Does Sandboxie leak temp files

If it doesn't fit elsewhere, it goes here
Post Reply
bjm
Posts: 458
Joined: Sat Aug 02, 2008 4:24 pm

Does Sandboxie leak temp files

Post by bjm » Sat Aug 30, 2014 7:36 pm

Hello Forum'
Wondering does sandboxed browser leak AppData\Local\**** files
I can be browsing for a few hours ...not empty my sandbox.
Run my third party temp file cleaner and tracks eraser and always find 3 MB's of temp files and 30 tracks.
After I dump my browser sandbox and run third party temp file cleaner and tracks eraser.
I find the same 3 MB's of temp files to be cleaned and the same 30 tracks to be erased.
How is it that my third party app can reach into my sandbox before I dump it.

Thanks
Sandboxie 5.25.2 - W10 Home 1703 (15063.1058) - WebrootSA 9.0.20.31 - Firefox 59.0.3

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Re: Does Sandboxie leak temp files

Post by Guest10 » Sun Aug 31, 2014 7:11 am

There are many Sandboxie templates that make use of Direct File Access for files underneath the %Local Appdata% folder, thus allowing files to be saved out of the sandbox to various sub-folders.
I can only assume that you're using one of those templates.

You can see which templates make use of that Direct Access setting by searching for "%Local Appdata%" in the templates.ini file, in Sandboxie's program files folder.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

bjm
Posts: 458
Joined: Sat Aug 02, 2008 4:24 pm

Re: Does Sandboxie leak temp files

Post by bjm » Sun Aug 31, 2014 6:45 pm

Guest10 wrote:There are many Sandboxie templates that make use of Direct File Access for files underneath the %Local Appdata% folder, thus allowing files to be saved out of the sandbox to various sub-folders.
I can only assume that you're using one of those templates.
Hi Guest10
Thanks for pointing me to templates.ini file. I had never looked in it before.
But, http://www.glarysoft.com/glary-utilities-pro/ is not listed
I run the temp cleaner and track eraser directly before opening sandbox'd FF.
Close sandbox'd FF | Do not manually dump sand | run temp cleaner and tracks eraser | dump sand | re-run temp cleaner and tracks eraser | same findings as before I dumped sand.
So, in your best guesstimate by running a scan w Glary. Glary is pulling from AppData\Local | AppData\Roaming which is not by default held in the sandbox.
I really don't understand what's happening. Do I have a hole in my sandbox that needs patching.
I presumed that my utility cleaner would not find anything while sand is not dumped or after sand is dumped.
Where does the sand go when dumped.
Why do you imagine my utility cleaner pulls the same files and folders MB's contained in the sandbox.
Is AppData contained in the sandboxed or is AppData allowed to write to my HD
Is this normal
Thanking you in advance
bjm
Sandboxie 5.25.2 - W10 Home 1703 (15063.1058) - WebrootSA 9.0.20.31 - Firefox 59.0.3

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Re: Does Sandboxie leak temp files

Post by Guest10 » Mon Sep 01, 2014 11:05 am

No it wouldn't have any template there, since it wouldn't need a template unless you were running Glary Utilities sandboxed (I assume it's not being run sandboxed).
bjm wrote: I run the temp cleaner and track eraser directly before opening sandbox'd FF.
Close sandbox'd FF | Do not manually dump sand | run temp cleaner and tracks eraser | dump sand | re-run temp cleaner and tracks eraser | same findings as before I dumped sand.
So, in your best guesstimate by running a scan w Glary. Glary is pulling from AppData\Local | AppData\Roaming which is not by default held in the sandbox.
Without seeing the file names I can't say if it's some setting that you have for Firefox or if it's just Windows writing files there.
The Firefox phishing template allows Firefox to write to folders under %AppData% and %Local AppData%, but those files should also be underneath a folder with the name "Mozilla" in it.
Don't forget that the sandboxed program may not be writing outside of the sandbox but Windows does do a lot of writing, as mentioned under Privacy Concerns.
http://www.sandboxie.com/index.php?PrivacyConcerns
bjm wrote:Where does the sand go when dumped.
When the sandbox contents are deleted they bypass the Recycle Bin, just as what would happen if a DOS or batch file did the deleting or if you hold down the <shift> key while deleting a file in Windows Explorer. Windows System Restore can save copies of some of the files if it's turned-on, but that doesn't save them underneath the %Local AppData% folder - so that's not likely the source of those files.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

bjm
Posts: 458
Joined: Sat Aug 02, 2008 4:24 pm

Re: Does Sandboxie leak temp files

Post by bjm » Mon Sep 01, 2014 4:16 pm

Thanks I resolved my Topic
AppData = Open File Path
Don't remember adding AppData to Direct Access

Cheers
Sandboxie 5.25.2 - W10 Home 1703 (15063.1058) - WebrootSA 9.0.20.31 - Firefox 59.0.3

bjm
Posts: 458
Joined: Sat Aug 02, 2008 4:24 pm

Re: Does Sandboxie leak temp files

Post by bjm » Thu Sep 11, 2014 7:12 pm

Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?
Sandboxie 5.25.2 - W10 Home 1703 (15063.1058) - WebrootSA 9.0.20.31 - Firefox 59.0.3

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2809
Joined: Wed Apr 22, 2009 9:17 pm

Re: Does Sandboxie leak temp files

Post by bo.elam » Fri Sep 12, 2014 12:30 pm

bjm wrote:Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?
If you don't know the reason or remember why your DefaultBox has Direct access to AppData, remove the setting. Thats what I would do. I have never allowed Direct access to AppData or the entire Firefox profile folder but if you are allowing access to either folder, you should expect to see files written out of the sandbox.

Bo

bjm
Posts: 458
Joined: Sat Aug 02, 2008 4:24 pm

Re: Does Sandboxie leak temp files

Post by bjm » Sat Sep 13, 2014 7:31 pm

bo.elam wrote:
bjm wrote:Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?
If you don't know the reason or remember why your DefaultBox has Direct access to AppData, remove the setting. Thats what I would do. I have never allowed Direct access to AppData or the entire Firefox profile folder but if you are allowing access to either folder, you should expect to see files written out of the sandbox. Bo
Anyway, I created a Firefox sandbox wo AppData Direct access and I've been testing it for a few days.
Dumping a larger sandbox
What about the default Direct access to phishing database
Sandboxie 5.25.2 - W10 Home 1703 (15063.1058) - WebrootSA 9.0.20.31 - Firefox 59.0.3

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2809
Joined: Wed Apr 22, 2009 9:17 pm

Re: Does Sandboxie leak temp files

Post by bo.elam » Sat Sep 13, 2014 9:57 pm

bjm wrote: What about the default Direct access to phishing database
I leave that on. It doesn't bother me.

Bo

bjm
Posts: 458
Joined: Sat Aug 02, 2008 4:24 pm

Re: Does Sandboxie leak temp files

Post by bjm » Thu Oct 02, 2014 2:57 pm

Why does AppData populate in my FF sandbox.
Internet Access is firefox.exe | plug-in container.exe | crashreporter.exe
Still trying to understand why my Temp File Cleaner finds 20MB's from AppData\Local\Temp
Sandboxie 5.25.2 - W10 Home 1703 (15063.1058) - WebrootSA 9.0.20.31 - Firefox 59.0.3

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2809
Joined: Wed Apr 22, 2009 9:17 pm

Re: Does Sandboxie leak temp files

Post by bo.elam » Thu Oct 02, 2014 6:34 pm

For me, if I navigate my computer at the same time that I am running Firefox sandboxed, my computer looks like in your picture. But once I close Firefox and delete the sandbox, all the folders that we see in the picture are gone. Perhaps you are not deleting the sandbox.

Bo

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest