www.sandboxie.com :: View topic

Posted: Sat Jul 19, 2008 6:18 pm

I have now resolved the printer problems.

The problem was that Online Armor blocked outgoing for spoolsv.exe. (Probably my fault).

After I put spoolsv.exe to allow outbound the printer work. (But that has not changed my opinion of HP products because I had problems earlier too) I then deleted a lot of changes I made to the SBIE inifile (when I tried to let the printer work) to see if the printer still would work. And it did. So in my setup, with my printer there is no need to configure SBIE to work with the printer.

Thaught I should let you know.

Posted: Wed Jul 23, 2008 9:38 am

Hi

MitchE323 wrote:

ClosedIpcPath=!<Restricted>,*
ClosedFilePath=!<Internet>,\Device\RawIp
ClosedFilePath=!<Internet>,\Device\Ip*
ClosedFilePath=!<Internet>,\Device\Tcp*
ClosedFilePath=!<Internet>,\Device\Afd*

Could someone explain what IPC is? And the Internet devices things?

Thanks

Posted: Wed Jul 23, 2008 1:28 pm

IPC= Interprocess communications http://en.wikipedia.org/wiki/Inter-process_communication ; in the context of this thread refers to blocking all except a series of programs from communicating. The internet access settings are the componants that make up an internet connection.

Posted: Thu Jul 24, 2008 8:48 am

Hi

MitchE323 wrote:

IPC= Interprocess communications http://en.wikipedia.org/wiki/Inter-process_communication ; in the context of this thread refers to blocking all except a series of programs from communicating. The internet access settings are the componants that make up an internet connection.

Thanks for the information.

But is ProcessGroup=<InternetAccess_DefaultBox>,firefox.exe enough?
Or do those Internet access settings provide better security?

Thanks!

Posted: Fri Jul 25, 2008 4:47 am

Quote:

Or do those Internet access settings provide better security?

You should be just fine with the Internet access settings. Remember, SandboxIE right outta the box, with default settings is going to protect you from just about everything. Virus and malware? Gone by closing your browser with SandboxIE set on auto/delete. Unwanted file and registry changes? Same thing - gone. And if you happen to pick up some malware that is transmitting information about you, a simple closedfilepath to your private folders will take care of that. The only thing they will find out is that you are on Windows, lol.

Posted: Fri Jul 25, 2008 7:26 am

Hi

MitchE323 wrote:

Quote:

Or do those Internet access settings provide better security?

You should be just fine with the Internet access settings. Remember, SandboxIE right outta the box, with default settings is going to protect you from just about everything. Virus and malware? Gone by closing your browser with SandboxIE set on auto/delete. Unwanted file and registry changes? Same thing - gone. And if you happen to pick up some malware that is transmitting information about you, a simple closedfilepath to your private folders will take care of that. The only thing they will find out is that you are on Windows, lol.

So do you mean
ProcessGroup=<InternetAccess_DefaultBox>,firefox.exe
or
ClosedFilePath=!<Internet>,\Device\RawIp
ClosedFilePath=!<Internet>,\Device\Ip*
ClosedFilePath=!<Internet>,\Device\Tcp*
ClosedFilePath=!<Internet>,\Device\Afd*
is enough?

Thanks

Posted: Fri Jul 25, 2008 8:05 am

No, you are not seeing it yet. Under GlobalSettings is a ProcessGroup specified;

ProcessGroup=<InternetAccess_DefaultBox>,firefox.exe

That is all that is, a group of programs (in this case, the group is only one program - Firefox). At this point all you have is a group, that's it - now you have to create rules for what that group can do.

The settings that dictate what the group can do, are under DefaultBox (or whatever sandbox you are working on). For preventing internet access those settings would be;

ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*

Those settings say that only those programs that are in the <InternetAccess_DefaultBox> group can access the internet. So that is Firefox.

So that portion of the ini file should look like this;

[GlobalSettings]
ProcessGroup=<InternetAccess_DefaultBox>,firefox.exe

[DefaultBox]
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*

That is all one instruction. The instruction is that there is a group, and only that group can access the web.

Notice that the names in between the <> marks have to match. But the words have no bearing on the instruction.

It could be;

[GlobalSettings]
ProcessGroup=<BozoTheClown>,firefox.exe

[DefaultBox]
ClosedFilePath=!<BozoTheClown>,\Device\RawIp
ClosedFilePath=!<BozoTheClown>,\Device\Ip*
ClosedFilePath=!<BozoTheClown>,\Device\Tcp*
ClosedFilePath=!<BozoTheClown>,\Device\Afd*

That instruction is the same result as the earlier one. a group has been created, and then rules for that group have been set. Wink

Just let SandboxIe create everything right through SandboxIE Control - at the Internet Access tab, This is all just so you understand the settings behind it all.

Posted: Fri Jul 25, 2008 8:23 am

Hi

MitchE323 wrote:

No, you are not seeing it yet. Under GlobalSettings is a ProcessGroup specified;

ProcessGroup=<InternetAccess_DefaultBox>,firefox.exe

That is all that is, a group of programs (in this case, the group is only one program - Firefox). At this point all you have is a group, that's it - now you have to create rules for what that group can do.

The settings that dictate what the group can do, are under DefaultBox (or whatever sandbox you are working on). For preventing internet access those settings would be;

ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*

Those settings say that only those programs that are in the <InternetAccess_DefaultBox> group can access the internet. So that is Firefox.

So that portion of the ini file should look like this;

[GlobalSettings]
ProcessGroup=<InternetAccess_DefaultBox>,firefox.exe

[DefaultBox]
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*

That is all one instruction. The instruction is that there is a group, and only that group can access the web.

Notice that the names in between the <> marks have to match. But the words have no bearing on the instruction.

It could be;

[GlobalSettings]
ProcessGroup=<BozoTheClown>,firefox.exe

[DefaultBox]
ClosedFilePath=!<BozoTheClown>,\Device\RawIp
ClosedFilePath=!<BozoTheClown>,\Device\Ip*
ClosedFilePath=!<BozoTheClown>,\Device\Tcp*
ClosedFilePath=!<BozoTheClown>,\Device\Afd*

That instruction is the same result as the earlier one. a group has been created, and then rules for that group have been set. Wink

Just let SandboxIe create everything right through SandboxIE Control - at the Internet Access tab, This is all just so you understand the settings behind it all.

OK. I think I get it now. Thanks very much!

Posted: Fri Jul 25, 2008 12:00 pm

Hi Mitch

Wonder if you could show an example using two sandboxes with different programs allowed to run and access the net. That would be very helpful.

Pete

Posted: Fri Jul 25, 2008 2:22 pm

No problem Pete, but I think maybe I will begin a new topic in Anything Else. Seems there are a lot of custom user scenerios that maybe we can group together. At work now, will get on it tonite. Very Happy

Posted: Fri Jul 25, 2008 3:21 pm

MitchE323 wrote:

No problem Pete, but I think maybe I will begin a new topic in Anything Else. Seems there are a lot of custom user scenerios that maybe we can group together. At work now, will get on it tonite. Very Happy

Cool. Most helpful.