blues

Web Shield & Sandboxie - A Couple Of Questions

Recommended Posts

I remember reading on this topic some years back but had a couple of questions about the interaction of Sandboxie and the Web Shield in the current version of OA (Free).

First, does the Web Shield even work when a browser such as Firefox accesses the web under the supervision of Sandboxie?

(If not, then I guess it would be okay to turn off that module.)

Second question, in the free version of OA, if a url is listed as "Protected" in the domains list, does OA perform the DNS check?

(Or is the DNS check limited to the paid versions of OA?)

Lastly, with the free version of OA, if one ticks the option to "Ignore OA Domains List", what functions does Web Shield perform?

(I imagine it could still block sites you enter in the Domains list, assuming that Web Shield works when the browser connects via Sandboxie.)

Thanks in advance for your assistance. B)

Share this post


Link to post
Share on other sites

First, does the Web Shield even work when a browser such as Firefox accesses the web under the supervision of Sandboxie?

(If not, then I guess it would be okay to turn off that module.)

It didn't used to work, but I don't know if it does now.

Second question, in the free version of OA, if a url is listed as "Protected" in the domains list, does OA perform the DNS check?

(Or is the DNS check limited to the paid versions of OA?)

Yes, it should. You could test this by deleting your firewall rules for oaserv.exe, setting a site as Protected and then browsing to the site. OA uses oaserv.exe to perform the check so you should either get a prompt asking to allow it (or see it readded at the time if you have "Automatically allow trusted programs to access the internet" ticked).

Lastly, with the free version of OA, if one ticks the option to "Ignore OA Domains List", what functions does Web Shield perform?

(I imagine it could still block sites you enter in the Domains list, assuming that Web Shield works when the browser connects via Sandboxie.)

The Web Shield performs the same functions (DNS Checking, BITS protection, ability to block connections to unwanted sites) regardless of whether this option is ticked. With the option ticked, you don't get popups for BITS job if the site is trusted on the internal list (not your personal list) of Trusted domains.

Share this post


Link to post
Share on other sites

Thanks, Cat, always the most gracious feline friend around.

Do you know, perchance, how me might go about getting an answer (one way or another) to the first question (which you are uncertain about)?

It would be very helpful to know.

And, as always, many thanks to your for your time and help.

Share this post


Link to post
Share on other sites

Do you know, perchance, how me might go about getting an answer (one way or another) to the first question (which you are uncertain about)?

You could try blocking a site (I usually use jigzone.com as an example; it's just an online puzzle site). Assuming you haven't previously visited the site and it's stored in temporary internet files that haven't yet been cleared, if you visit it, it should then be blocked.

Just to note though, that there are other programs that will also prevent OA's Web Shield from working, such as Trusteer Rapport, and in the past, PrevX Safe Online. In case you may have such a program installed, it would be hard to tell if it was Sandboxie or one of these programs causing it not to work unless one was disabled.

Share this post


Link to post
Share on other sites

Now why didn't I think of that? (Sound of forehead being slapped.)

Okay, I used your suggested site which I've never visited. Set it to block in "domains" and cleared all cache.

Was able to connect multiple times after closing the browser and running CCleaner. So I guess that is at least some evidence of Web Shield not working with a sandboxed Firefox.

(I don't use any of the other programs you referenced.)

(Interesting that when I was still running OA Premium in "Banking Mode" I know that if I tried to connect to sites that weren't on my domains list I wouldn't be able to connect when connecting via Sandboxie.)

Now, the next question would be whether Web Shield should be left activated if all browsing is done via Sandboxie?

Share this post


Link to post
Share on other sites

Just for the record, I verified that OA blocked connection with the website when the browser (firefox) was opened outside the sandbox.

So, would we gain anything (resources, prevent potential conflict etc) by just deactivating Web Shield when accessing the web via Sandboxie?

(I am running the latest beta of OA Free on Win XP Pro SP3)

Share this post


Link to post
Share on other sites

(Interesting that when I was still running OA Premium in "Banking Mode" I know that if I tried to connect to sites that weren't on my domains list I wouldn't be able to connect when connecting via Sandboxie.)

Banking Mode functions independently to Web Shield. It uses the Domains list, but it's not reliant on Web Shield even being enabled.

So, would we gain anything (resources, prevent potential conflict etc) by just deactivating Web Shield when accessing the web via Sandboxie?

Possibly. For those who use Sandboxie, there is likely nothing to lose by disabling it in any case since it's unable to work inside a sandbox (I suspected it wasn't but hadn't heard recent comments on it).

Share this post


Link to post
Share on other sites

And I am, as always, in your debt for your assistance CP. (I've alerted Fabian to this discussion via a link in the "beta" thread. Perhaps he'll have some comments.)

Share this post


Link to post
Share on other sites

Sandboxie prevents Online Armor from placing certain vital hooks required to perform content filtering. I don't see any short term way to fix it on our end without breaking Sandboxie though. You may want to file a support request with Tzuk to get this issue fixed.

Share this post


Link to post
Share on other sites

Thanks, Fabian. I do have a thread open over there...either way, OA & Sandboxie are two of my "cornerstone" apps.

For now I have "Web Shield" disabled to save on resources and potential conflicts. If Tzuk comes up with a solution, all the better.

Thanks again.

Share this post


Link to post
Share on other sites

Although not directly concerning webshield it does relate to OA and sandboxie.

At one time if you ran your browser Sandboxed and with OA 'run safer' enabled, the OA green border would not show, and in Process Explorer under the security tab of your browser properties, it would only show 'owner' under BUILTIN\administrators. Now green border shows, and PE shows 'owner,deny' when sandboxed browser is 'run safer'

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.