sandboxie + antivirus = extremely poor performance

[boldcompany]

Obviously (and per the Sandboxie documentation), a user would want to run antivirus on the system where Sandboxie is running.

When running applications sandboxed on a system with high-quality antivirus, the performance of the applications becomes as low as 5-10% of the normal (unsandboxed) performance of the same applications on the same system. When the applications are run sandboxed, the Sandboxie Service will utilize CPU, and then processes related to the antivirus tool will spike. Even on a high-performance machine, this state causes the sandboxed applications themselves to work very slowly. Clicking an interface element (which would normally be instantaneous) might take 20-30 seconds or more to elicit a response.

Having to wait several minutes for frozen interfaces to lurch through their tasks makes Sandboxie practically unuseable except for limited testing purposes. Is there a general recommended configuration for use with antivirus (such as instructing the antivirus to ignore certain folders/processes, etc.)? The preference would be settings for maximum security along with usable performance.

[NewKidOnTheBlock]

high-quality antivirus

...like in high-quality snakeoil? How do you determine which snakeoil is "high-quality" and which is not?

And: How do you expect anybody to reproduce your issue if you leave out all the details?

[boldcompany]

Hello NewKid,

If you work in software development and integration of antivirus technologies, you're familiar with performant benchmarking of the tools. There are numerous resources available to review the ability of each to detect and mitigate malware propagation.

Please note that Sandboxie's documentation itself advises the use of antivirus on systems where Sandboxie is deployed.

When testing Sandboxie with various high-quality antivirus tools (meaning: they perform realtime system scanning and adaptive threat recognition), Sandboxie's behavior combined with the tools' processes causes extreme performance loss. Given that Sandboxie is intended to run alongside antivirus, it seems there might be some recommended best practices for configuring Sandboxie alongside such tools. Many of the leading tools operate in a similar fashion, so it would be helpful to receive general advice on what might be whitelisted or excluded to increase performance.

[silvestron]

high-quality antivirus

That is a marketing statement.

Given that Sandboxie is intended to run alongside antivirus, it seems there might be some recommended best practices for configuring Sandboxie alongside such tools. Many of the leading tools operate in a similar fashion, so it would be helpful to receive general advice on what might be whitelisted or excluded to increase performance.

Sandboxie already does that by default for many programs, antivirus or not. You can take a look at the app templates in the sandbox settings to see if there's any for your antivirus. The templates are in a file called Templates.ini located inside your Sandboxie installation if you wanted to inspect them.

[boldcompany]

high-quality antivirus

That is a marketing statement.

Not quite understanding the antagonism against anti-malware solutions here. Have you worked on antivirus integrations? Engineers build quality implementations that offer high system performance and excellent threat recognition, and alternatively there are poorly written, inefficient kludges that fail to detect above 50% of common threats but somehow manage to be sold commercially. Indeed, there are "high-quality antivirus" solutions vs. the lesser options.

Aside from that, thank you very much for pointing out the Templates.ini file. It's very helpful re: Sandboxie config, and the time you took to help out is appreciated.

It would still be helpful to gain more understanding of specifically how antivirus solutions themselves should generally be configured to avoid low-performance conflicts with Sandboxie. For example, which files/folders are generally recommended to be whitelisted/ignored by the antivirus, if any? Just a few best practices would be useful.

[silvestron]

Not quite understanding the antagonism against anti-malware solutions here.

I don't think the issue is anti-malware software, Sandboxie itself is part of that category, but rather the "high quality" thing. Just until a few months ago there was the running joke about Sandboxie being flagged as malware because it was signed with a leaked certificate.

[isaak654]

It would still be helpful to gain more understanding of specifically how antivirus solutions themselves should generally be configured to avoid low-performance conflicts with Sandboxie. For example, which files/folders are generally recommended to be whitelisted/ignored by the antivirus, if any? Just a few best practices would be useful.

You can take look at this discussion in the archived sandboxie forum, there are a lot of details & user reports: https://sandboxie-website-archive.github.io/www.sandboxie.com/old-forums/viewtopica726a726.html?f=11&t=21539

If you're interested, there is a github version of the docs here: https://github.com/sandboxie-plus/sandboxie-docs/blob/main/Content/SandboxieKnownConflicts.md

[bjm234]

FWIW ~ I've run Sandboxie + Norton .....long time. Years back Sandboxie would not tolerate Norton browser extension. I exclude Sandboxie-Plus folder. I've not had a reason to question my setup....long time. Just me. Just saying. Regards w Respect

[DavidXanatos]

There are really no more advices to give no folders to exclude or alike. The issues can arise from multiple security tools sandboxie + something else trying to hook the same functions in the processes.