Is there a combination of settings that I can use to allow programs with internet access, installed in a sandbox, full file access to all of the C: drive except the system folders? I want the sandboxed programs to be able to move large files to non-system folders on the C: drive - but I also want to make sure that any accidentally downloaded malware has no access to the system folders.
I thought this would be a common configuration, but I can't find anything about it when looking at docs and searching the forums.
I have tried using sandbox settings for full access to C:\ and then setting the system folders to readonly access - (not sure if that's even a valid config) - but then my Sandboxie desktop shortcuts cannot launch the sandboxed programs... ("not found" messages).
Thanks,
CBruce
Can I set full file access to drive C: - except the system dirs
-
Barb@Invincea
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Can I set full file access to drive C: - except the system dirs
Hello CBruce,
Maybe something like this will help:
viewtopic.php?p=30824#p30824
viewtopic.php?p=126368#p126368
Regarding copying files:
https://www.sandboxie.com/CopyLimitKb
Also, you may want to look at the internet access restrictions:
https://www.sandboxie.com/RestrictionsSettings#internet
Regards,
Barb.-
Maybe something like this will help:
viewtopic.php?p=30824#p30824
viewtopic.php?p=126368#p126368
Regarding copying files:
https://www.sandboxie.com/CopyLimitKb
Also, you may want to look at the internet access restrictions:
https://www.sandboxie.com/RestrictionsSettings#internet
Regards,
Barb.-
Re: Can I set full file access to drive C: - except the system dirs
I really would NOT recommend doing it but in my test with notepad and trying to save files in various folders these seem to be what you want.
OpenPipePath=C:\
ReadFilePath=C:\Boot
ReadFilePath=C:\Program Files
ReadFilePath=C:\Windows
That still doesn't cover other sandbox folders either if the container folders are set up for C:\ as well (like default) so things running in the one with those rules could modify files in those other sandboxes as well.
Doing it this way will also interfere with some normal operations such as if you then try to install a new program into the sandbox and install it to Program Files, it won't be able to create the files and it would fail.
On another note, I did not see any issues using 'Run Sandboxed' from desktop shortcuts as you mentioned after opening all of C:\ unless the program existed only inside the sandbox. Yet another reason to not attempt it that way I suppose.
You'd be much better off poking holes for just a few specific locations (say those user folders you move the files to) instead of opening up the whole drive and then trying to re-protect certain things.
OpenPipePath=C:\
ReadFilePath=C:\Boot
ReadFilePath=C:\Program Files
ReadFilePath=C:\Windows
That still doesn't cover other sandbox folders either if the container folders are set up for C:\ as well (like default) so things running in the one with those rules could modify files in those other sandboxes as well.
Doing it this way will also interfere with some normal operations such as if you then try to install a new program into the sandbox and install it to Program Files, it won't be able to create the files and it would fail.
On another note, I did not see any issues using 'Run Sandboxed' from desktop shortcuts as you mentioned after opening all of C:\ unless the program existed only inside the sandbox. Yet another reason to not attempt it that way I suppose.
You'd be much better off poking holes for just a few specific locations (say those user folders you move the files to) instead of opening up the whole drive and then trying to re-protect certain things.
Goo.gl/p8qFCf
Who is online
Users browsing this forum: No registered users and 1 guest
