bx
OpenFilePath=%AppData%\Opera\Mail\indexer\message_id.
OpenFilePath=%AppData%\Opera\Mail\lexicon\indexer.bx
OpenFilePath=%AppData%\Opera\Mail\lexicon\indexer.axx
OpenFilePath=%AppData%\Opera\Mail\newsfeed\*.
OpenFilePath=%AppData%\Opera\pop3\uidl_account1_ver8.
OpenFilePath=%AppData%\Opera\pop3\uidl_account13_ver8.
Who is online
Users browsing this forum: No registered users and 1 guest
