QUESTION: MS Word 2013 - Possible to run PORTABLE + SANDBOXED? Solved

Page 3 of 3 FirstFirst 123
  1.    11 Dec 2018 #21

    Dear Members:

    FYI: I have annotated #Bo.Elam notes to improve visual acuity to facilitate my study and implementation.
    I hope these may proves helpful to anyone else interested in these excellent recommendations and instructions from Bo.

    Positively,~ Alan

    P.S. Please forgive excess vertical spacing between paragraphs... does NOT provide WYSWYG formatting control.



    QUESTION: MS Word 2013 - Possible to run PORTABLE + SANDBOXED?

    Post - ab1kenobee 27 Jun 2018 at 03:23 PM

    • Would it be possible to provide explicit instructions as a reference...
    • How to create a dedicated sandbox for Libre


    Post - bo.elam 27 Jun 2018 at 09:59 PM [annotated by AB]

    • To create a new sandbox
    • go to Sandboxie control>Sandbox>Create new sandbox >
    • in the screen that opens... option to name the new sandbox as you wish.
    • Since this sandbox is going to be your dedicated Libre Office sandbox, name it Libre.
    • You also have the option to either copy settings from existing sandboxes or not to >
    • choose None.



    • The sandbox you created comes with default settings.
    • In a default settings sandbox, all programs that attempt to start and run in the sandbox can run... can have access to the internet... have access to all files and folders in your system.



    • Next step is to restrict what programs are allowed to do in the sandbox.
    • ... new sandbox restrict it as tight as possible without losing any usability... I try to achieve a balance between usability and security and always get it done.
    • So, in the end, I am always able to run programs in the sandbox same as if I was not using Sandboxie... If you set a sandbox correctly, the interaction between sandboxed programs and the non sandboxed environment should be flawless.


    Libre is:

    • very easy to setup to run properly in the sandboxed environment.
    • With a few changes to default settings you can set a very secure sandbox for Libre without losing usability.



    1. Make soffice.bin a Forced program.

    • ... any Office file that runs in the system, will run sandboxed automatically in the Libre Office.
    • It makes sandboxing automatic
    • No thinking required to sandbox files.



    • go to Sandbox settings in your Libre Office sandbox >
    • Sandbox settings>Program Start>Forced programs >
    • click Add program >
    • ... navigate to soffice.bin
    • ... select it and add it >
    • or you can write it in the block there for that purpose.



    2. In this step, you restrict programs that can run.

    • Once you add programs in this restriction tab, this will be the only programs allowed to run in the Libre sandbox.
    • Any other program that attempts to run, it will be blocked.


    For Calc, Writer, Impress, etc, to run in the sandbox, allow:

    • soffice.bin
    • soffice.exe
    • dllhost.exe



    • You really dont have to allow dllhost but for a more seamless interaction between SBIE and the non sandboxed system I recommend you allow it to run.


    So, go here to add the [3] exes I wrote above:

    • Sandbox settings>Restrictions>Start/Run access
    • click Add program
    • select [3] exes



    3. Internet access.
    Since you don't need Office files to have access to the internet and Libre doesnt require it to work properly, for security

    • disallow all programs from having access to the internet.


    • Sandbox settings>Restrictions>Internet access
    • click Block all programs
    • Once you do this, there is no phoning home.



    4. Drop rights. This setting is helpful if you run your system as an Administrator. I do, so I use it.

    • This setting strips Administrator rights from programs running in this sandbox.
    • So, if something malicious gets to run, it can't install anything in the sandboxed environment.
    • Sandbox settings>Restrictions>Drop rights
    • click this option.


    5. Another important setting you want to implement are the ones that help you protect your sensitive files and folders from being stolen.

    • Remember, by default, sandboxed programs can read all files and programs that are in the system.
    • So, you want to block sandboxed programs from accessing your sensitive files and folders.
    • We already disallowed all programs:
      • that run in the Libre sandbox from having internet access
      • restricted to a few the programs allowed to run
      • so even if your personal files and folders are accessed, the chances an infected Office file steals your files and phone home are close to none.

    • But even so, this is a great setting that keeps your files from getting stolen.
      • This setting is more important in sandboxes where you allow access to the internet, like your browsers sandboxes.


    To restrict access to files and folders, go here:


    Sandbox settings>Resource access>File access>Blocked access

    • click Add for navigating to select the files and folders you like to block sandboxed programs from having access/read.



    There are other setting related to access but you can start with the one above.


    6. Set the sandbox to delete on closing sandboxed programs.

    • Sandbox settings>Delete>Delete Invocation
    • tick Automatically delete contents of the sandbox



    7. Saving files you create or Edit in the sandbox.

    • For convenience, you want to be able to save files.
    • ... when you delete contents of the sandbox, the only changes that will survive deletion made by sandboxed programs of the sandbox are the ones you allow.
    • Like for example, an edit you do to an Excel file...
      • if you would like to save that change, you save it.
      • If you dont want to save the change, you dont save it when you get the SBIE prompt to do it after you close sandboxed programs.



    • In my case, I only save Office files to the desktop. So I add Desktop in the tab below.
      • Sandboxie will save files only to the folders you add in Quick recovery:
      • Sandbox settings>Recovery>Quick recovery




    Thank you again, #bo.elam !
      My ComputerSystem Spec

  2.    13 Dec 2018 #22

    ab1kenobee said: View Post
    Thank you again, #bo.elam !
    I am glad to help, Allan. You are very much welcome. By the way, I read your posts at the SBIE forum .

    Bo
      My ComputerSystem Spec

  3.    13 Dec 2018 #23

    bo elam said: View Post
    I am glad to help, Allan. You are very much welcome. By the way, I read your posts at the SBIE forum .

    Yep... just following your good example! LOL

    ~ Alan




    ALSO... How to give notice with @bo.elam at SBIE?
      My ComputerSystem Spec

  4.    13 Dec 2018 #24

    ab1kenobee said: View Post
    ALSO... How to give notice with @bo.elam at SBIE?
    What you mean?

    Bo
      My ComputerSystem Spec

  5.    13 Dec 2018 #25

    bo elam said: View Post
    What you mean?

    Does SBIE have an @ notification capability (e.g. @bo.elam)?
      My ComputerSystem Spec

  6.    13 Dec 2018 #26

    ab1kenobee said: View Post
    Does SBIE have an @ notification capability (e.g. @bo.elam)?
    Alan, I don think it does. I just looked at Notification and Subscribe settings at the SBIE forum and the closest option would be to add someone as friend. I never used any of this options so I am not familiar with what you get when you add someone as friend. The information about adding someone as friend doesnt mention that you ll get email notification. So, I dont know.

    Bo
    Last edited by bo elam; 13 Dec 2018 at 16:02.
      My ComputerSystem Spec

  7.    14 Dec 2018 #27

    bo elam said: View Post
    Alan, I don think it does. I just looked at Notification and Subscribe settings at the SBIE forum and the closest option would be to add someone as friend. I never used any of this options so I am not familiar with what you get when you add someone as friend. The information about adding someone as friend doesnt mention that you ll get email notification. So, I dont know.

    #bo.elam: I asked because I could not find it either... even doing a forum search for: "#" ... NO RESULTS.

    Our findings concur... so now we know.

    THX. ~ Alan
      My ComputerSystem Spec


 
Page 3 of 3 FirstFirst 123

Related Threads
Hello MiniTool Power Users: I am coming to this forum because MINITOOL TECH SUPPORT is UNRESPONSIVE after (7) email requests for support to a simple question: Would you please provide clear INSTRUCTIONS guiding HOW **to store the portable...
I believe I have everything set up correctly to track changes, but no additions or deletions show up. Comments do work. I wanted additions to appear in the text in color and deletions to appear in the righthand margin. I selected the following:...
Hello, I have a problem. I bought a new laptop and the font is quite different to the font I use on my windows 8. Please can someone help me to fix this problem? Here's the right font. http://i.imgur.com/zWYDwoK.jpg My font now in...
Office 2013 patch KB 3114717 freezes 32-bit Word 2013 on Win 7, 8.1, 10 There are reports of the patch causing similar lockup problems with Excel 2013 and Outlook 2013 Read more:...
OK so I have Word 2013 installed and I want it to be the HTML editor in IE 11 . The Internet Options page for HTML editing on my PC only allows me to choose Notepad. How do I add to the drop down menu WORD or is this desired configuration set...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:46.
Find Us