Trust No Program

Open File Path


OpenFilePath is a sandbox setting in Sandboxie Ini. It specifies path patterns for which Sandboxie will not apply sandboxing for files. This lets sandboxed programs have direct access to update files and folders outside the sandbox. This setting essentially punches a hole in the sandbox, at a particular folder location.

Shell Folders may be specified. Program Name Prefix may be specified.

Examples: 

   .
   .
   .
   [DefaultBox]
   OpenFilePath=C:\Downloads\
   OpenFilePath=*.eml
   OpenFilePath=iexplore.exe,%Favorites%
   OpenFilePath=msimn.exe,*.eml

When reviewing these examples, keep in mind that Sandboxie places a wildcard star at the end of the value, unless a star already appears anywhere in the value. So for example, C:\Downloads\ becomes C:\Downloads\*, while *.eml remains unchanged.

Wildcard stars are used to specify patterns with variable, unknown parts. For example, a.eml matches only that one file, whereas *.eml matches a.eml, test.eml, important message.eml and so on. But note that neither form matches a.txt.

The first example setting specifies that any files (or folders) created in the folder C:\Downloads (and in any folder below it) will not be sandboxed. Note that the final backslash character is important, because a star will be placed at the end of the string.

The second example shows how wildcards can be used to exempt *.eml files from sandboxing, regardless of where they are created. .eml files are typically created by Outlook and Outlook Express, when a message is explicitly saved to disk.

The third example setting specifies that the Favorites folder of the active user account should be exempted. This means that new Favorite shortcuts will added outside the sandbox. In this example, a ProgramNamePrefix is used, so the setting only applies to the Internet Explorer program, iexplore.exe

The fourth example combines the previous two examples, by showing a path containing a wildcard, applied only to a specific program.

Note: For security reasons, this setting does not apply when the program executable file resides within the sandbox. This means that (potentially malicious) software downloaded into your computer and executed, cannot take advantage of this setting.

A setting similar to OpenFilePath, which is always applied, is OpenPipePath.

Related Sandboxie Control setting: Sandbox Settings > Resource Access > File Access > Direct Access

Jump to
Sandboxie Ini
setting:

Global Settings:

ByteOrderMark

AlertProcess

ForceDisableSeconds
ForceDisableAdminOnly

EditAdminOnly
EditPassword
MonitorAdminOnly

ActivationPrompt

Enabled

FileRootPath
IpcRootPath
KeyRootPath

AutoDelete
NeverDelete
DeleteCommand

AutoRecover
AutoRecoverIgnore
RecoverFolder

AutoExec

BoxNameTitle
BorderColor
Description

CopyLimitKb
CopyLimitSilent

ForceFolder
ForceProcess
LingerProcess
LeaderProcess

NotifyInternetAccessDenied
NotifyStartRunAccessDenied

BlockDrivers
BlockFakeInput
BlockPassword
BlockSysParam
BlockWinHooks

BlockPort

DropAdminRights

OpenFilePath
OpenPipePath
ReadFilePath
WriteFilePath
ClosedFilePath

OpenKeyPath
ReadKeyPath
WriteKeyPath
ClosedKeyPath

OpenIpcPath
ClosedIpcPath

OpenWinClass
OpenClsid
OpenProtectedStorage
OpenCredentials

InjectDll
InjectDll64

ProcessLimit1
ProcessLimit2

See also:

Expandable VariablesShell FoldersProgram Name PrefixDeprecated Settings

Top

Sandboxie is Copyright © 2004-2019 by Sandboxie Holdings, LLC.  All rights reserved.
Sandboxie.com | Contact Author