Trust No Program

Closed File Path


ClosedFilePath is a sandbox setting in Sandboxie Ini. It specifies path patterns for which Sandboxie will deny all access by sandboxed progams, including read access. This setting essentially blocks files and folders from being accessed by sandboxed programs.

Shell Folders may be specified. Program Name Prefix may be specified.

Example: 

   .
   .
   .
   [DefaultBox]
   ClosedFilePath=!iexplore.exe,%Cookies%
   ClosedFilePath=%Personal%
			
   ClosedFilePath=!iexplore.exe,\Device\RawIp
   ClosedFilePath=!iexplore.exe,\Device\Ip*
   ClosedFilePath=!iexplore.exe,\Device\Tcp*
   ClosedFilePath=!iexplore.exe,\Device\Afd*

The example blocks any program other than Internet Explorer (iexplore.exe) from accessing the folder containing downloaded Internet cookies for the active user account. This would block any downloaded malicious software from spying on cookies.

(Note that this does not stop browser extensions, like add-on toolbars, from looking into the Cookies folder, because these extensions execute inside the Internet Explorer program process.)

The second example shows how to configure Sandboxie to block sandboxed programs from accessing the My Documents folder.

The value specified for ClosedFilePath can include wildcards. For more information on this, including examples that show the use of wildcards, see OpenFilePath.

The third example (spanning four lines) disables Internet access within a sandbox except for Internet Explorer (iexplore.exe). See also Sandbox Settings > Restrictions > Internet Access.

Note: Unlike the corresponding OpenFilePath setting, the ClosedFilePath settings always applies to sandboxed programs, whether the program executable file resides within the sandbox, or out of it.

Related Sandboxie Control setting: Sandbox Settings > Resource Access > File Access > Blocked Access

Jump to
Sandboxie Ini
setting:

Global Settings:

ByteOrderMark

AlertProcess

ForceDisableSeconds
ForceDisableAdminOnly

EditAdminOnly
EditPassword
MonitorAdminOnly

ActivationPrompt

Enabled

FileRootPath
IpcRootPath
KeyRootPath

AutoDelete
NeverDelete
DeleteCommand

AutoRecover
AutoRecoverIgnore
RecoverFolder

AutoExec

BoxNameTitle
BorderColor
Description

CopyLimitKb
CopyLimitSilent

ForceFolder
ForceProcess
LingerProcess
LeaderProcess

NotifyInternetAccessDenied
NotifyStartRunAccessDenied

BlockDrivers
BlockFakeInput
BlockPassword
BlockSysParam
BlockWinHooks

BlockPort

DropAdminRights

OpenFilePath
OpenPipePath
ReadFilePath
WriteFilePath
ClosedFilePath

OpenKeyPath
ReadKeyPath
WriteKeyPath
ClosedKeyPath

OpenIpcPath
ClosedIpcPath

OpenWinClass
OpenClsid
OpenProtectedStorage
OpenCredentials

InjectDll
InjectDll64

ProcessLimit1
ProcessLimit2

See also:

Expandable VariablesShell FoldersProgram Name PrefixDeprecated Settings

Top

Sandboxie is Copyright © 2004-2019 by Sandboxie Holdings, LLC.  All rights reserved.
Sandboxie.com | Contact Author