Safe launch of programs. Sandboxie program. Using the Sandboxie program How to open a sandbox in the game

So we decided to briefly touch on this topic.

Essentially, a sandbox is an isolated software environment with strictly limited resources for executing program code within this environment (to put it simply, launching programs). In a way, a “sandbox” is a stripped-down sandbox designed to isolate dubious processes for security purposes.

Some part good antiviruses and firewalls (though, as a rule, in their paid version) use this method without your knowledge, some allow you to manage this functionality (since it still creates unnecessary resource consumption), but there are also programs that allow you to implement similar functionality.

We will talk about one of these today.

Unfortunately, it is shareware, but the same free period will help you get to know this type of tools better, which, perhaps, will push you in the future to study in more detail, which, for the most part, exists in free form and provides more options.

You can download Sandboxie from or, for example, . Installation is almost elementary, except for the moment when you need to install the driver (see screenshot below).

At this stage, it is better to disable any protection elements (i.e. the same antiviruses and firewalls), otherwise, if this step fails and the computer hangs, reboots or goes into , you may need to boot into safe mode and delete the program without the possibility of further use .

After installation, the program itself must be launched. It is possible that you will encounter the notification shown above. There's nothing wrong with it, just click "OK".

Next you will be asked to go short course on working with the program, or rather they will tell you a little about how it works. Go through all six steps, preferably carefully reading what is written in the instructions provided to you.

In short, in essence, you can run any program within an isolated environment. The instructions, if you have read them, contain a fairly good metaphor on the topic that, in essence, a sandbox is a piece of transparent paper placed between the program and the computer, and deleting the contents of the sandbox is somewhat similar to discarding a used sheet of paper and its contents, with, logically, subsequent replacement with a new one.

How to set up and use a sandbox program

Now let's try to understand how to work with this. To begin with, you can try running, say, a browser in a sandbox. To do this, in fact, either use the shortcut that appears on your desktop, or use the menu items in the main program window: " DefaultBox - Run in sandbox - Launch Web browser", or, if you want to launch a browser that is not installed on the system as the default browser, then use the item " Run any program" and specify the path to the browser (or program).

After this, the browser itself will be launched in the sandbox and you will see its processes in the Sandboxie window. From this moment on, everything that happens happens in, as has already been said many times, an isolated environment and, for example, a virus that uses the browser cache as an element to penetrate the system, in fact, will not be able to really do anything, because after finishing working with the isolated environment.. You can clean it up by throwing out, as the metaphor said, the scribbled sheet of paper and moving on to a new one (without in any way affecting the integrity of the computer as such).

To clear the contents of the sandbox (if you don’t need it), in the main program window or in the tray (this is where the clock and other icons are) use the item " DefaultBox - Delete content".

Attention ! Only that part that was written and worked in an isolated environment will be deleted, that is, for example, the browser itself will not be deleted from the computer, but the transferred to it.. mmm.. relatively speaking, a copy of the process, the created cache, the saved data ( like downloaded/created files) etc. will be deleted if you do not save them.

To better understand how it works, try launching the browser and other software in the sandbox several times, downloading various files and deleting/saving the content upon completion of work with this same sandbox, and then, for example, launching the same browser or program directly on the computer. Believe me, you will understand the essence in practice better than it can be explained in words.

By the way, by right-clicking on a process in the list of processes in the Sandboxie window, you can control access to various types of computer resources, bypassing the sandbox, by selecting " Access to resources".

Roughly speaking, if you want to take a risk and give, for example, the same Google Chrome, direct access to any folder on the computer, then you can do this on the corresponding tab ( File access - Direct/ full access ) using the "Add" button.

It is logical that the sandbox is intended not only and not so much for working with a browser and visiting various dubious sites, but also for launching applications that seem suspicious to you (especially, for example, at work (where they often launch dubious files from mail or flash drives) and/or should not have access to the main resources of the computer and/or leave unnecessary traces there.

By the way, the latter can be a good element for protection, that is, for running any application, the data of which must be completely isolated and deleted upon completion.

Of course, it is not necessary to delete data from the sandbox upon completion and work with some programs only in an isolated environment (progress is remembered and there is the possibility quick recovery), but whether to do it or not is up to you.

When you try to launch some programs, you may encounter the above problem. Don’t be afraid of it, it’s enough to start by just clicking “OK”, and then open the sandbox settings using the “ DefaultBox - Sandbox settings" and on the "File Transfer" tab, set a slightly larger size for the file transfer option.

We won’t talk about other settings now, but if they are interesting to you, then you can easily figure them out yourself, fortunately everything is in Russian, it’s extremely clear and accessible.. Well, if you have questions, you can ask them at comments to this entry.

Now, perhaps, we can move on to the afterword.

Afterword

Oh yes, we almost forgot, of course, that the sandbox consumes an increased amount of machine resources, because it bites off (virtualizes) part of the capacity, which, naturally, creates a load that is different from running it directly. But, logically, security and/or privacy might be worth it.

By the way, the use of sandboxes, chroot or virtualization, partly relates to the anti-virus security methodology that we use.

That's probably all for now. As always, if you have any questions, thoughts, additions, etc., please feel free to comment on this post.

Many users install this or that software from third-party sources, which could, in theory, harm the computer. Unfortunately, modern antivirus programs Some malware is not immediately recognizable.

But you shouldn’t risk running potentially dangerous software on your computer without any protection. In this case, Sandboxie provides the ability to launch programs in a special environment where you can monitor how the launched program will behave.

How does this program work?

The way Sandboxie works is to create system disk a certain limited space with simulation of the system operation. This space is closed from the main system, which makes it possible not to make all changes in it outside its boundaries. Upon completion of working with files in the sandbox, all information is cleared, so you should not be afraid that you will have a virus somewhere on your computer, albeit in a locked disk space.

Sandboxie can run executable EXE files, installation files, and documents. There are some exceptions, but they are not so critical for operation. You can view statistics on the operation and behavior of certain files. Also, before closing the sandbox, you can configure which files will be deleted and which will be left until the next launch. By default, closing automatically deletes all files and stops processes.

Let's look at the work in the program in more detail.

File menu

By default, the sandbox interface is nothing interesting. Control elements are located only in top menu. Let's take a closer look at the parameter "File". By clicking on it, a context menu appears with the following parameters:

  • "Close All Programs". Forcefully terminates the activities of all programs and processes open in the sandbox. It may be relevant if some malicious file is actively starting its activity and needs to be urgently suspended;
  • "Prohibit formed programs". This button is responsible for the ability to launch programs that open in the sandbox by default in normal system mode. Standard settings imply running such a program for no more than 10 seconds in normal mode. This should be enough to see how the software behaves outside the sandbox. Settings are subject to change;
  • "Window in the Sandbox". Needed to determine where a particular program is open;
  • "Resource access monitor". Allows you to track which computer resources a program running in the sandbox has access to. May be useful for identifying suspicious activity;
  • "Exit". Closes Sandboxie.


View menu

When you press the button "View" you will have access to items responsible for displaying elements in the program interface (menu items "Programs" And "Files and folders").

Also on the menu "View" there is a function "Restore record", responsible for finding and deleting files that were accidentally restored from the sandbox.


Sandbox element

The main functionality of the program is concentrated here. This menu element is directly responsible for working with the sandbox. Let's look at its contents in more detail:

  1. "DefaultBox" is a “sandbox” in which all programs run by default. When you move the mouse cursor over this menu item, a drop-down window appears where you can select additional environments to run a particular program. For example, run the software in "Explorer" Windows, browser, email client, etc. Additionally, you can do the following:
    • "End all programs". Closes all running programs;
    • "Rapid Recovery". Responsible for the ability to remove all or some files from the sandbox and transfer them to regular disk space;
    • "Delete Contents". Closes and deletes all programs, files and processes inside the isolated space;
    • "View content". Allows you to find out about everything that is contained in the “sandbox”;
    • "Sandbox settings". A special window opens where you can configure the highlighting of the window in the interface in one color or another, configure data recovery and/or deletion, permissions for programs to access the Internet, etc.;
    • "Rename sandbox". Allows you to give her a unique name consisting of Latin letters and Arabic numerals;
    • "Delete sandbox". Deletes all isolated disk space allocated for a specific sandbox along with all data running in it.
  2. You can create a new sandbox using the corresponding button. By default, all settings from already created sandboxes will be transferred, which you can adjust to your needs. Additionally, the new isolated space will have to be given a name.
  3. Clicking on a context menu item "Set storage folder", you can choose the location of the isolated space. By default this is C:\Sandbox .
  4. Additionally, you can configure the order in which sandboxes are displayed. Standard display goes in alphabetical order, to change it, use the menu item "Set location and groups".


Item “Customize”

As the name implies, this menu item is responsible for setting up the program. With it you can configure the following:

  • "Warning about running programs". When opening certain programs selected by the user in the sandbox, a corresponding notification will be sent;
  • "Integration into Windows Explorer» . Opens a window with settings for launching programs through the context menu of a shortcut or executable file;
  • "Program Compatibility". Not all programs may be compatible with your operating system and/or sandbox environment. Using this menu item, you can set compatibility settings, which allows you to run more programs;
  • Block with configuration controls. There are already settings for more experienced users here, some of which should be specified in the form of special commands.


Advantages and disadvantages of the program

The program has its advantages, but is not without its disadvantages.

Advantages

  • The program has a good reputation, as it has proven itself well;
  • The settings elements are conveniently located and named, which will allow even an inexperienced user to understand them;
  • You can create an unlimited number of sandboxes, setting each setting for a specific type of task;
  • The program is perfectly translated into Russian.

Flaws

  • The program interface is outdated, but this has virtually no effect on ease of use;
  • This sandbox cannot run programs that require the installation of additional drivers or other components. This problem is not limited to Sandboxie.

How to run a program in the sandbox

Let's look at how the program works using the example of launching another program in its environment that has unwanted software in its installation file:

  1. First you need to download from the official website installation file Sandboxie.


  2. Install the program. There is nothing complicated during the installation process, just follow the installer's instructions.
  3. When you're done with the installation, select the program you want to run in a sandboxed environment. Click on its shortcut/executable file right click mouse and select an option "Run in a sandbox".


  4. An interface will open where you will be asked to select a “sandbox”. If you have not made any settings in Sandboxie, then select "DefaultBox". Assuming you have created several sandboxes for different needs, choose the one that is most suitable for a given situation.

  5. The installation of the selected program will begin, or the program itself will begin to launch if it is already installed. Do not be afraid to install in the sandbox, since not a single malicious element will be able to escape beyond its boundaries. You can determine whether a program/file is running in the sandbox by the characteristic yellow frame around its window.


  6. Once the program installation is complete, you need to find out what has changed in the sandbox. To do this, click on the Sandboxie icon located in "Taskbars".
  7. A window will open where you can view how much space the installed program takes up in the limited space, as well as how many files and folders it has created.
  8. If everything is alright and you trust installed program, then you can transfer it to regular disk space using the button "Restore to folder...".
  9. If you don’t trust the program, then click on the button "Delete sandbox". All changes made will be erased.


Thus, you learned the main features of the Sandboxie program, and also understood how to use it. This article did not cover all options for using the program, but this data is enough to allow you to check a particular program for the presence of malware/unwanted software.

You can endlessly look at the fire, water and activity of programs isolated in the sandbox. Thanks to virtualization, with one click you can send the results of this activity - often unsafe - into oblivion.

However, virtualization is also used for research purposes: for example, you wanted to control the impact of a freshly compiled program on the system or run two different versions applications simultaneously. Or create a standalone application that will leave no traces on the system. There are many options for using a sandbox. It is not the program that dictates its terms in the system, but you who show it the way and distribute resources.

If you are not satisfied with the slowness of the process, using the ThinApp Converter tool you can put virtualization on stream. Installers will be created based on the config you specify.

In general, the developers advise making all of these preparations under sterile conditions, on fresh OS, so that all the installation nuances are taken into account. For these purposes, you can use a virtual machine, but, of course, this will leave its mark on the speed of work. VMware ThinApp already loads system resources quite heavily, and not only in scanning mode. However, as they say, slowly but surely.

BufferZone

  • Website: www.trustware.com
  • Developer: Trustware
  • License: freeware

BufferZone controls Internet and software activity of applications using a virtual zone, closely approaching firewalls. In other words, it uses rule-governed virtualization. BufferZone easily works in conjunction with browsers, instant messengers, email and P2P clients.

At the time of writing, the developers warned about possible problems when working with Windows 8. The program can kill the system, after which it will have to be removed via safe mode. This is due to the BufferZone drivers, which come into serious conflict with the OS.

What falls under BufferZone's radar can be tracked in the main Summary section. You determine the number of limited applications yourself: the Programs to run inside BufferZone list is intended for this. It already includes potentially unsafe applications such as browsers and mail clients. A red border appears around the captured app window, giving you confidence to surf safely. If you want to run outside the zone - no problem, the control can be bypassed through the context menu.

In addition to the virtual zone, there is such a thing as a private zone. You can add sites where strict confidentiality is required. It should be noted right away that the function only works in Internet Explorer retro versions. In more modern browsers There are built-in tools to ensure anonymity.

The Policy section configures policies in relation to installers and updates, as well as programs launched from devices and network sources. In Configurations also see additional security policy options (Advanced Policy). There are six levels of control, depending on which BufferZone’s attitude towards programs changes: without protection (1), automatic (2) and semi-automatic (3), notifications about the launch of all (4) and unsigned programs (5), maximum protection (6).

As you can see, the value of BufferZone lies in total Internet control. If you need more flexible rules, then any firewall will help you. BufferZone also has it, but more for show: it allows you to block applications network addresses and ports. From a practical point of view, it is not very convenient for actively accessing settings.

Evalaze

  • Website: www.evalaze.de/en/evalaze-oxide/
  • Developer: Dögel GmbH
  • License: freeware / commercial (2142 euros)

The main feature of Evalaze is the flexibility of virtualized applications: they can be run from removable media or from network environment. The program allows you to create completely autonomous distributions operating in an emulated environment file system and registry.

The main feature of Evalaze is its convenient wizard, which is understandable without reading the manual. First, you make an OS image before installing the program, then you install it, do a test run, and configure it. Next, following the Evalaze wizard, you analyze the changes. Very similar to the principle of operation of uninstallers (for example, Soft Organizer).

Virtualized applications can operate in two modes: in the first case, write operations are redirected to the sandbox; in the second, the program can write and read files on the real system. Whether the program will delete traces of its activities or not is up to you; the Delete Old Sandbox Automatic option is at your service.

Many interesting features are available only in the commercial version of Evalaze. Among them are editing environmental elements (such as files and registry keys), importing projects, and setting reading mode. However, the license costs more than two thousand euros, which, I agree, slightly exceeds the psychological price barrier. The use of an online virtualization service is offered at a similarly prohibitive price. As a consolation, the developer's website has prepared virtual sample applications.

Cameyo

  • Website: www.cameyo.com
  • Developer: Cameyo
  • License: freeware

A quick look at Cameyo suggests that the functions are similar to Evalaze, and in three clicks you can create a distribution with a virtualized application. The packager takes a snapshot of the system, compares it with the changes after installing the software and creates an ecosystem for launch.

The most important difference from Evalaze is that the program is completely free and does not block any options. The settings are conveniently concentrated: switching the virtualization method with saving to disk or memory, selecting an isolation mode: saving documents to specified directories, prohibiting writing or full access. In addition to this, you can configure the virtual environment using the file and registry key editor. Each folder also has one of three isolation levels, which can be easily overridden.

You can specify the sandbox cleaning mode after exiting the standalone application: removing traces, without cleaning, and writing registry changes to a file. Integration with Explorer and the ability to link to specific file types in the system are also available, which is not even available in paid analogues Cameyo.

However, the most interesting thing is not the local part of Cameyo, but the online packager and public virtual applications. It is enough to specify the URL or upload the MSI or EXE installer to the server, indicating the system bit depth, and you will receive a stand-alone package. From now on it is available under the roof of your cloud.

Summary

Sandboxie will be the best choice for sandbox experiments. The program is the most informative among the listed tools; it has a monitoring function. Wide range of settings and good capabilities for managing a group of applications.

It does not have any unique functions, but it is very simple and trouble-free. An interesting fact: the article was written inside this “sandbox”, and due to an unfortunate mistake, all the changes went into the “shadow” (read: astral plane). If it weren't for Dropbox, a completely different text would have been published on this page - most likely by a different author.

Evalaze offers not A complex approach virtualization, but individual: you control the launch of a specific application, creating artificial living conditions for this. There are advantages and disadvantages here. However, taking into account the reduction free version Evalaze, and your virtues will fade in your eyes.

Cameyo has a certain “cloud” flavor: the application can be downloaded from the website, uploaded to a flash drive or Dropbox - this is convenient in many cases. True, it brings to mind associations with fast food: you can’t vouch for the quality and compliance of the content with the description.

But if you prefer to cook according to a recipe, VMware ThinApp- your option. This is a solution for experts who care about every detail. A set of unique features is complemented by the capabilities of the console. You can convert applications from command line, using configs, scripts - in individual and batch mode.

BufferZone is a sandbox with a firewall function. This hybrid is far from perfect and the settings are up-to-date, but BufferZone can be used to control Internet activity and applications, protect against viruses and other threats.

Some users sometimes have to deal with software of dubious origin, for example, for testing purposes. The best option in such cases would be to have a separate computer or virtual machine for this, but this is not always possible. But there is a solution - you just need to use a sandbox program, which includes Sandboxie.

The application allows you to run executable files (including program installers) in the sandbox, work with a web browser and files, and configure their behavior in certain cases.

Launching a web browser

The main reason why users are interested in such Sandboxy software is safe work in the Internet. The program under consideration allows us to achieve this goal.

Launching programs

The next scenario for using the sandbox environment is launching software.

Working with files

In the “sandbox” of the environment in question, you can also open a variety of files, for example, archives of dubious origin. The algorithm of actions is exactly the same as with programs (technically, the software first opens to view the target document), so the previous instructions are also suitable for opening files in the sandbox.

Environment management

The developers have also provided users with tools to manage the environment in which programs are launched and files are opened. They have an obvious name "Sandboxie Management".


Setting Sandboxie Options

The sandbox can be customized for more comfortable use.


Solutions to some problems

Unfortunately, sometimes problems arise when using the sandbox. Let's look at the most common ones and suggest options for eliminating them.

Error "SBIE2204 Cannot start sandboxed service RpcSs"
A similar problem is typical for versions of Sandboxie 5.0 and older that are installed on Windows 10. The reason is the incompatibility of the environment with the capabilities of this operating system, so the only solution is to install the latest program updates.

Error "SBIE2310 Name buffer has reached overflow"
This problem also concerns incompatibility, but this time with a specific program. Most often, the culprits are antiviruses with sandbox capabilities or similar software. The method for eliminating the error is also obvious - disable or uninstall the application that conflicts with Sandboxie.

Error "SBIE2211 Sandboxed service failed to start: *application or file name*"
This type of failure most often occurs in Windows users 7. The problem lies in the User Account Control system, which interferes with the operation or installation of a file that requires administrator rights to run. The solution is simple - in the sandbox selection window, when opening such software or document, check the option "Run as UAC Administrator".

Conclusion

This concludes our guide to using Sandboxie. Finally, we remind you that a sandbox environment is not a panacea for computer security, so if you have to deal with suspicious software, it is better to use a virtual machine.

The Internet is simply teeming with viruses. They may be under the guise useful programs, or can even be built into the desired working program. (Quite often found in hacked programs, so you should treat hacked programs with distrust, especially if you download from suspicious sites). So you installed the program and something else was installed on your computer as a bonus (at best, programs for hidden surfing or miners), and at worst, warriors, backdoors, stealers and other dirty tricks.

There are 2 options if you don't trust the file.
— Running a virus in the sandbox
— Using virtual machines

In this article we will look at the 1st option - sandbox for windows.

Sandbox for Windows is a great opportunity to work with suspicious files, we will look at how to start using the sandbox.
If you use antiviruses, sandboxes are often built into them. But I don’t like these things and I think it’s best to download the sandbox on the website www.sandboxie.com.

The program allows you to run a file in a specially designated area, beyond which viruses cannot escape and harm the computer.

You can download the program for free. But, after 2 weeks of use, a sign indicating an offer to buy a subscription will appear when turned on, and the program can be launched in a few seconds. But the program still remains fully functional. Installation will not be difficult. And the interface itself is quite simple.

By default, the program will start itself when you turn on the computer. If the program is running, a tray icon will appear. If not, go to Start-All Programs-Sandboxie-Manage sandboxie.
The easiest way to run a program in the sandbox is to right-click on the launch file or on the shortcut of the desired program, and in the menu you will see the words “Run in sandbox”, click and run. Select the desired profile in which to run and click OK. All, required program works in a safe environment and viruses will not escape the sandbox.


Attention: some infected programs do not allow running in sandboxes and virtual machines, forcing you to run it just like that. If you encounter such a reaction, the best thing to do is delete the file, otherwise you run at your own peril and risk

.

If launch in the sandbox does not appear in the context menu (when you right-click), go to the program window, select Configure - Integration into Windows Explorer - and check the two boxes under the words "Actions - run in the sandbox."

You can create different sandboxes. To do this, click Sandbox - create a sandbox and write the name of the new one. You can also delete old ones in the sandbox section (recommended).

There is nothing more to consider in the program. Lastly, I want to say - Take care of your data and your computer! Until next time

Related posts:

Removing undeletable files on your computer Virtual machine for windows. Program overview and setup Windows 10 disable tracking