blues Posted August 3, 2011 Report Share Posted August 3, 2011 I remember reading on this topic some years back but had a couple of questions about the interaction of Sandboxie and the Web Shield in the current version of OA (Free). First, does the Web Shield even work when a browser such as Firefox accesses the web under the supervision of Sandboxie? (If not, then I guess it would be okay to turn off that module.) Second question, in the free version of OA, if a url is listed as "Protected" in the domains list, does OA perform the DNS check? (Or is the DNS check limited to the paid versions of OA?) Lastly, with the free version of OA, if one ticks the option to "Ignore OA Domains List", what functions does Web Shield perform? (I imagine it could still block sites you enter in the Domains list, assuming that Web Shield works when the browser connects via Sandboxie.) Thanks in advance for your assistance. B) Link to comment Share on other sites More sharing options...
blues Posted August 4, 2011 Author Report Share Posted August 4, 2011 Anyone? Link to comment Share on other sites More sharing options...
catprincess Posted August 4, 2011 Report Share Posted August 4, 2011 First, does the Web Shield even work when a browser such as Firefox accesses the web under the supervision of Sandboxie? (If not, then I guess it would be okay to turn off that module.) It didn't used to work, but I don't know if it does now. Second question, in the free version of OA, if a url is listed as "Protected" in the domains list, does OA perform the DNS check? (Or is the DNS check limited to the paid versions of OA?) Yes, it should. You could test this by deleting your firewall rules for oaserv.exe, setting a site as Protected and then browsing to the site. OA uses oaserv.exe to perform the check so you should either get a prompt asking to allow it (or see it readded at the time if you have "Automatically allow trusted programs to access the internet" ticked). Lastly, with the free version of OA, if one ticks the option to "Ignore OA Domains List", what functions does Web Shield perform? (I imagine it could still block sites you enter in the Domains list, assuming that Web Shield works when the browser connects via Sandboxie.) The Web Shield performs the same functions (DNS Checking, BITS protection, ability to block connections to unwanted sites) regardless of whether this option is ticked. With the option ticked, you don't get popups for BITS job if the site is trusted on the internal list (not your personal list) of Trusted domains. Link to comment Share on other sites More sharing options...
blues Posted August 4, 2011 Author Report Share Posted August 4, 2011 Thanks, Cat, always the most gracious feline friend around. Do you know, perchance, how me might go about getting an answer (one way or another) to the first question (which you are uncertain about)? It would be very helpful to know. And, as always, many thanks to your for your time and help. Link to comment Share on other sites More sharing options...
catprincess Posted August 4, 2011 Report Share Posted August 4, 2011 Do you know, perchance, how me might go about getting an answer (one way or another) to the first question (which you are uncertain about)? You could try blocking a site (I usually use jigzone.com as an example; it's just an online puzzle site). Assuming you haven't previously visited the site and it's stored in temporary internet files that haven't yet been cleared, if you visit it, it should then be blocked. Just to note though, that there are other programs that will also prevent OA's Web Shield from working, such as Trusteer Rapport, and in the past, PrevX Safe Online. In case you may have such a program installed, it would be hard to tell if it was Sandboxie or one of these programs causing it not to work unless one was disabled. Link to comment Share on other sites More sharing options...
blues Posted August 4, 2011 Author Report Share Posted August 4, 2011 Now why didn't I think of that? (Sound of forehead being slapped.) Okay, I used your suggested site which I've never visited. Set it to block in "domains" and cleared all cache. Was able to connect multiple times after closing the browser and running CCleaner. So I guess that is at least some evidence of Web Shield not working with a sandboxed Firefox. (I don't use any of the other programs you referenced.) (Interesting that when I was still running OA Premium in "Banking Mode" I know that if I tried to connect to sites that weren't on my domains list I wouldn't be able to connect when connecting via Sandboxie.) Now, the next question would be whether Web Shield should be left activated if all browsing is done via Sandboxie? Link to comment Share on other sites More sharing options...
blues Posted August 4, 2011 Author Report Share Posted August 4, 2011 Just for the record, I verified that OA blocked connection with the website when the browser (firefox) was opened outside the sandbox. So, would we gain anything (resources, prevent potential conflict etc) by just deactivating Web Shield when accessing the web via Sandboxie? (I am running the latest beta of OA Free on Win XP Pro SP3) Link to comment Share on other sites More sharing options...
catprincess Posted August 4, 2011 Report Share Posted August 4, 2011 (Interesting that when I was still running OA Premium in "Banking Mode" I know that if I tried to connect to sites that weren't on my domains list I wouldn't be able to connect when connecting via Sandboxie.) Banking Mode functions independently to Web Shield. It uses the Domains list, but it's not reliant on Web Shield even being enabled. So, would we gain anything (resources, prevent potential conflict etc) by just deactivating Web Shield when accessing the web via Sandboxie? Possibly. For those who use Sandboxie, there is likely nothing to lose by disabling it in any case since it's unable to work inside a sandbox (I suspected it wasn't but hadn't heard recent comments on it). Link to comment Share on other sites More sharing options...
blues Posted August 4, 2011 Author Report Share Posted August 4, 2011 And I am, as always, in your debt for your assistance CP. (I've alerted Fabian to this discussion via a link in the "beta" thread. Perhaps he'll have some comments.) Link to comment Share on other sites More sharing options...
Fabian Wosar Posted August 5, 2011 Report Share Posted August 5, 2011 Sandboxie prevents Online Armor from placing certain vital hooks required to perform content filtering. I don't see any short term way to fix it on our end without breaking Sandboxie though. You may want to file a support request with Tzuk to get this issue fixed. Link to comment Share on other sites More sharing options...
blues Posted August 5, 2011 Author Report Share Posted August 5, 2011 Thanks, Fabian. I do have a thread open over there...either way, OA & Sandboxie are two of my "cornerstone" apps. For now I have "Web Shield" disabled to save on resources and potential conflicts. If Tzuk comes up with a solution, all the better. Thanks again. Link to comment Share on other sites More sharing options...
stapp Posted August 5, 2011 Report Share Posted August 5, 2011 Although not directly concerning webshield it does relate to OA and sandboxie. At one time if you ran your browser Sandboxed and with OA 'run safer' enabled, the OA green border would not show, and in Process Explorer under the security tab of your browser properties, it would only show 'owner' under BUILTIN\administrators. Now green border shows, and PE shows 'owner,deny' when sandboxed browser is 'run safer' Link to comment Share on other sites More sharing options...
Recommended Posts