SandBox - Test office malicious macro


  1. lco
    Posts : 3
    W10
       #1

    SandBox - Test office malicious macro


    Hello,

    I have installed win10 1903 + SandBox : working fine

    But : When I open my SandBox, environment is minimal. Only a W10 os.

    Is is possible from the SandBox to test a word (.doc, xls,... : office) document containing malicious macro? Do I have to install office on the host?

    Thanks
      My Computer


  2. Posts : 10,545
    Windows 10 Workstation x64
       #2

    You will need to install office in the sandbox first.
      My Computers


  3. lco
    Posts : 3
    W10
    Thread Starter
       #3

    z3r010 said:
    You will need to install office in the sandbox first.
    Thank you for your answer. I will give a try
    As installing OpenOffice in SandBox failed due to (Error 1935. probably failed VC++ component)

    Any good links or contacts to get latest informations for the SandBox? Most of the time it is always the same and very basic.
      My Computer


  4. Posts : 10,545
    Windows 10 Workstation x64
       #4

    You can make your own wsb config files to launch sandbox and install programs and tweak the settings at launch, Kari has made a tutorial explaining some of the options here - Windows Sandbox - How to configure in Windows 10
      My Computers


  5. Posts : 654
    Windows 10 Home
       #5

    lco said:
    Is is possible from the SandBox to test a word (.doc, xls,... : office) document containing malicious macro? Do I have to install office on the host?
    You can use Sandboxie for this.
    lco said:
    As installing OpenOffice in SandBox failed due to (Error 1935. probably failed VC++ component)

    Any good links or contacts to get latest informations for the SandBox? Most of the time it is always the same and very basic.
    You can test your files/documents by either installing OpenOffice in a sandbox or on the host. Your choice. And then, run the files sandboxed. I know OpenOffice installs easily in Sandboxie, so, either way, you ll find Sandboxie perfect for what you want.

    Just recently, the program became freeware. You can get the installer from here, read Download instructions before downloading.

    Sandboxie - Download the latest version of Sandboxie

    A few months ago I wrote this article on Sandboxie, if you are not familiar with the program, it ll give you a rough idea of what is about.

    ToolKit Item: Sandboxie by Guest Author Bo Elam – Win10.Guru

    Bo
      My Computer


  6. lco
    Posts : 3
    W10
    Thread Starter
       #6

    bo elam said:
    You can use Sandboxie for this.

    You can test your files/documents by either installing OpenOffice in a sandbox or on the host. Your choice. And then, run the files sandboxed. I know OpenOffice installs easily in Sandboxie, so, either way, you ll find Sandboxie perfect for what you want.

    Just recently, the program became freeware. You can get the installer from here, read Download instructions before downloading.

    Sandboxie - Download the latest version of Sandboxie

    A few months ago I wrote this article on Sandboxie, if you are not familiar with the program, it ll give you a rough idea of what is about.

    ToolKit Item: Sandboxie by Guest Author Bo Elam – Win10.Guru

    Bo
    Thank you Bo.
    It's just we were very interesting about native sandboxing.
    But for now it appears to me that it is features limited and poorly documented.

    Therefore, I will have to give a try to Sandboxie. Was it as secure as native sandboxing?

    Thank you for your answer.

    Kind regards
      My Computer


  7. Posts : 654
    Windows 10 Home
       #7

    lco said:
    Therefore, I will have to give a try to Sandboxie. Was it as secure as native sandboxing?

    Thank you for your answer.

    Kind regards
    You are welcome, Ico. Regarding your question, on paper, the Windows sandbox should be a notch or two harder to break than Sandboxie but the reality is that the Windows sandbox is not a ready yet program, and Sandboxie is tougher to break than anything that actually works well that's out there. In all the years I used Sandboxie, I never had any malware break out of the sandbox, and what I am going to tell you next is even more powerful than that, I never heard of any real malware out in the wild escaping the sandbox infecting Sandboxie users. None, ever.

    Sandboxies main protection is the sandbox. The role of the sandbox is to contain and isolate all activities that are carried on by programs that run in the sandbox. What programs do in the sandbox (changes), stays in the sandbox, sandboxed programs can not touch your system, registry, files or other programs. When you finish doing what you doing with the sandbox, you delete contents (automatically or manually).

    The protection of the sandbox is more than plenty. But Sandboxie gives you more, if you want more.

    I am going to use Open Office for an example of what you can do with Sandboxie, and how you can make things tougher for malware to break out of the sandbox.

    Sandboxie has settings for you to setup a dedicated sandbox for OpenOffice where only OpenOffice programs will be allowed to run. If anything other than this programs attempt to run, they will be blocked from running. Also, since OpenOffice dont need to access the internet to work properly, you can setup your OO sandbox so no programs can connect to the internet. No internet means, programs in the sandbox cant steal your files and phone home. If you run your computer as an Administrator (as I do), Sandboxie has a Drop rights setting that strips programs that run in the sandbox of administrative rights.

    One restriction on top of he other and all on top of the sandbox makes things very tough for malware to break out of the sandbox. Most of the time malware inside the sandbox wont even do anything, not even attempt to run.This restriction makes it more difficult for the malware to succeed in every step it takes to infect. By using the restrictions, malware will likely fail somewhere along the road.

    Sandboxie also gives you settings for you to block programs that run in the sandbox from accessing your personal and sensitive files. This settings are important for protecting your sensitive files from being stolen.

    Give Sandboxie a try. I ll give you a hand if you need one.

    Bo
    Last edited by bo elam; 04 Nov 2019 at 16:28.
      My Computer


  8. Posts : 18
    Windows 10 Pro/ Linux Mint/Manjaro
       #8

    You can also use a VM to run these tests.
    You can use Microsoft's own Hypervisor if you have Win 10 Pro or use the free Virtualbox. You can create multiple OS's across multiple platforms and test till your silly! It's safe and secure. Each Virtual Machine will keep the settings you used in the last session open or you can simply delete the VM and start over.
    Last edited by xrobwx; 08 Nov 2019 at 08:48. Reason: spellcheck
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 10:07.
Find Us




Windows 10 Forums