Sandboxie can't open the program. Sandbox for windows. Running suspicious files

Recently, cyber criminals have become so inventive that reports of virus epidemics are not surprising and have become, in general, commonplace. However, seeing news about the distribution of a new Trojan on 3DNews is one thing, but finding this very Trojan on your computer is quite another. You can find a lot of advice on the Internet on how to avoid becoming a victim of scammers: from using modern versions of software that have all known vulnerabilities closed, to having a reliable, modern security solution on your computer.

However, in some cases, even the most reliable firewall and the smartest antivirus cannot save the user from infection. This happens when the program protecting the computer is not sure of the malicious action of the application being launched or the script running on the web page, as a result of which it leaves the decision to allow the action to the user. You may well decide that the antivirus is overly suspicious or simply, after thinking, click on the “OK” button, thereby allowing the execution of malicious code.

What to do? Is it really because of the possibility of picking up a Trojan that it is better not to launch new applications, and to give up web surfing altogether? There is an excellent solution that for many can be an excellent addition to all the means to protect your computer from pests. We are talking about working with applications in a sandbox.

A sandbox is an isolated environment that has a small amount of hard drive space and is independent of the actual operating system. When you run a program in a sandbox, it operates just like a regular application, but it cannot affect any system components that are outside the sandboxed environment. This means that from the sandbox it is impossible to make changes to the system registry, replace system files, or perform any other actions that may affect the stability of the system. Thanks to this, the sandbox can be used to surf the Internet safely and to run unknown applications. Such an isolated environment can also be used for other applications - for example, programmers and testers can run unstable versions of programs in it.

⇡ "Sandbox" in Kaspersky Internet Security 2010

The fact that working with applications in the sandbox can be useful to a wide range of users is evidenced by the fact that the corresponding feature appeared in the Kaspersky Internet Security program last year. Users of this security suite can run suspicious applications in a sandboxed environment if they open them using the Windows context menu option "Run in a secure environment." For clarity, the window of a program running in an isolated environment will be surrounded by a green frame.

Kaspersky Internet Security also allows you to create a list of programs that can be potentially dangerous to work with (you can include, for example, a browser). To do this, you need to open the “Application Control” section in the application settings and use the “Add” button to add the program to the list. If you then open the program from the Kaspersky Internet Security window, it will work in an isolated environment. This function is convenient to use, say, if during a browser session you plan to visit sites that may contain suspicious code. In addition, such a function can be a good replacement for the privacy mode that has appeared in the latest versions of popular browsers.

It is worth noting, however, that Kaspersky Internet Security provides only the most basic capabilities for running programs in the sandbox. Specialized applications have much more capabilities. Let's look at some popular programs designed to work in an isolated environment.

⇡ Sandboxie 3.44

Developer: Ronen Tzur
Distribution size: 1.6 MB
Distribution: shareware
Russian interface: yes

Sandboxie is, without a doubt, the most famous sandbox solution. The program uses the classic method of protection; the application specified by the user is placed in an isolated environment, as a result of which it cannot influence the operation of the system. Interestingly, Sandboxie was designed for use with the Internet Explorer browser, which is one of the most popular targets of cyber criminals. However, Sandboxie can now work with almost any Windows application.

One of the features of Sandboxie that distinguishes it from many other similar programs is the ability to create an unlimited number of sandboxes. In this case, the user can create a list of applications that will be launched in each of them. By default, the program itself creates a sandbox called DefaultBox, so you can start working with Sandboxie immediately after installation. To open a program or document in a sandboxed environment, select the "Run in sandbox" command that appears in the Windows context menu.

If you create additional sandboxes in the future, you can ask the program to open files and applications in a sandbox other than DefaultBox. To do this, select "Sandboxie Start Menu" from the Start menu and change the default sandbox.

You can run applications in an isolated environment not only from the context menu, but also directly from the Sandboxie window. To do this, you need to right-click on the name of the “sandbox” and select the appropriate command (this menu is also available when you click on the Sandboxie icon in the system tray).

By the way, to speed up the selection, you can use the “Launch Web browser” and “Launch email client” commands, which open applications installed on the system by default. Using the sandbox context menu, you can perform other commands, such as closing all sandboxed applications with a single click, viewing the contents of sandboxes, or deleting them completely.

In order to quickly identify a program that is running in an isolated environment, Sandboxie provides a special command “Window in a sandbox?”, when selected, a special crosshair appears on the screen, and by dragging it onto the desired window, you can obtain information about the status of the program.

However, if the sandbox works with default parameters, then this tool is not needed, since a [#] icon appears next to the application name in the header. If for some reason you need to disable the display of the icon in the header, this can be done in the sandbox settings. In addition, you can add the name of the “sandbox” to the window title, and also draw a thin frame of any color around the window, which will help you more clearly determine whether it belongs to it.

By accessing other sandbox settings, you can flexibly configure access permissions to different resources. Thus, you can determine which files and folders access will be blocked, which programs will be able to access read-only, and also configure interaction with system registry keys.

If necessary, in the sandbox settings you can specify applications that will be forced to launch in it. In other words, when you run the specified file, Sandboxie will intercept the application and prevent it from running normally. The program allows you to specify not only individual executable files, but also folders from which they will open in a safe environment when you launch any applications. The latter feature can, for example, be used to launch new programs that have been downloaded from the Internet to the Downloads folder.

⇡ BufferZone Pro 3.31

Developer: Trustware
Distribution size: 9.2 MB
Distribution: shareware
Russian interface: no

BufferZone Pro is another good solution for running applications in an isolated environment. Although the program can run a variety of applications in the sandbox, it is designed primarily to work with browsers, IM clients, peer-to-peer file sharing programs, and other Internet software. This is evidenced by the fact that BufferZone initially has a fairly extensive list of applications that run in safe mode by default. Among them are Mozilla Firefox, Google Chrome, ICQ, BitComet, Skype, GoogleTalk and others. The user can edit this list at his own discretion, adding additional programs to it and removing unnecessary ones.

Similar to the utility discussed above, BufferZone can monitor all applications that run on the computer and redirect them to the sandbox. BufferZone can also block the launch of any unknown programs.

Unlike Sandboxie, this program does not provide the ability to create multiple sandboxes. The windows of all programs running in the sandbox are surrounded by a red frame. You can also see which programs are currently running in the sandbox in the main BufferZone window. Brief statistics about the operation of programs in an isolated environment are also displayed. BufferZone not only counts how many actions were performed by such applications, but also keeps a record of potentially dangerous operations on the system, as well as security threats that were prevented.

In the event that a sandboxed program executes malicious code or other destructive actions, you can quickly delete all data associated with applications running in the sandboxed environment. In addition, it is possible to automatically clear such data according to a user-defined schedule.

BufferZone also has some additional features that are not directly related to the organization of the sandbox, but help to increase the overall level of computer security. Thus, using the program, you can prohibit opening files from external hard drives, DVDs and USB drives, or allow working with such data only in an isolated environment.

In conclusion, we note that in addition to the paid version of BufferZone Pro, there is also a free edition of the program. It implements a number of limitations, for example, it is not possible to create a snapshot of the virtual environment and restore data stored in it. In addition, the free version has fewer applications for which protection is enabled by default.

⇡ Conclusion

When choosing a specialized program for running applications in a sandbox, you need to keep in mind that there are two main approaches to organizing an isolated environment. In the first case, a “sandbox” is created for applications specified by the user, and during one session of working at the computer, he uses both programs that run in an isolated environment and those that run in normal mode. Programs that use this approach to organizing system protection were discussed in this article.

However, such a solution is not always acceptable. There is a second approach to organizing software operation in an isolated environment, which involves creating a “sandbox” the size of the entire operating system. In this case, an image of a working system is created, after which the user begins to work with it, and not with the real environment. All actions performed by it are saved only until a reboot, and after it is completed, the system returns to its original state. This solution is convenient to use on public PCs, for example, in Internet cafes, computer classes, etc. We will talk about programs that can be used to organize such protection in the second part of the article.

So we decided to briefly touch on this topic.

Essentially, a “sandbox” is an isolated software environment with strictly limited resources for executing program code within this environment (in simple terms, running programs). In a way, a “sandbox” is a stripped-down sandbox designed to isolate dubious processes for security purposes.

Some good antiviruses and firewalls (though, as a rule, in their paid version) use this method without your knowledge, some allow you to manage this functionality (since it still creates unnecessary resource consumption), but there are also programs that allow implement similar functionality.

We will talk about one of these today.

Sandboxie - overview, setup and download

As you understand from the title and subtitle, we will talk about the program Sandboxie.

Unfortunately, it is shareware, but the same free period will help you get to know this type of tools better, which, perhaps, in the future will push you to study in more detail, which, for the most part, exists in a free form and provides more opportunities .

Next, you will be offered to take a short course on working with the program, or rather, they will tell you a little about how it works. Go through all six steps, preferably carefully reading what is written in the instructions provided to you.

Do you want to know and be able to do more yourself?

We offer you training in the following areas: computers, programs, administration, servers, networks, website building, SEO and more. Find out the details now!

In short, in essence, you can run any program within an isolated environment. The instructions, if you have read them, contain a fairly good metaphor on the topic that, in essence, a sandbox is a piece of transparent paper placed between the program and the computer, and deleting the contents of the sandbox is somewhat similar to discarding a used sheet of paper and its contents, with, logically, subsequent replacement with a new one.

How to set up and use a sandbox program

Now let's try to understand how to work with this. To begin with, you can try running, say, a browser in a sandbox. To do this, in fact, either use the shortcut that appears on your desktop, or use the menu items in the main program window: " DefaultBox - Run in sandbox - Launch Web browser", or, if you want to launch a browser that is not installed on the system as the default browser, then use the item " Run any program" and specify the path to the browser (or program).

After this, the browser itself will be launched in the sandbox and you will see its processes in the window Sandboxie. From this moment on, everything that happens happens in, as has already been said many times, an isolated environment and, for example, a virus that uses the browser cache as an element to penetrate the system, in fact, will not be able to really do anything, because after finishing working with the isolated environment.. You can clean it up by throwing out, as the metaphor said, the scribbled sheet of paper and moving on to a new one (without in any way affecting the integrity of the computer as such).

To clear the contents of the sandbox (if you don’t need it), in the main program window or in the tray (this is where the clock and other icons are) use the item " DefaultBox - Delete content".

Attention! Will be deleted just that part, that was written and worked in an isolated environment, i.e., let’s say, the browser itself, will not be deleted from the computer, but transferred to it.. mmm.. relatively speaking, a copy of the process, a created cache, saved data (like downloaded/created files) etc. will be deleted if you do not save them.

To better understand the principle of operation, try launching the browser and other software in the sandbox several times, downloading various files and deleting/saving the content after finishing working with this sandbox, and then, for example, launching the same browser or program directly on the computer. Believe me, you will understand the essence in practice better than it can be explained in words.

By the way, by right-clicking on a process in the list of processes in the window Sandboxie You can control access to various computer resources bypassing the sandbox by selecting " Access to resources".

Roughly speaking, if you want to take a risk and give, for example, Google Chrome, direct access to any folder on your computer, then you can do this on the appropriate tab ( File Access - Direct/Full Access) using the " button Add".

It is logical that the sandbox is intended not only and not so much for working with a browser and visiting various dubious sites, but also for launching applications that seem suspicious to you (especially, for example, at work (where they often launch dubious files from mail or flash drives) and/or should not have access to the main resources of the computer and/or leave unnecessary traces there.

By the way, the latter can be a good element for protection, that is, for running any application, the data of which must be completely isolated and deleted upon completion.

Of course, it is not necessary to delete data from the sandbox upon completion and work with some programs only in an isolated environment (progress is remembered and there is the possibility of quick recovery), but whether to do this or not is up to you.

When you try to launch some programs, you may encounter the above problem. Don't be afraid of it, it's enough, for starters, just to press " OK", and, later, open the sandbox settings using the " DefaultBox - Sandbox settings" and on the tab " Transferring files" set a slightly larger size for the file transfer option.

We won’t talk about other settings now, but if they are interesting to you, then you can easily figure them out on your own, fortunately everything is in Russian, it’s extremely clear and accessible.. Well, if you have questions, you can ask them at comments to this entry.

Now, perhaps, we can move on to the afterword.

Afterword

Oh yes, we almost forgot, of course, that the sandbox consumes an increased amount of machine resources, because it bites off (virtualizes) part of the capacity, which, naturally, creates a load that is different from running it directly. But, logically, security and/or privacy might be worth it.

By the way, the use of sandboxes, chroot or virtualization, partly relates to the antivirus-free security methodology we use.

That's probably all for now. As always, if you have any questions, thoughts, additions, etc., please feel free to comment on this post.

It is a mistake to believe that the built-in protection of the operating system, antivirus or firewall will completely protect against malware. However, the harm may not be as obvious as in the case of viruses: several applications can slow down Windows and lead to various kinds of anomalies. Over time, the consequences of uncontrolled processes from “amateur” software make themselves felt, and uninstallation, deleting registry keys and other cleaning methods no longer help.

In such situations, sandbox programs, which are the subject of this review, can play an excellent role. The operating principle of sandboxes is partly comparable to virtual machines (Oracle VM VirtualBox, etc., VMware Virtualization). Thanks to virtualization, all processes initiated by the program are executed in a sandbox - an isolated environment with strict control of system resources.

This method of code isolation is quite actively used in antivirus software (KIS 2013, avast!), in programs such as Google Chrome (Flash runs in the sandbox). However, one should not conclude that sandbox programs are a complete guarantee of security. This is just one of the effective additional means to protect the OS (file system, registry) from external influences.

A review of the program for creating a virtual environment has already been published on the site. Today we will consider other applications, in a broader sense: these are not only desktop solutions, but also cloud services that improve not only security, but also anonymity, making it possible to run from removable media, from another computer.

Sandboxie

Developer Ronen Tzur compares the action of the Sandboxie program to an invisible layer applied on top of paper: any inscription can be applied to it; When the protection is removed, the sheet will remain untouched.

There are 4 main ways to use sandboxes in Sandboxie:

Protected Internet surfing
Improved privacy
Secure email correspondence
Keeping the OS in its original state

The last point implies that in the sandbox you can install and run any client applications - browsers, IM messengers, games - without affecting the system. Sandboxie controls access to files, disk devices, registry keys, processes, drivers, ports, and other potentially unprotected sources.

First of all, SandboxIE is useful because it allows the user to flexibly configure sandboxes and privileges using the Sandboxie Control shell. Here, through the context and main menus, basic operations are available:

Starting and stopping programs under Sandboxie control
Viewing files inside the sandbox
Restoring necessary files from the sandbox
Deleting all work or selected files
Creating, deleting and configuring sandboxes

To run a program in a sandbox, simply drag the executable file into the Sandboxie Control window, into the sandbox created by default. There are other ways - for example, the Windows Explorer menu or the notification area. The program window running in the emulated environment will have a yellow frame and a hash mark (#) in the title bar.

If, when working with an isolated program, you need to save the results to disk, any desired source is specified - the files will be placed in the sandbox folder, while it will not be at the specified address, outside the sandbox. To “real” transfer files from the sandbox, you should use the recovery option. There are two types of them - fast or immediate, in both cases, before starting the program in the sandbox, you need to configure the folders for recovery (“Sandbox Settings - Recovery”).

More detailed access settings are located in the “Restrictions” and “Access to Resources” sections. They may be required if the application cannot run without certain privileges (requires a certain system library, driver, etc.). In “Restrictions,” in relation to programs or groups, access to the Internet, hardware, IPC objects, and low-level access is configured. In “Access to resources” - the corresponding settings for files, directories, the registry and other system resources.

Also in the Sandboxie settings there is an important “Applications” section, where groups of programs are collected that have access to the specified resources. Initially, all elements of the list are deactivated; to apply changes for a specific application, you need to mark it in the list and click the “Add” button.

Thus, you can create sandboxes with different parameters. You are allowed to clone the configuration of an existing sandbox; to do this, when creating a new one, you need to select from the drop-down list the environment from which you want to transfer the settings.

Summary

Using the Sandboxie application, you can create virtual environments of any configuration, without restrictions for the user. Sandboxie provides a large number of settings for both individual applications and sandboxes.

[+] Flexible configuration of each sandbox
[+] Creating rules for a group of programs
[−] Distributions cannot be created
[−] Lack of setup wizard

Evalaze

It is symbolic that Evalaze originates from the Thinstall 2007 program, currently from VMware.

Evalaze is not as well known as Sandboxie among sandbox programs, but it has a number of interesting features that make it stand out from a number of similar solutions. Thanks to virtualization, applications can be launched in a standalone environment from any computer, regardless of the availability of drivers, libraries, or newer versions of the application being launched. This does not require any preliminary configuration or additional configuration files or libraries or registry keys.

Evalaze does not require installation, one caveat: to work you will need Microsoft .NET Framework version 2.0 or higher. In the free version, as well as in the professional edition, a virtualization setup wizard and an unlimited number of virtual applications are available. You can download the trial version from the developers’ website only upon request (see developers’ email on the website).

The resulting configuration can be saved to a project. From start to finish, the process of setting up a virtual application takes longer than, say, Sandboxie, but it is more consistent and understandable.

It is worth noting two additional features of Evalaze that will likely be of interest to software developers and testers: it works with a virtual file system and a virtual registry. These autonomous Evalaze environments can be edited at your discretion by adding files, directories, keys necessary for the functioning of a particular virtual program.

You can also configure associations out of the box in Evalaze: when launched, the virtual application will immediately create the necessary associations with files in the OS.

Summary

A program with which you can create stand-alone applications that are convenient to use in all sorts of situations, which generally facilitates migration, compatibility, and security. Alas, the free version is practically useless, it is only interesting for a very superficial study of Evalaze's functions.

[−] Low-functional trial version
[−] High price of the Pro version
[+] There is a setup wizard
[+] Virtual file system and registry

Enigma Virtual Box

Enigma Virtual Box is designed to run applications in an isolated virtual environment. The list of supported formats includes dll, ocx (libraries), avi, mp3 (multimedia), txt, doc (documents), etc.

Enigma Virtual Box models the virtual environment around an application as follows. Before the application starts, the Virtual Box loader is triggered, which reads the information that is necessary for the program to work: libraries and other components - and provides them to the application instead of system ones. As a result, the program works autonomously in relation to the OS.

Configuring sandboxes Sandboxie or Evalaze, as a rule, takes about 5 minutes. At first glance, Virtual Box also does not require lengthy setup. In the documentation, the use of the program is actually contained in one sentence.

There are only 4 tabs - “Files”, “Registry”, “Containers” and, in fact, “Options”. You need to select the executable file, specify the location of the final result and start processing. But later it turns out that you need to create a virtual environment yourself. For this purpose, the three adjacent sections “Files”, “Registry” and “Containers” are intended, where the necessary data is manually added. Then you can click processing, run the output file and check the functionality of the program.

Summary

Thus, Enigma Virtual Box does not analyze the OS before and after installing the application, as is the case with Evalaze. The emphasis is shifted towards development - therefore, rather, Virtual Box is useful for testing, checking compatibility, and creating artificial conditions for running a program. Virtualization of unknown applications will cause difficulties, since the user will be forced to specify all the program connections independently.

[−] Lack of convenient settings
[+] The resources used by the program can be determined independently

Cameyo

Cameyo offers application virtualization in three areas: business, development and personal use. In the latter case, the sandbox can be used to save the OS in a “clean” state, store and run applications on removable media and in cloud services. In addition, several hundred already configured virtual applications are published on the cameyo.com portal, which also saves the user’s time.

The steps for creating a virtual application are similar to Enigma Virtual Box: first, a snapshot of the system is created before installation, then after it. Changes between these states are taken into account when creating the sandbox. However, unlike Virtual Box, Cameyo synchronizes with a remote server and publishes the application to cloud storage. Thanks to this, applications can be launched on any computer with granted access to the account.

Through the Library, you can download popular system applications (Public Virtual Apps) for subsequent launch: archivers, browsers, players and even antiviruses. When starting, you are asked to select an executable file and indicate whether it is stable or not (which, apparently, is somehow taken into account by the Cameyo gallery moderators).

Another interesting possibility is creating a virtual application via . The installer can be downloaded from your computer or you can specify the file URL.

The conversion process is said to take from 10 to 20 minutes, but often the waiting time is several times less. Upon completion, a notification is sent by email with a link to the published package.

Email notification about distribution creation

With all the conveniences of the cloud, there are two important things to note. First: each program is updated over time, and the library contains quite outdated copies. The second aspect: applications added by users may run counter to the license of a particular program. This must be understood and taken into account when creating custom distributions. And third, no one can guarantee that the virtual application posted in the gallery has not been modified by an attacker.

However, speaking of security, Cameyo has 4 modes of application operation:

Data mode: the program can save files in the Documents folder and on the Desktop
Isolated: The file system and registry are not writable
Full access: free access to the file system and registry
Customize this app: modifying the launch menu, choosing where to store the program, etc.

Summary

A convenient cloud service that you can connect to on any computer, allowing you to quickly create portable applications. Setting up sandboxes is kept to a minimum, not everything is transparent with virus checking and security in general - however, in this situation, the advantages can compensate for the disadvantages.

[+] Network synchronization
[+] Access to custom applications
[+] Creating virtual applications online
[−] Lack of sandbox settings

Spoon.net

Spoon Tools is a set of tools for creating virtual applications. In addition to the professional environment, spoon.net deserves attention as a cloud service that integrates with the Desktop, allowing you to quickly create sandboxes.

To integrate with the Desktop, you need to register on the spoon.net server and install a special widget. After registration, the user has the opportunity to download virtual applications from the server through a convenient shell.

Four features brought by the widget:

Create sandboxes for files and applications
Cleaning up your desktop using shortcuts and quick launch menus
Safely test new applications, run legacy versions over new ones
Undoing changes made by the sandbox

Quick access to the spoon.net widget is possible using the Alt + Win key combination. The shell includes a search bar and also a console. It searches for applications on the computer and on the web service.

Organization of the desktop is very convenient: you can drag and drop the necessary files onto the virtual desktop, which will be synchronized with spool.net. New sandboxes can be created in just two clicks.

Of course, in terms of setting up sandboxes, Spoon cannot compete with Sandboxie or Evalaze for the reason that they are simply not present in Spoon. You cannot set restrictions or convert a “regular” application into a virtual one. The Spoon Studio complex is designed for these purposes.

Summary

Spoon is the “cloudest” shell for working with virtual applications and, at the same time, the least customizable. This product will appeal to users who care not so much about security through virtualization, but rather about the convenience of working with the necessary programs everywhere.

[+] Integration of the widget with the Desktop
[+] Quick creation of sandboxes
[−] Lack of settings to limit virtual programs

Pivot table

Program/service	Sandboxie	Evalaze	Enigma Virtual Box	Cameyo	Spoon.net
Developer	Sandboxie Holdings LLC	Dogel GmbH	The Enigma Protector Developers Team	Cameyo	Spoon.net
License	Shareware (€13+)	Freeware/Shareware (€69.95)	Freeware	Freeware	Free (Basic account)
Adding applications to the sandbox	+	−	−	−	−
Personalization (creating shortcuts, integration into menus)	+	+	−	+	+
Setup Wizard	−	+	+	+	−
Creating new virtual applications	−	+	+	+	−
Online synchronization	−	−	−	+	+
Setting Sandbox Privileges	+	+	+	+	−
Analysis of changes when creating a sandbox	+	+	−	+	−

Good day, dear friends, acquaintances, readers, admirers and other individuals.

In addition to all sorts of antiviruses, firewalls, traps, noscripts, ublocks and a bunch of miscellaneous settings, among the security elements there are such things as “sandboxes”, and since you have long asked for an article about this, we decided to briefly touch on this topic.

Essentially, a “sandbox” is an isolated software environment with strictly limited resources for executing program code within this environment (in simple terms, running programs). In a way, a “sandbox” is a kind of stripped-down virtualization designed to isolate questionable processes for security purposes.

We will talk about one of these today.

As you understand from the title and subtitle, we will talk about the Sandboxie program.

Unfortunately, it is shareware, but the same free period will help you get to know this type of tools better, which, perhaps, will push you in the future to study virtualization in more detail, which, for the most part, exists in a free form and provides more opportunities.

You can download Sandboxie from the developer’s website or, for example, from this link. Installation is almost elementary, except for the moment when you need to install the driver (see screenshot below).

At this stage, it is better to disable any protection elements (i.e. antiviruses and firewalls), otherwise, if this step fails and the computer hangs, reboots or goes into BSOD, you may need to boot into safe mode and remove the program without the possibility of further use.

After installation, the program itself must be launched. It is possible that you will encounter the notification shown above. There's nothing wrong with it, just click "OK".

Back to contents

How to set up and use a sandbox program

Now let's try to understand how to work with this. To begin with, you can try running, say, a browser in a sandbox. To do this, in fact, either use the shortcut that appears on your desktop, or use the menu items in the main program window: “DefaultBox - Launch in sandbox - Launch Web browser,” or, if you want to launch a browser that is not installed on the system as the default browser, then use the “Run any program” item and specify the path to the browser (or program).

After this, the browser itself will be launched in the sandbox and you will see its processes in the Sandboxie window. From this moment on, everything that happens happens in, as has already been said many times, an isolated environment and, for example, a virus that uses the browser cache as an element to penetrate the system, in fact, will not be able to really do anything, because after finishing working with the isolated environment.. You can clean it up by throwing out, as the metaphor said, the scribbled sheet of paper and moving on to a new one (without in any way affecting the integrity of the computer as such).

To clear the contents of the sandbox (if you don’t need it), in the main program window or in the tray (this is where the clock and other icons are) use the “DefaultBox - Delete contents” item.

Attention! Only that part that was written and worked in an isolated environment will be deleted, i.e., let’s say, the browser itself will not be deleted from the computer, but the transferred to it.. mmm.. relatively speaking, a copy of the process, the created cache, the saved data ( like downloaded/created files) etc. will be deleted if you do not save them.

By the way, by right-clicking on a process in the list of processes in the Sandboxie window, you can control access to various types of computer resources, bypassing the sandbox, by selecting “Access to resources”.

Roughly speaking, if you want to take a risk and give, for example, Google Chrome, direct access to any folder on your computer, then you can do this on the corresponding tab (File Access - Direct/Full Access) using the "Add" button ".

It is logical that the sandbox is intended not only and not so much for working with a browser and visiting various dubious sites, but also for launching applications that seem suspicious to you (especially, for example, at work (where permissions for launching applications are often poorly configured), launch dubious files from mail or flash drives) and/or should not have access to the main computer resources and/or leave unnecessary traces there.

By the way, the latter can be a good element for protecting confidentiality, that is, for running any application, the data of which must be completely isolated and deleted upon completion of work.

When you try to launch some programs, you may encounter the above problem. Don’t be afraid of it, just start by clicking “OK”, and then open the sandbox settings using the “DefaultBox - Sandbox Settings” method and on the “File Transfer” tab set a slightly larger size for the file transfer option.

Now, perhaps, we can move on to the afterword.

By the way, the use of sandboxes, chroot or virtualization, partly relates to the anti-virus security methodology that we teach as part of our training packages.

That's probably all for now. As always, if you have any questions, thoughts, additions, etc., please feel free to comment on this post.

sonikelf.ru

How to safely run a program in Sandboxie

Every day, users in search of various information are faced with the need to download and launch many files. The consequences are difficult to predict, because even on official resources there are installation files containing unwanted software. Sandbox is an ideal way to protect the operating system from unauthorized influence and installation of malware, advertising shortcuts and toolbars. But not every sandbox is distinguished by the reliability of the isolated space.

Sandboxie is the undisputed favorite among such software. This sandbox allows you to run any file inside it and destroy all traces of it in just a few clicks.

Download Sandboxie

To most accurately describe how Sandboxie works inside a sandbox, it will install a program that has unwanted software built into its installation file. The program will function for some time, then all traces of its presence will be completely destroyed. The sandbox settings will be set to standard values.

1. From the official website of the developer, you need to download the installation file of the sandbox itself.

2. After downloading, you need to run the installation file and install the program. After installing it, the “Run in sandbox” option will appear in the right-click context menu.

3. As a “guinea pig” we use the Iobit Uninstaller program, which during the installation process offers to supplement the operating system with optimizers from the same developer. Instead, there can be absolutely any program or file - all the points listed below are identical for all options.

4. Right-click on the downloaded installation file and select Run in sandbox.

5. By default, Sandboxie will offer to open the program in a standard sandbox. If there are several of them, for different needs, select and click OK.

6. The normal installation of the program will begin. There is only one feature - from now on, every process and every file, be it temporary or system, that will be created by the installation file and the program itself, is located in an isolated space. Whatever the program installs and downloads, nothing will come out. Don't forget to tick all the advertising boxes - we have nothing to fear!

7. During the installation process, an icon for the program’s internal Internet downloader will appear in the desktop tray, which downloads everything that we have noted for installation.

8. The sandbox prevents the launch of system services and changes in root parameters - not a single malware will be able to get out, remaining inside the sandbox.

9. A distinctive feature of a program running in a sandbox is that if you hover the pointer over the top of the window, it will be highlighted with a yellow frame. In addition, on the taskbar this window is marked with a hash mark in square brackets in the title.

10. After the program is installed, you need to be curious about what happened in the sandbox. Double-click on the yellow sandbox icon near the clock - the main program window opens, where we immediately see our standard sandbox.

If you expand it, you will see a list of processes that work inside. Right-click on the sandbox - Delete sandbox. In the window that opens, we see quite stunning data - one seemingly small program has created more than five thousand files and folders and occupied more than two hundred megabytes of system disk memory, while installing maybe even more than one unwanted program.

Particularly distrustful users, of course, will frightenedly start looking for these files on the system drive in the Programm Files folder. This is where the most interesting thing is - they won’t find anything. All this data was created inside the sandbox, which we will clear right now. In the same window, just below, click Remove sandbox. Not a single file or process remains that was previously hanging on the system.

If the necessary files were created while the program was running (for example, if the Internet browser was running), when deleting the sandbox, Sandboxie will prompt the user to remove them from the sandbox and save them in any folder. The cleaned sandbox is again ready to run any files in the isolated space.

Sandboxie is one of the most reliable, and therefore the most popular sandboxes on the Internet. A reliable program with a convenient Russified interface will help protect the user from the influence of unverified and suspicious files without harming the configured operating system.

We are glad that we were able to help you solve the problem.

Poll: did this article help you?

Not really

lumpics.ru

Sandboxie – increasing the level of security for your PC!

Sandboxie/sandbox program - a safe environment for the computer user

The Sandboxie program was created for the safe use of your browsers on the Internet, as well as programs that require a connection to the World Wide Web to operate.

For example, programs such as Skype, ICQ, etc., I will not list everything, since this list can be very long)).

Also, the program can be very useful for gamers, or simply for those who sometimes like to play online, since launching a game in a “sandbox” will protect you in the virtual world from all sorts of unpleasant troubles)).

Briefly, the principle of operation of the program: you launch the browser in the sandbox and the virus getting into the system unit is reduced to zero, oh well) if not to zero, then at least to a minimum)).

So, step by step))…first you need to install the program. Installed? After successful installation, a program icon should appear in your system tray (bottom right, where the clock and date are).

Click on the “sandbox” icon in the tray to enter the main menu of the program.

In the upper right corner, select “Sandbox” from the menu. We will need this to create the sandbox list.

And in the main menu you will now see this new name. Right-click on the new name and enter the settings of this program.

Item “Behavior”, check the box “Show sandbox name in window title”, so as not to confuse running programs later. But boundaries should not be marked with color.

If you work with the browser for a long time, this will only irritate you. Although this is all an amateur, many do not pay attention to the strip. Click apply and move on to the next point.

Recovery. Important point. If you download a lot of things from the Internet, then you will need it.

We don't need the extra folders; we'll delete them. And we add the folder into which you always download all the trash from the Internet. Click “ok”.

Attention! The browser you use must have the same download folder set as in the sandbox. Click apply.

The “Immediate recovery” option must be enabled. Upon completion of the download, you will immediately receive a window asking you to restore the current folder or your choice. We do not touch the remaining settings.

The next item is “Delete”. Submenu, “Delete Proposal”. Sandbox content removal function. For everyday use, set it to “Automatic removal”.

And the second point, “Never delete this sandbox.” If you check the box there. In this case, the content will not be deleted. Useful when testing browser settings or add-ons. Click “apply”.

Next point. “Groups of programs” that will work with certain access settings (resources, registry, Internet, etc.). I'm skipping this point.

Some settings items can be skipped because they only work in the paid version of the program.

You can set the “file size” for transferring yourself, but it’s better to leave it as it is. You don't need it to use the browser.

Next point. “Restrictions” and its submenu “Internet Access”. Since we will be working with a browser, we will of course leave access to the Internet. Otherwise, the browser itself will launch, but there will be no access to the Internet.

On the right side you will have an “Add” button. Pgm." If you need to block access, then click on the programs and select from the list of recently launched programs, or select them yourself.

"Take away your license." A required settings item for Windows XP owners. Make sure to check the box and click apply.

Working with access conditions for programs and groups of programs. For advanced users only. For easy work with the browser, everything is configured by default.

“Application”, submenus which include all browsers and other settings on the list.

By default, there are automatic settings for optimal operation, compatibility of programs and applications. To work with browsers, you don’t need to touch anything, everything is already configured.

So. “User Accounts” item. An additional “Select Users” or “Groups” window opens.

This is a list of computer users who are prohibited from accessing the sandbox and working with the entered accounts in this sandbox will be impossible!

Very comfortably. You can deny access to your children or employees at their workplace, if this is of course necessary for you. And click apply.

Some massive applications (such as the Outpost Security Suite and Online Armor Premium Firewall firewalls, as well as executable exe and msi files of incomprehensible content downloaded from the Internet) can disrupt the integrity and stability of the system. Their installation in a working OS can lead to the appearance of BSOD screens when loading the OS, changes in browser settings, and even the spread of worms and Trojans, which is likely to result in the attacker stealing passwords to social network accounts, web services you use, email box, etc.

We have previously written about popular methods for testing new software in articles about and. In this article we will talk about another simple, fast and effective way to run any applications under Windows in a protected, isolated environment, and its name is the Sandboxie sandbox.

What is a sandbox?

In the field of computer security, a sandbox is a specially dedicated environment designed to safely run applications on a PC. Some complex software products include a safe environment (sandbox) mode. Such applications include the Comodo Internet Security firewall, Avast antivirus! (paid version), developments in the field of data protection from Kaspersky Lab. The subject of our article-instructions, the Sandboxie program, is a full-fledged tool for large-scale testing of any programs without making changes to the structure and parameters of the working operating system. How to work with it - read on.

Downloading the distribution and installing Sandboxie

Before you begin installation, as always, you need to download the installation package online. Let's take advantage official website project.

Although the developers offer paid versions of the product for home and office use, the free version is also quite suitable for us. It has no time restrictions. The only negative is the ability to work with only one sandbox and the inaccessibility of some not very critical parameters.

After downloading the distribution, let's begin the installation procedure. It takes place in 2 phases. First, system libraries and Sandboxie executable files are installed.

At the final stage, you will be asked to install the system driver, which is the core of the application. The driver will work in conjunction with service files, its installation time will take a couple of moments. We agree and move on.

First launch of the Sandboxie sandbox

When you launch the application for the first time, the screen will display a list of programs for which you can improve sandbox compatibility. Despite the fact that not all applications available in the OS are displayed in this list, the sandbox program automatically determined that by default these programs are not available for management in Sandboxie. We agree to improve compatibility by checking all items in the list and clicking OK.

Next, we have to go through a short introduction to working with the application, where we can get acquainted with the general principle of operation of the software product, the mechanism for launching a web browser in protected mode, as well as the function of deleting the contents of the active sandbox. The manual is very concise, all its contents are reduced to a few button presses to perform the most popular actions and a graphic illustration with the basic methodology of the service.

So, when the manual is exhausted, we can start working in an isolated environment. You can launch the application by selecting the corresponding item in the “Start” menu, or by clicking on the corresponding icon in the form of “Applications” (Win 8/8.1).

An alternative way is to double-click on the Sandboxie sandbox icon in the taskbar.

As a result of launching the program, a form with an active sandbox available to the user will appear on the screen (we remind you once again that in the free version you can create only one sandbox). Almost all operations are called from this form.

Running the browser in sandbox mode

Well, let's launch the browser in protected mode. To do this, you can use the shortcut on the desktop, or right-click on DefaultBox and select “Run in sandbox” -> “Launch web browser” from the context menu. It is worth noting that in this way you can work with the browser installed on the system as the active one by default.

The inclusion of a secure isolated environment is symbolized by a yellow edge bordering the browser form.

How to work with it? By running your browser in a sandbox, you can freely access any, even potentially dangerous, resources without the threat of infecting your PC with any malicious code. This mode will certainly come in handy if you are looking for keys for programs, cracks, or you have placed a child at the computer under your supervision and are afraid that he may harm the system by switching to unsafe resources through banners, or changing the browser settings by setting the next “ super unique" addition. Any files downloaded using this browser will also not have access to the working system.

When trying to download a file using a sandboxed browser, pay attention to the header of the form for specifying the save name. The name of this form is surrounded by two # symbols, which indicates that when saving the object will be placed in the Windows Sandboxie shell and will not be available on a regular disk device.

The same applies to launched programs.

By default, files downloaded from the network are offered to be placed in the Desktop or Downloads folder. These directories are suitable for sandboxing.

How to make sure that the downloaded file is saved in the sandbox?

In the top menu, select View and check the Files and folders option. You will see a tree of available disks and user directories that you can work with in protected mode. Open the folder you need and make sure the corresponding files are there.

Is it possible to extract a file from the sandbox by placing it in a similar folder on a regular service drive?

Of course, to do this, right-click on the file to be restored, and in the context menu select “Restore to the same folder.” After this, the file will be extracted.

You can also add new paths to the folders available for saving by specifying them in the Sandbox Settings form, Recovery category -> Quick recovery section.

To open the Sandbox Settings form, go to the Sandbox option in the top menu, then select the DefaultBox sub-item and in the context menu that appears, click on the Sandbox Settings element.

How to install a new application in the sandbox?

Right-click on the appropriate distribution saved in an isolated environment or in a standard OS, and select “Run in sandbox” from the menu

Next will follow the standard installation procedure, which can be sorted out in literally no time. The only caveat: if you want to test a 64-bit program, before installing, add the path to the “C:\Program Files” folder in the Sandboxie sandbox settings, since by default there may only be a path to the system directory “C:\Program Files (x86)” . You can do this again in the Quick Recovery menu. To make the changes take effect, click the “Apply” button and restart the installation if the process is already running.

How to run a program in a sandbox?

The user has two ways to launch the application in a secure environment.

The first is a context menu called from the Sandbox item in the Sandboxie top menu. Here you can run anything: from an external mail client to a console daemon designed to compress files into an alternative audio format.

The second way is to use Sandboxie's integration with Windows Explorer. To do this, you need to right-click on the program you need on a regular working disk device and select the “Run in sandbox” option.

Results

In general, it must be said that the program does not feel very confident on the latest generation 64-bit operating systems. Periodic crashes occur, and windows appear with a notification about an attempt to immediately restore running processes. However, with a little fiddling with the settings, you can make the Sandboxie sandbox work stably, efficiently and without any reservations, and thanks to integration with Explorer, launching applications is smooth and smooth. Along with other virtualization methods, this mechanism is an excellent tool for debugging and testing applications, which is useful for a detailed study of the interaction of a software product with the working operating environment.