Page 1 of 1

Does Sandboxie leak temp files

Posted: Sat Aug 30, 2014 7:36 pm
by bjm
Hello Forum'
Wondering does sandboxed browser leak AppData\Local\**** files
I can be browsing for a few hours ...not empty my sandbox.
Run my third party temp file cleaner and tracks eraser and always find 3 MB's of temp files and 30 tracks.
After I dump my browser sandbox and run third party temp file cleaner and tracks eraser.
I find the same 3 MB's of temp files to be cleaned and the same 30 tracks to be erased.
How is it that my third party app can reach into my sandbox before I dump it.

Thanks

Re: Does Sandboxie leak temp files

Posted: Sun Aug 31, 2014 7:11 am
by Guest10
There are many Sandboxie templates that make use of Direct File Access for files underneath the %Local Appdata% folder, thus allowing files to be saved out of the sandbox to various sub-folders.
I can only assume that you're using one of those templates.

You can see which templates make use of that Direct Access setting by searching for "%Local Appdata%" in the templates.ini file, in Sandboxie's program files folder.

Re: Does Sandboxie leak temp files

Posted: Sun Aug 31, 2014 6:45 pm
by bjm
Guest10 wrote:There are many Sandboxie templates that make use of Direct File Access for files underneath the %Local Appdata% folder, thus allowing files to be saved out of the sandbox to various sub-folders.
I can only assume that you're using one of those templates.
Hi Guest10
Thanks for pointing me to templates.ini file. I had never looked in it before.
But, http://www.glarysoft.com/glary-utilities-pro/ is not listed
I run the temp cleaner and track eraser directly before opening sandbox'd FF.
Close sandbox'd FF | Do not manually dump sand | run temp cleaner and tracks eraser | dump sand | re-run temp cleaner and tracks eraser | same findings as before I dumped sand.
So, in your best guesstimate by running a scan w Glary. Glary is pulling from AppData\Local | AppData\Roaming which is not by default held in the sandbox.
I really don't understand what's happening. Do I have a hole in my sandbox that needs patching.
I presumed that my utility cleaner would not find anything while sand is not dumped or after sand is dumped.
Where does the sand go when dumped.
Why do you imagine my utility cleaner pulls the same files and folders MB's contained in the sandbox.
Is AppData contained in the sandboxed or is AppData allowed to write to my HD
Is this normal
Thanking you in advance
bjm

Re: Does Sandboxie leak temp files

Posted: Mon Sep 01, 2014 11:05 am
by Guest10
No it wouldn't have any template there, since it wouldn't need a template unless you were running Glary Utilities sandboxed (I assume it's not being run sandboxed).
bjm wrote: I run the temp cleaner and track eraser directly before opening sandbox'd FF.
Close sandbox'd FF | Do not manually dump sand | run temp cleaner and tracks eraser | dump sand | re-run temp cleaner and tracks eraser | same findings as before I dumped sand.
So, in your best guesstimate by running a scan w Glary. Glary is pulling from AppData\Local | AppData\Roaming which is not by default held in the sandbox.
Without seeing the file names I can't say if it's some setting that you have for Firefox or if it's just Windows writing files there.
The Firefox phishing template allows Firefox to write to folders under %AppData% and %Local AppData%, but those files should also be underneath a folder with the name "Mozilla" in it.
Don't forget that the sandboxed program may not be writing outside of the sandbox but Windows does do a lot of writing, as mentioned under Privacy Concerns.
http://www.sandboxie.com/index.php?PrivacyConcerns
bjm wrote:Where does the sand go when dumped.
When the sandbox contents are deleted they bypass the Recycle Bin, just as what would happen if a DOS or batch file did the deleting or if you hold down the <shift> key while deleting a file in Windows Explorer. Windows System Restore can save copies of some of the files if it's turned-on, but that doesn't save them underneath the %Local AppData% folder - so that's not likely the source of those files.

Re: Does Sandboxie leak temp files

Posted: Mon Sep 01, 2014 4:16 pm
by bjm
Thanks I resolved my Topic
AppData = Open File Path
Don't remember adding AppData to Direct Access

Cheers

Re: Does Sandboxie leak temp files

Posted: Thu Sep 11, 2014 7:12 pm
by bjm
Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?

Re: Does Sandboxie leak temp files

Posted: Fri Sep 12, 2014 12:30 pm
by bo.elam
bjm wrote:Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?
If you don't know the reason or remember why your DefaultBox has Direct access to AppData, remove the setting. Thats what I would do. I have never allowed Direct access to AppData or the entire Firefox profile folder but if you are allowing access to either folder, you should expect to see files written out of the sandbox.

Bo

Re: Does Sandboxie leak temp files

Posted: Sat Sep 13, 2014 7:31 pm
by bjm
bo.elam wrote:
bjm wrote:Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?
If you don't know the reason or remember why your DefaultBox has Direct access to AppData, remove the setting. Thats what I would do. I have never allowed Direct access to AppData or the entire Firefox profile folder but if you are allowing access to either folder, you should expect to see files written out of the sandbox. Bo
Anyway, I created a Firefox sandbox wo AppData Direct access and I've been testing it for a few days.
Dumping a larger sandbox
What about the default Direct access to phishing database

Re: Does Sandboxie leak temp files

Posted: Sat Sep 13, 2014 9:57 pm
by bo.elam
bjm wrote: What about the default Direct access to phishing database
I leave that on. It doesn't bother me.

Bo

Re: Does Sandboxie leak temp files

Posted: Thu Oct 02, 2014 2:57 pm
by bjm
Why does AppData populate in my FF sandbox.
Internet Access is firefox.exe | plug-in container.exe | crashreporter.exe
Still trying to understand why my Temp File Cleaner finds 20MB's from AppData\Local\Temp

Re: Does Sandboxie leak temp files

Posted: Thu Oct 02, 2014 6:34 pm
by bo.elam
For me, if I navigate my computer at the same time that I am running Firefox sandboxed, my computer looks like in your picture. But once I close Firefox and delete the sandbox, all the folders that we see in the picture are gone. Perhaps you are not deleting the sandbox.

Bo