Today there’s nothing easier than finding software. Even better, most of it is available for free! Sometimes there’s a catch, though: it’s not always safe.
Obscure pop-ups might start showing up after running an executable downloaded from an untrusted source. A mail might hit your Inbox extorting you about “those photos”. Your data might be in peril. Thankfully, there’s a way to avoid such mishaps: sandboxing.
With an app like Sandboxie Plus, you can create secure sandboxes for testing anything you download. So, let’s see how you can create and use such secure “boxes” for testing your software with Sandboxie Plus.
How to Create a Secure Software-Testing Sandbox With Sandboxie Plus
We’ve already covered why installing an antivirus suite isn’t enough. Sandboxie Plus can be a much-needed extra tool in your arsenal to keep your data secure. As with most third-party software, the first step to using it is grabbing Sandboxie Plus from its official download page and installing it.
There are two versions available, Sandboxie Classic and Sandboxie Plus. Although they offer almost identical functionality, the Plus variant is the more modern. So, that’s what we’ll be using in this tutorial.
Since it also installs some low-level components, you might have to restart your PC before using Sandboxie Plus.
With Sandboxie Plus installed and running, expand the Windows tray to locate its icon and double-click on it to access its window. You’ll find Sandboxie comes with a predefined default sandbox, unconventionally named DefaultBox.
We believe it’s better to use separate sandboxes for different purposes. Sandboxes are configured according to your own preferences and demands. Plus, tinkering with software to make it work as you like is always fun!
So, to create a new sandbox with Sandboxie Plus:
- Click on the Sandbox menu and choose Create New Box.
- You can choose a Box Type Preset from the drop-down menu, but some are restricted to the paid tier of the app. Since we’ll see how you can configure the most important parameters, go for the Standard Isolation Sandbox (Default) as your template. You should type a little something, though, under Sandbox Name, to separate this sandbox from the default one – or the ones that will follow.
- That was it! You can now start running apps inside your new sandbox. However, although it will be separate from the predefined DefaultBox, it won’t act differently. At least, not yet. For that, you’ll have to dive into its options: right-click on your new sandbox in Sandboxie Plus’ main list and choose Sandbox Options from the menu.
Although it’s worth checking out all options, let’s go over the most important ones that have the most significant impact on how your sandbox will work.
How to Render Sandboxed Software Distinct
Sandboxie Plus allows some visual customization for all sandboxed apps. This helps tell them apart from software running “normally,” as in, outside the sandbox.
- From the General Options > Box Options, choose if you’d like a textual indicator to appear on each sandboxed app’s title bar. You can choose from a “#” character, the sandbox’s name, or leave the title bar untouched.
- Next, from the Sandboxed window border pull-down menu, you can choose to add a colored border around the windows of all sandboxed apps. You can set it to always be visible or only to show up when a window is active.
- Try clicking on the little colored box among the rest of the border-related options, and you’ll see a new window appear. It will offer a range of color controls for choosing the color you want to use on your sandboxed apps’ borders. When done, you can also tweak the border’s width if you like.
Note: Although you can, we suggest you don’t turn off both the title indicator and the borders for sandboxed apps. If you do that, their windows will be indistinguishable from “normally-running” apps.
How to Perform Auto File Migration & Deletion
The next options you should tweak can be found in the same General Options group, under the File Options tab. They’re the ones under File Migration and Box Delete options. However, we can’t suggest specific values since they vary depending on what you plan to run in the sandbox. Instead, we’ll explain their purpose, so you can tweak them as you see fit.
File Migration
The sandbox you’re configuring is the equivalent of an enclosed virtual space within the operating system. To ensure it’s secure, Sandboxie limits “the interactions” of anything running within it with anything outside the sandbox.
One of the ways Sandboxie achieves this is by copying within the sandbox any file a sandboxed app needs to access. Have you got a My_Notes.doc file within your Documents folder but are trying to access it from a sandboxed app? Sandboxie will automatically clone the file within the sandbox.
If you try to access a large file, like a multi-gigabyte DVD backup in ISO format, Sandboxie will throw an “SBIE2102” error. The sandboxed app trying to access the file will find it’s “unavailable”, and probably fail.
So, you should set this value high enough to account for the types of files you want accessible from the sandboxed apps to avoid such errors. However, you also don’t want to set it too high since it’s easy for Sandboxie to start cloning anything you try to access. This can lead to a massive sandbox of redundant files.
Leaving Prompt user for large file migration enabled is a nice middle-ground. Still, it can get annoying depending on the type of work you’ll be performing from within the sandbox. As it states, it allows Sandboxie to prompt you whenever it has to clone a file that’s larger than what you defined in the Copy file size limit setting.
This also means you’ll have to acknowledge a prompt whenever a large file is accessed. Depending on how many large files you’ll be working with, this can lead to an annoying shower of prompts. In such scenarios, it’s better to return to this page and increase the Copy file size limit.
Delete-Related Automation
Under the next section of the same tab, Box Delete options, you can add some deletion-related automation to your sandbox. Thankfully, those options are somewhat self-explanatory, so we won’t have to expand on them.
The first is Auto delete content when last sandboxed process terminates. Enabling it ensures that after you close (“terminate”) the last active app in the sandbox, Sandboxie will automatically delete its contents.
The second, Protect this sandbox from deletion or emptying, ensures your sandbox will remain unscathed if you absent-mindedly try to delete it or empty any files created within it. That’s useful if you want to keep using the sandboxed apps, but always from within your secure sandbox.
Remember, though, that Sandboxie Plus is not an antivirus. It’s an extra layer of security for dealing with suspect files. Always ensure to, at the very least, scan your files or folders with Windows’ built-in Microsoft Defender as we saw in the past. And if something manages to slip through the cracks, check our guide on how to tell if your computer has a virus.
Using the Transparent File Recovery
You might be using sandboxing software to keep some apps within a digital cell, but that doesn’t mean you also want to keep the results of your work with them “jailed”.
If, for example, you write a document using a sandboxed text editor, you’d probably want to take it outside the sandbox. You can do that manually, using a file manager to locate your files and copy or move them elsewhere. But you can also automate the process.
Choose File Recovery from the list on the left of the Sandboxie Plus’ Options window, and ensure the single option at the top is enabled (“Enable Immediate Recovery (…)“). Sandboxie Plus will automatically check the sandboxed versions of the folders in the list under that option for new content as soon as it’s created and prompt to “recover it” (AKA: copy it outside the sandbox).
You can use the buttons on the right of the list to add more folders to this list, ignore some folders or file extensions, or remove some from the list.
How to Restrict Access in Sandboxie Plus
If you want to restrict network access for the apps within your sandbox, visit Access Restrictions in the General Options group. Ensure both options under Network Restrictions are enabled to prevent apps from tinkering with your network and firewall settings, or accessing network files and folders.
For fully offline apps, you can get an extra layer of security with the options found in the Internet Restrictions group. We won’t go over them since they, too, are self-explanatory. In short, from there, you can choose if sandboxed apps will:
- Be allowed to go online, or…
- If Sandboxie will have them believe they’re running on a computer without Internet access.
Remember that Sandboxie Plus only works “locally” on the PC where you’re running it. If using network-accessible storage, make sure also to check our list of the most important things you must do to secure your NAS.
Staying Safe With Sandboxie Plus
With everything configured, click OK to close Sandboxie Plus’ Options window. Then, also close its main window – you don’t need to keep Sandboxie Plus on the screen to use it.
Right-click on a file you’d like to open in your newly set up sandbox. If on Windows 11, this is the point where you’ll have to choose the Show more options entry from the menu that shows up.
Then, select the option that up to Windows 10 is directly available without that step: Run Sandboxed.
Sandboxie Plus will ask you which sandbox you’d like to open the file with. Choose the one you’ve created, and soon you’ll see the results on your screen.
Note that you can also “open” non-executable files in a sandbox the same way. “Files” like images, documents, etc. However, Sandboxie Plus will automatically create sandboxed versions of the software needed to access those files. So, if you’re trying to open a PSD in a sandbox, Sandboxie will clone almost the whole image-editing app with which you usually open such files.
When done, you can leave your sandbox as is. If you’re never planning to repeat the same process, there’s no reason to keep the sandbox’s files. Even if you didn’t set it to delete its content automatically, you can “empty it” manually:
- Right-click on Sandboxie Plus’ tray icon.
- Right-click on your sandbox’s entry that shows up in the menu.
- Choose Delete Content
As a next step, you can create multiple sandboxes for different usage scenarios. Each may allow or deny local or Internet access, automatically restore or delete newly created files, etc. What they’ll all have in common is how they’ll act as an extra protective layer for the operating system and your precious data, next to your firewall and antivirus.
Making Sandboxes Easier With Sandboxie Plus
While a sandbox isn’t the perfect security tool, it does make downloading risky files a lot safer if you know what you’re doing. Now you know how to use Sandboxie Plus, and how to move files and folders between it and your “real” PC.
Read Next
About The Author
