I hope to use a registered copy of Sanboxie to run both my browser and email client in the sandbox. I have 3 technical questions:

1. Should I run more than one Sandbox? Possibly the browser in one and the email client in the other? What advanatge would this serve if any? Could multiple sandbaxes be configured differently?

2. With my email client sandboxed, will my AV still be able to scan incoming emails and attachments?

3. Will any web filters that run on my AV/Antispyware still function with the Browser sandboxed?

There is some merit to such a configuration. If your mail client is running in a dedicated sandbox, it means you can set up the browser sandbox (let's say this is the DefaultBox) to deny access to anything related to email.

In other words, you would configure:



This means any code running in the context of DefaultBox will be unable to look inside c:\Where\You\Keep\Your\Mail.

Since I'm implying that such a setting only affects one sandbox, this answers your next question:



Yes. You should look in the page for SandboxieIni, through the Help & FAQ link above. I think most of it is pretty straightforward, but take a look and see how you manage with that.



I think this should not be a problem. You may want to visit some evil sites to make sure. Sandboxie will protect you, of course, but you'll get to see if the AV works as expected.

These are some interesting questions.

1 Well, you don´t have to run several sandboxes, but it´s a handy feature, you can for example install various versions of a tool for testing purposes. And you can for example also make a sandbox for internet browsing and one just for testing applications.

2/3 I´m not using any scanners at the moment so I can´t answer, but I think the answer is probably yes. Becaus´t it doesn´t matter if the files are on your "real" system or in the sandbox, they should be scanned anyway.

However I did notice that my HIPS can not always spot certain (malicious) behavior when processes are being sandboxed, this is a bit of a drawback. But on the other hand, if a process is sandboxed it shouldn´t be able to do any damage anyway.

Would be cool though if SBIE could warn you about certain stuff, so that you will at least be able to know what a certain process tries to do (like installing a global hook or service/driver).

Speaking of this, does SBIE prevent apps from installing global hooks? And I guess this is a security measure?

TZUK...YOU WROTE:

"There is some merit to such a configuration. If your mail client is running in a dedicated sandbox, it means you can set up the browser sandbox (let's say this is the DefaultBox) to deny access to anything related to email.

In other words, you would configure:

Code:

[DefaultBox]
Enabled=yes
ClosedFilePath=c:\Where\You\Keep\Your\Mail

This means any code running in the context of DefaultBox will be unable to look inside c:\Where\You\Keep\Your\Mail. "

NOW, TODAY I AM GETTING READY TO SET SANDBOXIE UP LIKE THIS. ARE THERE ANY OTHER CONFIGURATIONS TWEAKS OR SETTINGS THAT I SHOULD CHANGE TO ENSURE MAXIMUM PROTECTION?

Nope, nothing specific that I can think of, for now.