A sandbox is a secure, isolated and a tightly controlled environment where programs can be run and data can be protected. Sandboxes restrict what a piece of code can do, giving it just as many, permissions as it needs without adding additional permissions that could be abused.
Malware — short for malicious software — refers to various types of programs written with the purpose of gaining access to a computer for malicious intent, and often without the user’s knowledge. Malware comes in a variety of forms, such as viruses, spyware, adware, ransomware, and Trojans.There are a number of ways that your device can be infected with malware, but many times it comes from a malicious website, or open the attachment file from your email. By default, anything you download from a web browser will normally go to the %appdata% Downloads folder on your computer.
To prevent the malware from running in the first place, you can setup the sandbox with the policy which not allow the binaries inside the sandbox being launched for those folders where will store the malware, for example "C:\Users\Username\AppData\Local\Temp", "C:\Documents and Settings\ username \Local Settings\Temporary Internet Files". With the sandbox protection, you never have to worry about suspicious attachments or spear phishing attacks, you are safe to download the files from your web browser or you are safe to open your attachment from your email, because of the malware never be launched without your permission.
How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine? With EaseFilter Secure Sandbox protection, now you can restrict the permission of the untrusted programs running, prevent the programs from changing, deleting your data, or modifying your registry key. So you can safely test and try these untrusted programs and applications within Sandbox and prevent unauthorized changes to your underlying system that may occur.
The secure sandbox can setup a folder with secure access policies, it can encrypt your sensitive files inside the sandbox, prevent the files from being accessed or modified by unauthorized users or processes. It helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted processes. Secure folder access works by only allowing processes to access protected folders if the process is included on a list of trusted software. If a process isn't on the list, secure folder access will block it from making changes to files inside secure folders.
- Setup secure sandbox folder filter mask, i.e., c:\sandbox*, this is the folder which the executable binaries located.
- Allow the binaries being executed if you want to test the binaries, or disable the execution of the binaries to prevent the untrusted processes from running. For example, you can setup a sandbox for the download folder to prevent the untrusted download binaries from running.
- If you allow the binaries to run, you can also allow or deny the binaries to access or change the registries. To protect the registries being changed by the binaries, you can disable the registries changing feature.
- Setup the specific file access rights to different file folders for the process. By default, set the least access rights for all files to the process, then if you want to allow the process to access some specific folders, add these folders with specific rights to the process as the below image, allow the process with read access to the folder c:\windows, allow full rights access to the folder c:\mysandbox.
- Setup the sandbox for the protected folder, i.e., c:\protectedFolder*.
- Setup the default access rights to the protected folder, i.e., add the least access rights to the protected folder, it meant only the authorized processes can access the protected folder.
- Enable encryption for the protected folder, prevent the confidential files from being distributed to out of your company.
- Add authorized processes to the protected folder, i.e., the below image shows that all processes which were launched from c:\windows folder were authorized to read the sandbox.
Product Name | Description |
---|---|
Cloud File System SDK | EaseFilter Cloud File System SDK Introduction. |
CloudTier Storage Tiering SDK | EaseFilter Storage Tiering Filter Driver SDK Introduction. |
File Monitor SDK | EaseFilter File Monitor Filter Driver SDK Introduction. |
File Control SDK | EaseFilter File Control Filter Driver SDK Introduction. |
File Encryption SDK | EaseFilter Transparent File Encryption Filter Driver SDK Introduction. |
Registry Filter SDK | EaseFilter Registry Filter Driver SDK Introduction. |
Process Filter SDK | EaseFilter Process Filter Driver SDK Introduction. |
EaseFilter SDK Programming | EaseFilter Filter Driver SDK Programming. |
Sample Project | Description |
---|---|
CloudTier Storage Tiering Demo | A HSM File System Filter Driver Demo. |
CloudTier S3 Tiering Demo | CloudTier S3 Intelligent Tiering Demo. |
Cloud File DR S3 Demo | Cloud File DR S3 Demo. |
Amazon S3 File Explorer Demo | Amazon S3 File Explorer Demo. |
Auto File DRM Encryption | Auto file encryption with DRM data embedded. |
Transparent File Encrypt | Transparent on access file encryption. |
Secure File Sharing with DRM | Secure encrypted file sharing with digital rights management. |
File Monitor Example | Monitor file system I/O in real time, tracking file changes. |
File Protector Example | Prevent sensitive files from being accessed by unauthorized users or processes. |
FolderLocker Example | Lock file automatically in a FolderLocker. |
Process Monitor | Monitor the process creation and termination, block unauthorized process running. |
Registry Monitor | Monitor the Registry activities, block the modification of the Registry keys. |
Secure Sandbox Example | A secure sandbox example, block the processes accessing the files out of the box. |
FileSystemWatcher Example | File system watcher, logging the file I/O events. |
ZeroTrust Example | Zero trust file access control with encryption feature. |
- Understand MiniFilter Driver
- Understand File I/O
- Understand I/O Request Packets(IRPs)
- Filter Driver Developer Guide
- MiniFilter Filter Driver Framework
- Isolation Filter Driver
If you have questions or need help, please contact support@easefilter.com