Ransomware and close SBXIwhen last SBXI program closes?
-
- Posts: 4
- Joined: Mon Nov 09, 2015 1:22 pm
Ransomware and close SBXIwhen last SBXI program closes?
I am a new Sandboxie user and forum member. I did read the "read this first" page. And searched. This has been asked at least twice before but there were no replies.
I would like it if when the last sand boxed program closes, that Sandboxie closes.
This seems reasonable as most people don't have programs running on their computer when they are not using them.
There may be good reason to leave Sandboxie running though. I understand that RANSOMWARE does not like Sandboxie and other virtual environments and goes away without doing anything. Since ransomware is why I am here, then I would want to have/leave it running all the time.
Thoughts would be appreciated.
I would like it if when the last sand boxed program closes, that Sandboxie closes.
This seems reasonable as most people don't have programs running on their computer when they are not using them.
There may be good reason to leave Sandboxie running though. I understand that RANSOMWARE does not like Sandboxie and other virtual environments and goes away without doing anything. Since ransomware is why I am here, then I would want to have/leave it running all the time.
Thoughts would be appreciated.
Last edited by NetCentric on Mon Nov 09, 2015 1:52 pm, edited 1 time in total.
-
- Sandboxie Support
- Posts: 3523
- Joined: Thu Jun 18, 2015 3:00 pm
- Location: DC Metro Area
- Contact:
Re: Ransomware and close SBXIwhen last SBXI program closes?
You mean the SBIE Driver? There are a lot of programs "running" in the background. Antivirus, drivers, etc..etc. The SBIE icon is in the task bar area, but once you close everything that is under SBIE control, it goes idle..with just a plain yellow wedge icon. When something is running under the authority of SBIE, that wedge has red dots on it (like a pizza) and that tells you it's actively running.NetCentric wrote:I am a new Sandboxie user and forum member. I did read the "read this first" page. And searched. This has been asked at least twice before but there were no replies.
I would like it if when the last sand boxed program closes, that Sandboxie closes.
This seems reasonable as most people don't have programs running on their computer when they are not using them.
There may be good reason to leave Sandboxie running though. I understand that RANSOMWARE does not like Sandboxie and other virtual environments and goes away without doing anything. Since ransomware is why I am here, then I would want to have/leave it running all the time.
Thoughts would be appreciated.
-
- Posts: 4
- Joined: Mon Nov 09, 2015 1:22 pm
Re: Ransomware and close SBXIwhen last SBXI program closes?
Thanks for the reply Craig. I mean the SbieCtrl.exe and SbieSvc.exe running in the Windows Task Manager. I certainly appreciate that other programs like Antivirus etc. are running but those are actively doing something. If I have no programs running under Sandboxie however it is not actually doing anything (I assume).
I do understand that when the icon is in a "no pepperoni" state that there are no programs running under it but that makes me question why it needs to be running at all when that is the case.
Since Sandboxie starts up when I start programs under it I am wondering why it doesn't terminate when I close those programs. Keeping in mind my important caveat about ransomware.
Sorry if my SBXI abbreviation threw you off - I just made that up because of character limitations in the title for the post.
I do understand that when the icon is in a "no pepperoni" state that there are no programs running under it but that makes me question why it needs to be running at all when that is the case.
Since Sandboxie starts up when I start programs under it I am wondering why it doesn't terminate when I close those programs. Keeping in mind my important caveat about ransomware.
Sorry if my SBXI abbreviation threw you off - I just made that up because of character limitations in the title for the post.
Re: Ransomware and close SBXIwhen last SBXI program closes?
By using the Forced programs feature, (this feature gets unlocked when you buy a Sandboxie license), Sandboxie can get close to what you wrote. If you force most of the programs that you run on a daily basis, including the ones you use for opening attachments, Sandboxie will protect you against ramsonware. For example, if you force your PDF reader, browsers and Office programs, this programs and the files they open, will run sandboxed automatically whenever you click a file or program icon.NetCentric wrote:
There may be good reason to leave Sandboxie running though. I understand that RANSOMWARE does not like Sandboxie and other virtual environments and goes away without doing anything. Since ransomware is why I am here, then I would want to have/leave it running all the time.
Thoughts would be appreciated.
Bo
-
- Sandboxie Support
- Posts: 3523
- Joined: Thu Jun 18, 2015 3:00 pm
- Location: DC Metro Area
- Contact:
Re: Ransomware and close SBXIwhen last SBXI program closes?
@Bo beat me to the response..lol
Forced programs is a great feature...... It takes "did I open that sandboxed" 2nd thought out of it...
You can configure SBIE to start only when you want it to as well...This is closer to to maybe you want by not having SBIE running if you're not using it like you mentioned..
http://www.sandboxie.com/index.php?Freq ... dQuestions
By default Sandboxie is configured to load and start automatically. To have Sandboxie load only when you need it, make the following changes.
In Sandboxie Control, open the Configure -> Windows Shell Integration and clear the checkbox When Windows starts to stop Sandboxie Control from starting.
Open the Windows Services configuration window: Start menu -> Control Panel -> Administrative Tools -> Services. Then locate the Sandboxie Service. Double click to bring up its properties window. Set its Startup type to Manual rather than automatic.
The driver component of Sandboxie is started by the Sandboxie Service.
Therefore, setting the service to start manually, indirectly also sets the driver to start manually.
Starting Sandboxie Control will also start the service. (But note that Administrative rights are required to start a service.)
Forced programs is a great feature...... It takes "did I open that sandboxed" 2nd thought out of it...
You can configure SBIE to start only when you want it to as well...This is closer to to maybe you want by not having SBIE running if you're not using it like you mentioned..
http://www.sandboxie.com/index.php?Freq ... dQuestions
By default Sandboxie is configured to load and start automatically. To have Sandboxie load only when you need it, make the following changes.
In Sandboxie Control, open the Configure -> Windows Shell Integration and clear the checkbox When Windows starts to stop Sandboxie Control from starting.
Open the Windows Services configuration window: Start menu -> Control Panel -> Administrative Tools -> Services. Then locate the Sandboxie Service. Double click to bring up its properties window. Set its Startup type to Manual rather than automatic.
The driver component of Sandboxie is started by the Sandboxie Service.
Therefore, setting the service to start manually, indirectly also sets the driver to start manually.
Starting Sandboxie Control will also start the service. (But note that Administrative rights are required to start a service.)
-
- Posts: 4
- Joined: Mon Nov 09, 2015 1:22 pm
Re: Ransomware and close SBXIwhen last SBXI program closes?
Thanks Craig. I have set the service to start manually and tested it successfully.
As for the, "can Sandboxie terminate after all the programs opened under it terminate" part of my question I'll just leave that with you as a feature request. In answer to the question, "Why?" the reason is again simply because I don't like to have programs running if they are not actively doing something.
I guess I could write my own script to terminate all Sandboxie related services and processes etc.
Thanks again for taking the time to get back to me earlier.
As for the, "can Sandboxie terminate after all the programs opened under it terminate" part of my question I'll just leave that with you as a feature request. In answer to the question, "Why?" the reason is again simply because I don't like to have programs running if they are not actively doing something.
I guess I could write my own script to terminate all Sandboxie related services and processes etc.
Thanks again for taking the time to get back to me earlier.
Re: Ransomware and close SBXIwhen last SBXI program closes?
I second this request, I haven't bothered to find it but I recall making a similar thread when I was still a newb on btm. I'm right there with you on not wanting un-needed processes running. I've mellowed a bit on that point since I originally posted but I would still prefer to have an option to auto-close the GUI after all boxes are closed. Back then I was on a super old 32 bit machine (might have been the super old 64 bit machine with <4GB; hard to say for sure) with little RAM and it all mattered. These days it's a force of habit and a preference I haven't lost (and doubt I will). I even go so far as to NTLite a sysprepd Windows image...... I think I also had a problem (hasn't gone away but I've compensated) with the (IMO) ugly icon... used to /bug peter about that little opinion all the time. In fact my first post may have been about the icon, hmm...
Anyhow, if the devs were kind enough to move the deletion routine to the (original/real) sbiesvc instead of sbiectrl that would allow (those of) us (bothered by it) to never even need the GUI running unless we are making rule changes or experience problems!
[On a side note there's still a delete (sortof) bug when a program is started using runas, sbiectrl doesn't try to delete the correct box path, SBIE handles it just fine in every other instance...but here it uses the path from the user sbiectrl is running under. The workaround I STILL use is to define my own sandbox folder path without the user variable. /bug /bug /bug]
So if such a change was made we could disable the 'when a program starts in the sandbox' option and never load/see the gui unless we needed it for something. I think the border/outline may also have been handled there, but it's been a while and my memory stinks so don't take my word on that.
Anyhow, if the devs were kind enough to move the deletion routine to the (original/real) sbiesvc instead of sbiectrl that would allow (those of) us (bothered by it) to never even need the GUI running unless we are making rule changes or experience problems!
[On a side note there's still a delete (sortof) bug when a program is started using runas, sbiectrl doesn't try to delete the correct box path, SBIE handles it just fine in every other instance...but here it uses the path from the user sbiectrl is running under. The workaround I STILL use is to define my own sandbox folder path without the user variable. /bug /bug /bug]
So if such a change was made we could disable the 'when a program starts in the sandbox' option and never load/see the gui unless we needed it for something. I think the border/outline may also have been handled there, but it's been a while and my memory stinks so don't take my word on that.
Goo.gl/p8qFCf
-
- Posts: 4
- Joined: Mon Nov 09, 2015 1:22 pm
Re: Ransomware and close SBXIwhen last SBXI program closes?
Upon searching further through the history of this forum I found several requests for this and the admins/devs never actually respond in any definitive way to any of them. So I built my own little script... this is for Firefox but you can get the idea from here.Syrinx wrote:I second this request...
To begin with I have the Sandboxie service set to manual. After using it (for Firefox or anything else) I run this script.
This first kills Firefox and any related tasks and then after a pause it deletes everything from the sandbox. Then it terminates the service and then deletes any Sandboxie folders or shortcuts that might be left over.
@echo off
taskkill /im FlashPlayerPlugin_19_0_0_226.exe /f >nul 2>&1
taskkill /im plugin-container.exe /f >nul 2>&1
taskkill /im firefox.exe /f >nul 2>&1
timeout /t 10 /nobreak
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_phase1
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_phase2
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_silent_phase1
"C:\Program Files\Sandboxie\Start.exe" delete_sandbox_silent_phase2
net stop SbieSvc
RD /s /q "C:\Sandbox\"
DEL "C:\Users\Rick\Desktop\Sandboxed Web Browser.lnk"
REM exit
REM Pause
I made a shortcut, gave it a nice icon and have this on a toolbar so with one click it's done.
-
- Sandboxie Lead Developer
- Posts: 1638
- Joined: Fri Jan 17, 2014 5:21 pm
- Contact:
Re: Ransomware and close SBXIwhen last SBXI program closes?
If you want to start an application with no Sbie ctrl, you can use the start.exe option /nosbiectrl.
If you want to terminate everything running in Sbie, use option /terminate_all.
If you want to terminate everything running in Sbie, use option /terminate_all.
Re: Ransomware and close SBXIwhen last SBXI program closes?
Yeah but then the auto-delete function doesn't work. Haven't tested that comment in the latest version but that was true for 4.x versions and I don't recall seeing anything about changes being made to it. Not a huge deal (It only takes 14-15MB of RAM and 115 handles-pretty low), I've learned to live with it being in my tray but I'd still prefer not to need it. I think the most interaction I have with the gui these days is to terminate a sandbox or reload my ini after I edit it.Curt@invincea wrote:If you want to start an application with no Sbie ctrl, you can use the start.exe option /nosbiectrl.
If you want to terminate everything running in Sbie, use option /terminate_all.
Goo.gl/p8qFCf
Who is online
Users browsing this forum: No registered users and 0 guests