Sandboxie Support

Hello Forum'
Wondering does sandboxed browser leak AppData\Local\**** files
I can be browsing for a few hours ...not empty my sandbox.
Run my third party temp file cleaner and tracks eraser and always find 3 MB's of temp files and 30 tracks.
After I dump my browser sandbox and run third party temp file cleaner and tracks eraser.
I find the same 3 MB's of temp files to be cleaned and the same 30 tracks to be erased.
How is it that my third party app can reach into my sandbox before I dump it.

Thanks

There are many Sandboxie templates that make use of Direct File Access for files underneath the %Local Appdata% folder, thus allowing files to be saved out of the sandbox to various sub-folders.
I can only assume that you're using one of those templates.

You can see which templates make use of that Direct Access setting by searching for "%Local Appdata%" in the templates.ini file, in Sandboxie's program files folder.

Guest10 wrote:There are many Sandboxie templates that make use of Direct File Access for files underneath the %Local Appdata% folder, thus allowing files to be saved out of the sandbox to various sub-folders.
I can only assume that you're using one of those templates.

Hi Guest10
Thanks for pointing me to templates.ini file. I had never looked in it before.
But, http://www.glarysoft.com/glary-utilities-pro/ is not listed
I run the temp cleaner and track eraser directly before opening sandbox'd FF.
Close sandbox'd FF | Do not manually dump sand | run temp cleaner and tracks eraser | dump sand | re-run temp cleaner and tracks eraser | same findings as before I dumped sand.
So, in your best guesstimate by running a scan w Glary. Glary is pulling from AppData\Local | AppData\Roaming which is not by default held in the sandbox.
I really don't understand what's happening. Do I have a hole in my sandbox that needs patching.
I presumed that my utility cleaner would not find anything while sand is not dumped or after sand is dumped.
Where does the sand go when dumped.
Why do you imagine my utility cleaner pulls the same files and folders MB's contained in the sandbox.
Is AppData contained in the sandboxed or is AppData allowed to write to my HD
Is this normal
Thanking you in advance
bjm

bjm wrote:But, http://www.glarysoft.com/glary-utilities-pro/ is not listed

No it wouldn't have any template there, since it wouldn't need a template unless you were running Glary Utilities sandboxed (I assume it's not being run sandboxed).

bjm wrote: I run the temp cleaner and track eraser directly before opening sandbox'd FF.
Close sandbox'd FF | Do not manually dump sand | run temp cleaner and tracks eraser | dump sand | re-run temp cleaner and tracks eraser | same findings as before I dumped sand.
So, in your best guesstimate by running a scan w Glary. Glary is pulling from AppData\Local | AppData\Roaming which is not by default held in the sandbox.

Without seeing the file names I can't say if it's some setting that you have for Firefox or if it's just Windows writing files there.
The Firefox phishing template allows Firefox to write to folders under %AppData% and %Local AppData%, but those files should also be underneath a folder with the name "Mozilla" in it.
Don't forget that the sandboxed program may not be writing outside of the sandbox but Windows does do a lot of writing, as mentioned under Privacy Concerns.
http://www.sandboxie.com/index.php?PrivacyConcerns

bjm wrote:Where does the sand go when dumped.

When the sandbox contents are deleted they bypass the Recycle Bin, just as what would happen if a DOS or batch file did the deleting or if you hold down the <shift> key while deleting a file in Windows Explorer. Windows System Restore can save copies of some of the files if it's turned-on, but that doesn't save them underneath the %Local AppData% folder - so that's not likely the source of those files.

Thanks I resolved my Topic
AppData = Open File Path
Don't remember adding AppData to Direct Access

Cheers

Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?

bjm wrote:Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?

If you don't know the reason or remember why your DefaultBox has Direct access to AppData, remove the setting. Thats what I would do. I have never allowed Direct access to AppData or the entire Firefox profile folder but if you are allowing access to either folder, you should expect to see files written out of the sandbox.

Bo

bo.elam wrote:

bjm wrote:Still do not understand why AppData local and roaming are not dumped and why my default box has Direct access to AppData
My Firefox Profile is stored in AppData. So, maybe that's why?

If you don't know the reason or remember why your DefaultBox has Direct access to AppData, remove the setting. Thats what I would do. I have never allowed Direct access to AppData or the entire Firefox profile folder but if you are allowing access to either folder, you should expect to see files written out of the sandbox. Bo

Anyway, I created a Firefox sandbox wo AppData Direct access and I've been testing it for a few days.
Dumping a larger sandbox
What about the default Direct access to phishing database

bjm wrote: What about the default Direct access to phishing database

I leave that on. It doesn't bother me.

Bo

Why does AppData populate in my FF sandbox.
Internet Access is firefox.exe | plug-in container.exe | crashreporter.exe
Still trying to understand why my Temp File Cleaner finds 20MB's from AppData\Local\Temp

For me, if I navigate my computer at the same time that I am running Firefox sandboxed, my computer looks like in your picture. But once I close Firefox and delete the sandbox, all the folders that we see in the picture are gone. Perhaps you are not deleting the sandbox.

Bo