Author Topic: Sandbox Q.  (Read 3657 times)

0 Members and 1 Guest are viewing this topic.

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Sandbox Q.
« on: March 07, 2011, 11:35:43 PM »
How do I view the sandbox contents?

If I Sandbox someapp.exe with Avast, and install it, will all traces of the install be gone after closing someapp.exe? IOW, does it work similarly to the program Sandboxie? Id it does then I wouldn't really need Sandboxie, well if I could get at the contents of the Sandbox Avast creates.
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67271
Re: Sandbox Q.
« Reply #1 on: March 08, 2011, 02:59:58 AM »
Yes, files used/changed by the sandboxed application should be gone.
But, not all of them, some browser files (and cache) are retained to speed up browsing.
You have a special button into settings to delete all the contents.
The best things in life are free.

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Sandbox Q.
« Reply #2 on: March 08, 2011, 03:18:30 PM »
Thanks.

Okay. I just found snx_lconfig.xml and changed HideTarget to 0, rebooted, and now the hidden sandbox cache folders are visible, and I've just applied the hidden attribute so I can get to them if needed. Now, just a couple more things:

I sandboxed and installed a small program, and during the install process the red border was visible around the installer windows. Before exiting, I checked the sandbox and found the files it installed, so that's a plus because I often retrieve files from unnecessary installers to use them as portable apps. Great so far. Closed the app and everything inside the randomly created folder disappeared from the sandbox. On that score, I would definitely like to be able to turn that behaviour on and off so that auto deleting of contents could be switched off temporarily....it would be very useful. But then there's this problem:

After using the sandbox once and it working, trying to install any other app (even the same one) does not work and it is not sandboxed (no red border) and checkings settings, apps aren't in the sandbox.

Also, why isn't the sandbox enabled in context menus for .msi extensions?
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: Sandbox Q.
« Reply #3 on: March 08, 2011, 03:38:00 PM »
I don't think that it is possible to install something in the Avast sandbox - thus no msi.
You can just run programs sandboxed.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Sandbox Q.
« Reply #4 on: March 08, 2011, 03:55:22 PM »
Could you explain a bit more? Sorry.

As I understand it (well, what I think seems to be the behaviour of any sandbox) when I select a file from the right-click context menu in Windows, and run it sandboxed, Avast intercepts it, and and recreates neccessary environment for the program or installer to function, but the environment is within the sandbox and doesn't actually touch your system. So registry entries are recreated in a hive file within the sandbox, for example. The complexities of how it all works I don't even pretend to begin to understand, but it's the way I get my head around it. Anyhow, if I run an exe installer package sandboxed, as I did, and installed to program files for example, the installer would not be able to determine that it wasn't actually installing to ?\program files within the sandbox. So when I open the sandbox I find the replicated folder structure, and the installation folders and files inside..as long as the program or installer is running. As soon as I exit the installer or program the sandbox is cleared, except the root folder for that sandbox instance. This is how it worked when I tried it...very similar to Sandboxie. So why wouldn't .msi installers work the same way?
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: Sandbox Q.
« Reply #5 on: March 08, 2011, 05:18:04 PM »
Okay,I do not have enough knowledge about the sandbox mode.
Ma knowledge was that installing something in the sandbox environment would just not be possible. I may be wrong.

So you will have to wait for someone more knowledgeable about this, sorry.

Hope help will be here soon.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67271
Re: Sandbox Q.
« Reply #6 on: March 08, 2011, 06:31:53 PM »
I often retrieve files from unnecessary installers to use them as portable apps.
Generally, programs that requires an installation won't run this way.
Otherwise, some of them allow direct extracting from the .exe file (I mean, unpack the .exe file like it was a .zip).

Also, why isn't the sandbox enabled in context menus for .msi extensions?
You can't install software within the sandbox.
The best things in life are free.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: Sandbox Q.
« Reply #7 on: March 08, 2011, 06:55:26 PM »
You can't install software within the sandbox.

 ;D

Good to hear that I was right...
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Sandbox Q.
« Reply #8 on: March 08, 2011, 08:15:10 PM »
I often retrieve files from unnecessary installers to use them as portable apps.
Generally, programs that requires an installation won't run this way.

Sorry, but I've been doing this for years. And in my experience, much software is packed with a totally unnecessary installer just so the user gets a few shortcuts on their start menu, or so that some rubbish toolbar can be offered on install.

Quote
Otherwise, some of them allow direct extracting from the .exe file (I mean, unpack the .exe file like it was a .zip).

Yes, you are right, some do, and then some don't. For the ones that can be upacked with tools like Universal Extractor et al. that's fine, but sometimes you get a bit of software which amounts to a help file and a single exe and there's no (simple way) to unpack it without installing it first.

Quote
You can't install software within the sandbox.

Well, sorry to contradict you, but that can't be correct, because I did exactly this today.

Filename 'AdvShortcutsCompInst.exe'. Ran it sandboxed with Avast, and after it installed the installer offered to run the app, which it did. Whilst the app was running the files and folder structure were visible in the sandbox,  and only after I'd closed the app did the sandbox contents get removed. So either I'm misunderstanding something or...
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Sandbox Q.
« Reply #9 on: March 08, 2011, 08:38:00 PM »
And some proof in the way of screen snaps.
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1353
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Sandbox Q.
« Reply #10 on: March 08, 2011, 09:09:27 PM »
As I understand it someapp.exe is a .Net application that uses isolated storage to create directories and files.

So it seems to me that if you are executing someapp.exe in the sandbox that the directories and files that it creates are isolated in the sandbox.  Therefore when you exit the sandbox nada with respect to the installation.


OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Sandbox Q.
« Reply #11 on: March 08, 2011, 09:26:37 PM »
So what's your point, Nesivos? The fact is, I already stated that (read above) that it installs in the sandbox, because that's exactly what it does, even if temporarily, and I clearly stated that it gets wiped afterwards, as soon as the app is closed. I wasn't making an issue of it, in any way. I thought I'd clear up that this can be done, because I was being told that it couldn't...and it clearly can.

 
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1353
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Sandbox Q.
« Reply #12 on: March 08, 2011, 09:35:55 PM »
How do I view the sandbox contents?

If I Sandbox someapp.exe with Avast, and install it, will all traces of the install be gone after closing someapp.exe?
IOW, does it work similarly to the program Sandboxie? Id it does then I wouldn't really need Sandboxie, well if I could get at the contents of the Sandbox Avast creates.

I was replying "probably yes" to your original question highlighted in red above.

That was my point.
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Sandbox Q.
« Reply #13 on: March 08, 2011, 09:43:21 PM »
Oops, sorry, Nesivos. Shouldn't have been so rude. Need to come down off my perch.

Anyhow, just used volume shadow copy to copy the sandbox, and opened the hive file inside. The registry structure is replicated, as I suspected it had to be.
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Sandbox Q.
« Reply #14 on: March 08, 2011, 11:06:38 PM »
To be honest, aside the sandboxing being a wee bit flaky still (not opening everything you select in a sandbox when it ought to) I think that the Avast sandbox feature has greater potential. I didn't think this when I first looked at it mind you. Aside it's obvious prophylactic abilities (when it works properly), it could be immensely more useful with a few more features. Well, in the ways I've described in fact. I can't see that it is actually that far off being a full featured sandboxing tool with Avast. It's more or less there, but for a few things, such as a simple way to explore the sandbox contents, and also to allow msi extensions, etc. I reiterate because 'dry run installs' are extremely useful security procedure; I've been doing this very thing for a long time! Before Sandboxie it would be in a VM with an install monitor. Before a true install you get to see what stuff an application is going to scatter around your hard drive and what rubbish it stuffs into your registry. It's a very thorough way of validating software. Granted, it isn't a something that all users would use, but for more advanced users perhaps more advanced features are in order? I hope the developers continue working on the sandboxing feature and add further functionality. As Avast is going off in different directions with tools like this I can't see going a bit further being a step too far.

Anyhow, thanks.
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.