Trust No Program

Open Win Class


OpenWinClass is a sandbox setting in Sandboxie Ini. It specifies the class names for unsandboxed windows that should be accessible by a sandboxed program.

Examples: 

   .
   .
   .
   [DefaultBox]
   OpenWinClass=ConsoleWindowClass
   OpenWinClass=$:program.exe
   OpenWinClass=#
   OpenWinClass=*

The first example makes console windows created by the cmd.exe process accessible to sandboxed programs.

Normally, Sandboxie will not permit a sandboxed program to access, communicate, close or destroy a window outside the sandbox. The OpenWinClass settings makes an exception to this rule, and allows specific unsandboxed windows to be accessible.

Special Forms 

   OpenWinClass=$:program.exe

Permits a program running inside the sandbox to use the PostThreadMessage API to send a message directly to a thread in a target process running outside the sandbox. This form of the OpenWinClass setting does not support wildcards, so the process name of the target process must match the name specified in the setting. 

   OpenWinClass=#

This setting tells Sandboxie to not alter window class names created by sandboxed programs. Normally, Sandboxie translates class names such as IEFrame to Sandbox:DefaultBox::IEFrame in order to better separate windows that belong to sandboxed programs from the rest of the windows in the system.

However, in some cases, a program outside the sandbox might expect window class names to have a specific name, and therefore might not recognize the windows created by a sandboxed program. Specifying OpenWinClass=# resolves this problem, at the cost of a lesser degree of separation.

Note that OpenWinClass=# does not allow communication with any windows outside the sandbox, and may interfere with some drag-and-drop operations. 

   OpenWinClass=*

This setting tells Sandboxie to not translate window class names as described above, and also makes all windows in the system accessible to sandboxed programs, and goes a step further to disable a few other windowing-related Sandboxie functions. This may also cause the Sandboxie indicator [#] to not appear in window titles.

Note that OpenWinClass=* allows full communication with all windows outside the sandbox, but may interfere with some drag-and-drop operations.

Identifying Window Class Names

The unsandboxed windows are identified by their window class name, which is an internal name given to the window by the application that created it. You can use a tool like WinSpy to identify window class names. The Resource Access Monitor tool in Sandboxie also displays window class names.

Jump to
Sandboxie Ini
setting:

Global Settings:

ByteOrderMark

AlertProcess

ForceDisableSeconds
ForceDisableAdminOnly

EditAdminOnly
EditPassword
MonitorAdminOnly

ActivationPrompt

Enabled

FileRootPath
IpcRootPath
KeyRootPath

AutoDelete
NeverDelete
DeleteCommand

AutoRecover
AutoRecoverIgnore
RecoverFolder

AutoExec

BoxNameTitle
BorderColor
Description

CopyLimitKb
CopyLimitSilent

ForceFolder
ForceProcess
LingerProcess
LeaderProcess

NotifyInternetAccessDenied
NotifyStartRunAccessDenied

BlockDrivers
BlockFakeInput
BlockPassword
BlockSysParam
BlockWinHooks

BlockPort

DropAdminRights

OpenFilePath
OpenPipePath
ReadFilePath
WriteFilePath
ClosedFilePath

OpenKeyPath
ReadKeyPath
WriteKeyPath
ClosedKeyPath

OpenIpcPath
ClosedIpcPath

OpenWinClass
OpenClsid
OpenProtectedStorage
OpenCredentials

InjectDll
InjectDll64

ProcessLimit1
ProcessLimit2

See also:

Expandable VariablesShell FoldersProgram Name PrefixDeprecated Settings

Top

Sandboxie is Copyright © 2004-2019 by Sandboxie Holdings, LLC.  All rights reserved.
Sandboxie.com | Contact Author