Tutorial Sandboxie Plus Quick Start.
- Thread starter colobancuz
- Start date
- Oct 28, 2019
- 2,508
- 2,223
- 498
if it's online, it's online. whatever you do might be sent outside, at least everything you do inside the box might get outside. the mimimum i'd recommend is, to have absolutely nothing else running in the background when playing online. next, find out exactly which IP and port the game requires for the online functions, before even starting to play, and set up the firewall to block everything, first, and then allow only the required IP and port for only this game. it's still a risk.
allowing something to connect to the internet is generally a compromise between safety and usability. if it's a infected game, some of the content from inside the game could be sent outside. most online games are using a certain IP (that's where the game server should be) and specific ports.
personally, i'm using a dedicated computer for the few online games i sometimes run, means that computer contains only the OS, drivers, AV, Firewall, box, and this is cloned from a spare pre-installed HD (classic HDDs are cheap). if a game screws up, i can just do another clone. if a game tries some SUS, same, i can just wipe and re-clone. only info i might lose are some game logins. the stuff on those accounts, welp just pixels, done with expendable emails, nothing of value lost.
Well... That depends... I found number of Unity AVN/games works just fine in Sandboxie Plus. There were a few that didnt quite running in Sandboxie Plus. There are only few that needed "Internet access", which I ended up putting those in the "shelf" to check down the road to run on old/spare system.
Have a great day and be safe...
For my own edification of using sandboxie and what I should be looking for to know that it's working properly, I just had a few questions since I've recently found this and the other malware related threads and have been trying to shore up my own system security:
1. Are people here generally using sandboxie offline only and downloading the games online and then unpacking and running them only in the sandbox? I'm asking because it was just a little unclear since I do have internet access turned off in my sandboxie setup as recommended in the guide on the first page, so I would expect not to download a game while in sandboxie, and I know generally most of these modern viruses require that you "run" the game exe after extracting it so downloading an infected game in and of itself isn't always as bad as if you actually ran the game.
However, for the sake of protecting in scenarios where one does download a game and there is a potential damaging infection from just downloading alone (if that is common nowadays), then I was curious about how I should be using the sandboxie or what other steps one should take to further protect that part of the process. Presumably, allowing internet in a new sandbox does allow a virus some kind of access to my home wifi network, so that seems counterproductive. Just hardening windows AV, not running on admin, and things like that or are there other steps people are taking? I see a lot of people analyze games and viruses in the malware report thread, and it seems like they're just outright downloading the games, even infected ones, to do that, so I wasn't sure about how you guys normally do that safely, or as safe as you can.
2. Regarding "file recovery" and "auto delete" in sandboxie, both of which I have checked on, I've tested using sandboxie in the scenario where I created a "force folder" for sandboxie. I downloaded a renpy game outside sandboxie and unpacked it into the new force folder. I ran the game in the folder and saved it right away. Then I shut it down and closed the box. Then I restarted it, all to test what would happen. A file recovery box appears when you close it and then again when you restart the game. For the purposes of testing, all I did was hit "close" and didn't "delete" or "recover" anything just to see what would happen. I made sure one of the common file recovery pathways went to the common renpy appdata roaming save folder (so outside the sandbox) and then I also had the sandboxie folder itself listed as a recovery folder, assuming a game saves directly in its own folder. Am I supposed to be "deleting" everything but only recovering the "saves" after each time I close the sandbox?
So far, when I just close the sandbox and don't delete anything, or recover anything, the game seems to stay as it is and the save still exists, which I guess is the auto delete and file recovery settings countering each other since I'm not picking either option when the menus pop up. The save is notably not in my actual appdata roaming folder on my C drive, so I'm assuming it's in the sandboxie, version of the folder only? Will it appear in the actual C drive, outside sandboxie, if I hit recover? Will the whole game file itself be deleted if I select "delete" where I'll have to re-extract the game into the folder each time I play? It's this order of operations that I'm just a little unclear on regarding what step by step process I should be taking if I don't want to lose my saves, but at the same time want to purge any potential infection should there be one. I'm only playing these games on a single PC. Not for any frequent save or game transferring. However, every few months I do backup my games and saves on a separate portable drive in case I ever get a new PC someday or want to just transfer them, or just to prevent losing them.
1. Are people here generally using sandboxie offline only and downloading the games online and then unpacking and running them only in the sandbox? I'm asking because it was just a little unclear since I do have internet access turned off in my sandboxie setup as recommended in the guide on the first page, so I would expect not to download a game while in sandboxie, and I know generally most of these modern viruses require that you "run" the game exe after extracting it so downloading an infected game in and of itself isn't always as bad as if you actually ran the game.
However, for the sake of protecting in scenarios where one does download a game and there is a potential damaging infection from just downloading alone (if that is common nowadays), then I was curious about how I should be using the sandboxie or what other steps one should take to further protect that part of the process. Presumably, allowing internet in a new sandbox does allow a virus some kind of access to my home wifi network, so that seems counterproductive. Just hardening windows AV, not running on admin, and things like that or are there other steps people are taking? I see a lot of people analyze games and viruses in the malware report thread, and it seems like they're just outright downloading the games, even infected ones, to do that, so I wasn't sure about how you guys normally do that safely, or as safe as you can.
2. Regarding "file recovery" and "auto delete" in sandboxie, both of which I have checked on, I've tested using sandboxie in the scenario where I created a "force folder" for sandboxie. I downloaded a renpy game outside sandboxie and unpacked it into the new force folder. I ran the game in the folder and saved it right away. Then I shut it down and closed the box. Then I restarted it, all to test what would happen. A file recovery box appears when you close it and then again when you restart the game. For the purposes of testing, all I did was hit "close" and didn't "delete" or "recover" anything just to see what would happen. I made sure one of the common file recovery pathways went to the common renpy appdata roaming save folder (so outside the sandbox) and then I also had the sandboxie folder itself listed as a recovery folder, assuming a game saves directly in its own folder. Am I supposed to be "deleting" everything but only recovering the "saves" after each time I close the sandbox?
So far, when I just close the sandbox and don't delete anything, or recover anything, the game seems to stay as it is and the save still exists, which I guess is the auto delete and file recovery settings countering each other since I'm not picking either option when the menus pop up. The save is notably not in my actual appdata roaming folder on my C drive, so I'm assuming it's in the sandboxie, version of the folder only? Will it appear in the actual C drive, outside sandboxie, if I hit recover? Will the whole game file itself be deleted if I select "delete" where I'll have to re-extract the game into the folder each time I play? It's this order of operations that I'm just a little unclear on regarding what step by step process I should be taking if I don't want to lose my saves, but at the same time want to purge any potential infection should there be one. I'm only playing these games on a single PC. Not for any frequent save or game transferring. However, every few months I do backup my games and saves on a separate portable drive in case I ever get a new PC someday or want to just transfer them, or just to prevent losing them.
I usually runs the AVN/games in Virtual Machine (VM) and/or sandboxie plus. For both, I have the VM's vNIC disabled, so no internet for that VM, unless I need to do update or other things. Otherwise the VM is 99.9 "OFFLINE". For Sandboxie Plus, I have it set not to enable internet. In this case, I am running the AVN/games in "OFFLINE"
I dont use Sandboxie Plus "file recovery" and "auto delete". However, I do manually zips my game saves and place it in another location after I completed the AVN/Game. Sometime, I just leave those saves and when there an update version of the AVN/game, it should pull the saves. If not, I copy the old save from other location and place it in the new location if there save path changes on the new AVN/game.
You are correct about where the APPDATA location. It will not be in your original Windows' profile location, it would be in the path you assigned/configured your sandboxie "box" location.
x:\("Assigned Name" sandboxie path location)\ should show one or more folder, one would be one would be "drive" other would be "user". APPDATA would be found in the "user" folder, you have to wiggle through it. For RPGM, it would more likely found in the "drive" folder. For UNITY, it would be more likely in "user" folder path as well.
Hopefully this help explains some of your questions.
Have a great day and be safe...
- Aug 11, 2019
- 1,099
- 2,863
- 438
1. It is very difficult to get infected simply by downloading or unpacking a file. Most often, this happens because a fake executable file disguised as an archive is downloaded and launched by an unsuspecting user. That's why I never unzip archives by double-clicking on them (I do it using 7zip or scripts), and I ALWAYS check what I've downloaded, the extensions, the size, and scan it with antivirus. It is also useful to have browser extensions that block malicious scripts, pop-ups and advertisements.
So, general security rules (user, antivirus, firewall) are sufficient to download, unpack and analyse (if you suddenly want to) outside the sandbox.
2. All files that were created/modified by the application/game while running in the sandbox will be saved inside the sandbox. If you close the recovery window without deleting anything, all these files will remain inside the sandbox. You can do this as many times as you like, and everything will be saved, but not in the usual place, but in the sandbox storage.
If you click Delete content, all files INSIDE the sandbox will be deleted, i.e. only those that were created/modified by the game while running in the sandbox. The game itself will not be deleted, as it is not located in the sandbox but simply on your disk (in a forced folder). The same applies to your saves that you had BEFORE launching the game in the sandbox - they are on your disk, not in the sandbox, and therefore nothing threatens them.
Now, if you restore some files from the sandbox, they will be MOVED from the sandbox storage to your hard drive and will OVERWRITE files with the same name on your hard drive (if any). This way, you will be able to see your saves in their usual place.
Whether or not to clear the sandbox every time you finish the game is up to you. Personally, I think it's safer to clear it.
Another convenient feature is the recovery of savies every time you finish the game. If you accidentally corrupt a save file while playing in the sandbox (due to a game glitch or simply saving to the wrong slot), you can simply delete it instead of recovering it. This way, you always have a backup of your saves. This has helped me several times already...
- Oct 28, 2019
- 2,508
- 2,223
- 498
of course, one could do some extra steps, move anything downloaded inside the sandbox and unpack it there, as an attempt to counter packing related stuff like packer bombs.
it's a certain amount of extra work to do, the unpacked content would have to be moved back to a folder outside the box for keeping (in case of the 'kill the box' case) and should be scanned again. not sure if that's worth it. the only bomb i've encountered myself during the last years was a proof-of-concept example on some site, the '42.zip', should still be around. i won't upload it here, it definitely would annoy the staff.
it's a certain amount of extra work to do, the unpacked content would have to be moved back to a folder outside the box for keeping (in case of the 'kill the box' case) and should be scanned again. not sure if that's worth it. the only bomb i've encountered myself during the last years was a proof-of-concept example on some site, the '42.zip', should still be around. i won't upload it here, it definitely would annoy the staff.
Thanks guys, this was very helpful!
2. This was great and I think I finally understand a missing piece here in terms of visualizing how this actually works. The sandbox is not this "always on" thing at all times per se unless I open it, or something I forced to open it starts running. The force folder that I created, is just another folder like any other in terms of storage where I can put anything into that folder without running Sandboxie and it will stay there. It's only when something within the forced folder runs/is executed or tries to take any action starting from within the forced folder, that the sandbox is "forced" to start. It's at this point where the "auto delete" and "recovery" aspects come into play because anything that runs from within that "forced folder" and creates new files (i.e. a game creating a save file) will now "auto delete" the newly created files unless I "recover" the files to a specific location outside of the forced folder OR if I just close the sandbox and don't delete or recover anything, it will all still be there the next time I open the box.
I was worried because I kept thinking that the Sandbox would also delete the contents of the "forced folder" altogether, meaning all my games I put in there will be deleted too and I'd have to redownload or reunpack them, but it's only the files those games create that actually get deleted unless I recover them.
I do have one follow up question about this though. When you delete your box, but recover your save files outside the sandbox to the normal C drive users appdata roaming renpy location let's say, if you restart the game again now, will the recovered save files in the normal renpy save folder location also appear in the game you're running in the sandbox? Or will you have had to copy them from the drive location into the temporary sandboxie save folder instead before you run the game? Will Sandboxie pull those save files for you when you restart the game?
As Whereslucifer above pointed out, I realized the Sandboxie application storage is its own separate, but cloned or very similar in wording file path within the Sandboxie application folder and that is where the "box storage" comes into play. All of that will be deleted if I choose to delete or recovered outside the Sandboxie into the actual C drive folders if I choose recover instead. It's making more sense now after all of your additional explanations.
A VM is probably out of my tech related wheelhouse for now or maybe just too arduous, but if I ever build an even better computer, I might try one someday. And thanks, I found the right Sandboxie folder that I kept overlooking from this. It took some diving into the files, but I see just how Sandboxie made its own "users" file path and that was throwing me off when I was looking at the recovery and delete logs.I usually runs the AVN/games in Virtual Machine (VM) and/or sandboxie plus. For both, I have the VM's vNIC disabled, so no internet for that VM, unless I need to do update or other things. Otherwise the VM is 99.9 "OFFLINE". For Sandboxie Plus, I have it set not to enable internet. In this case, I am running the AVN/games in "OFFLINE"
I dont use Sandboxie Plus "file recovery" and "auto delete". However, I do manually zips my game saves and place it in another location after I completed the AVN/Game. Sometime, I just leave those saves and when there an update version of the AVN/game, it should pull the saves. If not, I copy the old save from other location and place it in the new location if there save path changes on the new AVN/game.
You are correct about where the APPDATA location. It will not be in your original Windows' profile location, it would be in the path you assigned/configured your sandboxie "box" location.
x:\("Assigned Name" sandboxie path location)\ should show one or more folder, one would be one would be "drive" other would be "user". APPDATA would be found in the "user" folder, you have to wiggle through it. For RPGM, it would more likely found in the "drive" folder. For UNITY, it would be more likely in "user" folder path as well.
Hopefully this help explains some of your questions.
Have a great day and be safe...
1. Yeah, that first part about just downloading and not double clicking to unzip and just being wary of the random executables people get from popups is helpful. There's a lot of that I see around here with people getting popups on Viking or Mixdrop or something, or their browsers are just flagging the whole host site as a potential avenue for malware, but none of those are the actual files linked here in 99% of the cases from what I could tell. I think windows AV scans everything I download, because one or two times it has auto deleted things on me that were likely false positives. But I always do a manual scan of everything I download afterwards anyway and then I unpack it using either winrar or 7zip. I know I could unpack them inside the forced folder, but that would probably trigger sandboxie being activated and then I'd probably have to go through the recovery menus, all of which I better understand now thanks to your comment at #2 as I explain below.
2. This was great and I think I finally understand a missing piece here in terms of visualizing how this actually works. The sandbox is not this "always on" thing at all times per se unless I open it, or something I forced to open it starts running. The force folder that I created, is just another folder like any other in terms of storage where I can put anything into that folder without running Sandboxie and it will stay there. It's only when something within the forced folder runs/is executed or tries to take any action starting from within the forced folder, that the sandbox is "forced" to start. It's at this point where the "auto delete" and "recovery" aspects come into play because anything that runs from within that "forced folder" and creates new files (i.e. a game creating a save file) will now "auto delete" the newly created files unless I "recover" the files to a specific location outside of the forced folder OR if I just close the sandbox and don't delete or recover anything, it will all still be there the next time I open the box.
I was worried because I kept thinking that the Sandbox would also delete the contents of the "forced folder" altogether, meaning all my games I put in there will be deleted too and I'd have to redownload or reunpack them, but it's only the files those games create that actually get deleted unless I recover them.
I do have one follow up question about this though. When you delete your box, but recover your save files outside the sandbox to the normal C drive users appdata roaming renpy location let's say, if you restart the game again now, will the recovered save files in the normal renpy save folder location also appear in the game you're running in the sandbox? Or will you have had to copy them from the drive location into the temporary sandboxie save folder instead before you run the game? Will Sandboxie pull those save files for you when you restart the game?
As Whereslucifer above pointed out, I realized the Sandboxie application storage is its own separate, but cloned or very similar in wording file path within the Sandboxie application folder and that is where the "box storage" comes into play. All of that will be deleted if I choose to delete or recovered outside the Sandboxie into the actual C drive folders if I choose recover instead. It's making more sense now after all of your additional explanations.
I thought about doing this once I understood the process better, but figured it would be kind of annoying with having to recover the whole game into a separate folder after unpacking it inside the box. If the process of downloading and unpacking is relatively safe still compared to running files, then I can see why most people don't have issues with just unpacking outside the box. You would also need 7-zip and Winrar or other unpackers/extractors to be able to run inside the box too, right? I think I saw that 7-zip has compatibility within the box in a Sandboxie settings menu.
ive been trying to understand the reasoning for enabling auto delete, but i still dont get the reasoning outlined in the main post. if something malicious would spread in the box wouldnt it also escape if you choose to recover the files, which in turn is more detrimental rather than just leaving them in the box?
Yes, I believe recovering files is always an additional risk. The thing is that many still want to recover their save files. If you did not have file recovery on and instead just had "auto delete" on by itself, then your saves and every other new file created in the box would be wiped each time you close the box. If you have file recovery on and auto delete, a file recovery menu will pop up where you can select just to recover your save files outside the box and delete everything else. Alternatively, you can close the box at that point and not delete and recover anything, which just leaves the box as is.
The thing that I'll leave other more tech savy people to answer is whether there have been incidents where the save files themselves have been corrupted. I do not believe there have been cases of infected save files specifically, at least in recent times from discussions on this forum, but anything is possible so always assume there's a risk recovering any files.
As I use sandboxie my personal plan is to just keep the box as is for a while, deleting everything in between sessions but not the save files. Then when I finish or stop playing any specific game completely, I'll recover the saves directly at that point in time.
Follow up question: Is "Windows Filtering Platform" equivalent (for internet blocking purposes) to the default internet blocking setting in Sandboxie plus?
I'm asking because currently I have one large game force folder for my sandbox with all Renpy, Unity, RPGM, and other games in there. Will Windows Filtering Platform be ok to block internet for Renpy/Unity and other games too, or should I make a separate box and use the other setting option for non-RPGM games?
I'm asking because currently I have one large game force folder for my sandbox with all Renpy, Unity, RPGM, and other games in there. Will Windows Filtering Platform be ok to block internet for Renpy/Unity and other games too, or should I make a separate box and use the other setting option for non-RPGM games?
Last edited:
Well I don't know about others but I am doing exactly this. I have one folder with all the games from here in it, and that folder is forced to be in the sandbox with Windows Filtering Platform, blocked internet, and no admin rights. I have different types of games that are in that folder like renpy, unity and rpgm games.
Last edited:
- Aug 11, 2019
- 1,099
- 2,863
- 438
Without going into detail, these two methods are quite equivalent. Windows Filtering Platform is suitable for any game, on any engine.
The reasons for creating several different sandboxes for different engines are slightly different: saves in different engines are stored in different folders, the settings for permitted access to folders differ between engines, and it is generally easier to separate malicious activity when you know where each engine stores its data. But none of this is mandatory.
So it is entirely possible to create a single sandbox with Windows Filtering Platform for all games, and it will work. Do whatever is most convenient for you.
Got it! Thanks! I was curious because I saw some comments on here like this https://f95zone.to/threads/recent-malware-infected-games.207437/post-18012325 alluding to certain circumstances where in fact WFP may not be as secure as the other no internet option on Sandboxie, but I might just test it out with the rpgm games I do play and go from there. So far the RPGM games I've tested, including newest ones like Unholy Maiden, haven't had any problems running on the default option for me.
- Aug 11, 2019
- 1,099
- 2,863
- 438
The ‘Block by denying access to Network devices’ option completely blocks network devices, preventing low-level access when malware is capable of forming network packets itself. So yes, it is more secure, although such a situation is certainly rare.
Most games that do not use nw.js in their engine (Renpy, Unity, UE, RPGM VX, etc.) work perfectly with this option. If nw.js is present (for example, RPGM MZ and MV), they will not work; they need a working local network infrastructure.
Therefore, if multiple sandboxes are not a problem for you, be sure to create a separate one for such games with the ‘Block by Windows Filtering Platform’ option. The rest with ‘Block by denying...’
- Oct 28, 2019
- 2,508
- 2,223
- 498
i found with those using nw.js, they would still run (windoze) as long as network capability exists, even if there is no physical connection.
haven't tried if deactivating/uninstalling network devices would cause trouble, but neither switching off my router, nor simply unplugging the network cable, did cause errors or crashes.
oh, right, i don't have any WLAN or other wireless network on any of my boxes, it's all wired, that's what made it easy to try out.
- Aug 11, 2019
- 1,099
- 2,863
- 438
It's not about the physical network interface or network card driver. It's about the working loopback (also known as localhost), which is always there and looped back to the current machine. Even if you don't have a network card, loopback works.
'Block by denying access to Network devices' also denies access to it, the application cannot even create a socket for any interfaces, and this leads to a failure.
'Block by Windows Filtering Platform' does not prohibit the creation of sockets, but only filters packets sent through sockets. I don't know the specific filtering principle, but it seems that everything inside the sandbox on the loopback interface works fine.
- Oct 28, 2019
- 2,508
- 2,223
- 498
After installing Sandboxie, I get a message from Windows that the driver SbieDrv.sys It does not have a digital signature.
And the sandbox is not working. How can I fix this issue?
And the sandbox is not working. How can I fix this issue?