Sandboxie Plus
You must be registered to see the links
Attention!
If you have problems launching games on the
RPGM engine in Sandboxie, try this
solution.
F95 has been under attack recently (see
https://f95zone.to/threads/recent-malware-infected-games.207437/ for details) and a good way to protect yourself is to run games in a sandbox. There are several sandboxes available (even from Microsoft, built into Windows), but here we will look at Sandboxie Plus. There used to be a setup guide, but it was deleted and people are asking for it to be restored. Which I have tried to do (well, as best I could).
Attention!
If you are really concerned about your security, then a sandbox cannot be the only solution. First and foremost, your user must have limited rights. This is incredibly important, and without it, all other security actions are largely meaningless. You should also have antivirus software and a firewall configured. A description of this is beyond the scope of this guide, but you can read more about it here and
You must be registered to see the links
.
What does Sandboxie do? It runs programs (games) in an isolated environment, preventing (well, almost) any changes to the host system. It also allows you to block internet access for isolated programs, preventing them from downloading malware or sending personal information to hackers. Sandboxie Plus has the ability to create multiple sandboxes, each with its own settings. For example, with or without internet access allowed.
As this is a sandbox and not a virtual machine, it offers maximum performance and access to the hardware. I've run games on UE and Unity with heavy graphics without any problems and haven't noticed any performance degradation, at least not in-game. Sometimes games take longer than usual to start due to copying files inside the sandbox.
How Sandboxie Plus works with files
For each sandbox created in Sandboxie, an isolated file-system folder is created, but you don't need to copy anything there (or from there), as Sandboxie allows you to use files from your system, and only when an isolated program tries to modify a file in the system (or create a new one), it will be placed in this isolated file-system, and the program will continue to work with it without noticing the change. When you are finished, you can either find this file in the sandbox folder yourself, or use the Recovery Sandboxie tool. You can also do this automatically when clearing (deleting the contents of) the sandbox by specifying the folder to be restored in the settings. How to set it up and use it is described below.
This manual is intended as a quick start and does not contain details on the operation and configuration of Sandboxie. If you are interested in the details, use the forum (there is a link on the application's website).
Warning! I am not an expert in using Sandboxie and am only sharing my experience as a regular user. If you have any useful comments - post them in the thread. If you have questions about configuration details (especially security) - I am unlikely to be able to help you, you should go to the developer forum and look there. Also, I apologize in advance as English is not my first language.
Download this guide
Download the latest version here:
You must be registered to see the links
Sandboxie Plus has a free and a paid version. The free version is sufficient for most applications.
All images are for version 1.15.8 and may be different for other versions, always check the name of the parameter/option as they may be different in wording and location.
Installation is very simple - next, next, next...
View attachment 4688019
The first time you start the program, the setup wizard will appear.
1. Select Personal use. Click Next.
View attachment 4688023
2. For the free version, skip this screen. Continue.
View attachment 4688026
3. Customize the interface or leave it as it is.(If you select not advanced UI then there will be no advanced options in the settings, how to fix afterwards see
here) Next.
View attachment 4688029
4. Make sure you select to run at startup. I also recommend adding Run in sandbox to the context menu, the rest is up to you. Next.
View attachment 4688031
5. Make sure you enable version checking. Always update Sandboxie to the latest version when it asks you to (this process is automatic and you only have to accept). Next.
View attachment 4688036
Right after the setup wizard, the global Sandboxie Plus settings will open. There are a lot of things you can configure here, but in short, you can leave everything as it is, except for three things:
1. Check 'Hide Sandboxie's own processes from the task list' so that no viruses can see that the sandbox is running. Of course, this will not protect you from sandbox detection, but it is something.
View attachment 4688039
2. Enable 'Show file recovery window when emptying sandboxes'. If enabled, you will be offered to recover files from the sandbox when emptying it (manually or automatically). This must be enabled if you want to recover files automatically (see below).
View attachment 4688040
3. Important addition (thanks to
trumpthatbitch). You should restrict the ability to change Sandboxie settings to administrator accounts only. It is very desirable that you have a separate administrator user, but even if you don't, your account should have a password and should be prompted for it when you try to change settings.
Details.
View attachment 4691549
That's it, the Sandboxie configuration is done. You now have a sandbox called “DefaultBox”. You can rename it or move the sandbox files to another location. Also in the context menu there are important items “Recover Files” and “Delete Content”, if you want to do it manually. For now, we need to configure the sandbox itself - select 'Sandbox Options'.
View attachment 4688079
1. Appearance settings are up to you, but the default setting for windows of applications running in the sandbox is an annoying (to me) thick yellow border. I recommend removing it.
View attachment 4688047
2. If you don't want to recover files from the sandbox manually (of course, saves go to an isolated folder), and to increase protection (even if something bad got into the files), I recommend enabling automatic sandbox cleanup. When you exit the application (game), if recovery folders are configured, a window will automatically appear asking you to select the files you want to recover. All sandbox content will then be deleted. If you are afraid of losing your saves, do not activate this option, you will have to restore everything manually.
View attachment 4688051
3. This allows you to specify the folders that will be scanned for files to recover. There are default folders here, but you can add your own and/or delete existing folders.
View attachment 4688056
View attachment 4688058
For example, for Renpy games. For other engines you may need to add the whole AppData folder or even the games folder.
Warning! If you have set up automatic deletion and there are no files in the folders specified here when the game is finished, the recovery window will not appear and the sandbox content will be deleted. Pay attention to the recovery folders, find out where your games are saved and add them here. Another option is to create multiple sandboxes for different engines, so that it is easier to sort out which files to restore and which not to.
4. Off by default, but recommended. I would switch it on.
View attachment 4688061
5. Here we can configure to force programs to run in the sandbox. There are several options, but I think the best one is a folder. Anything running in that folder will be sandboxed. This way you won't accidentally forget to select 'Run in sandbox' for every game (and every time). Very handy. You can add several folders, but I usually choose one and unzip the games into it (into sub-folders). It is important to remember that EVERYTHING that runs from this folder goes into the sandbox - for example, images and video viewers run in the sandbox, as do text files and links to the internet. The same goes for archivers. To avoid this, start a software (player, viewer, editor) and choose to open a file from this folder, then everything will be normal. Or turn off the forced folder for a while.
View attachment 4688063
6. The second important setting. This allows you to disable access to the Internet (and the network as a whole). It is enabled by default. For most of the games on this site, you can easily turn it off. For others, use a separate sandbox.
Basically you don't have to switch this off here, you can do it after setting it up, see
here.
Important!
Some games (mainly
RPGM) may stop working if you completely block access to the network. Simply allowing access may not solve the issue.
The solution is described here.
View attachment 4688064
7. For the vast majority of games (and applications) there is no need to look at other processes. So we turn this option on. If you want to run a cheater - run it in the same sandbox, otherwise it will not get to the game process (although I have not checked). The second option is also useful, nothing for a normal game to interfere with the system.
View attachment 4688065
8. I'm turning everything on here. Again, this is unnecessary information for a normal game, and only identity thieves, hackers and viruses will look at it. Well, don't!
View attachment 4688067
That's it, everything is set up.
How to install/unpack games, patches and saves.
Basically the same as usual, but remember that if you set up a forced folder, the archives should be stacked outside it, and only unpacked into that folder. The same goes for patches and saves. If you need to edit a file (e.g. text), run the editor and then choose to open the file in the folder. Then any changes will be on your disc, not in the sandbox. If the installer runs any scripts FROM the folder it installs in, things can go wrong. It would be easier to disable the forced folder during installation.
Is it even necessary to automatically clean the sandbox?
Not at all. If you're playing on a single computer and don't need to transfer your saves, you can leave them in the sandbox. Even if you start a new version of the game, it will take the files from the sandbox (they have priority over the ones you have on the disc). And there is no fuss about recovering files.
But! If something nasty gets through to you, it may not break your system, but it can easily break the files in YOUR sandbox, i.e. your saves. Also, it will stay in the sandbox, it can collect data (whatever it can get out of the sandbox), and maybe it can somehow transfer that data out. The longer it stays there, the more chances it has to get out and do some damage. With auto-removal, it will all be wiped out and the virus won't be able to get a foothold.
Personally, I prefer the slight inconvenience of file recovery, but it's up to you.
How to recover files from the sandbox.
The easiest way is to use Sandboxie's
Recover Files feature. If you have
recovery folders and
auto-delete configured, you will see a window like this when the game is finished.
View attachment 4688070
View attachment 4688071
"Recover": When you click this button all files you have selected will be restored to their original location outside the sandbox and deleted in the sandbox. The window will not close and you can continue to restore files.
"Delete content": When you click this, ALL content in the sandbox will be deleted, that is, if you have not restored saves of other games - they will be deleted. The window closes (there is nothing else to do as the sandbox is empty).
"Close": Nothing is deleted and the sandbox keeps all files (except those that have been restored) and just closes this window. When you next start and close the game, this window will appear again and will include new files and old files stored in the sandbox.
If you want to restore (or just look at) all the files in the sandbox, tick the
"Show all files" box.
If you select
"Recover Files" from the sandbox context menu, you will see a similar window (there is no
"Delete Content" button).
You can simply go into the sandbox folder and copy the files you need. Normally, the files for each sandbox are located in C:\Sandboxie\%USERNAME%\%SANDBOXNAME%\.
