Sandboxie Support

Hey,

I do occasionally find myself in the annoying situation where a program is (without my consent) opening a web address via my browser.
Now, it does open the browser inside its own sandbox, which is ok, but I'd rather not have it have access to the browser (and by extension the internet via it) at all.
Especially since the browser will be in its default config, since all plugins and settings and such are in the browser's own sandbox.

Under Start/Run Access you can define which applications are allowed to run inside the sandbox, but I'd like to request the opposite of that, a blacklist, so I can specifically set my browser and email program to never ever be run inside any given sandbox except its own.

Did you try using "ClosedFilePath" with the path where browser is installed?

You can force a specific browser to run in a specific sandbox. Go to the Sandbox settings for that Sandbox, then Applications, then the application/browser. The first option is "Force [browser] to run in this sandbox".

Also, you can set a program to not access the internet. In Restrictions, Internet Access, add the program you don't want accessing the internet.

It sounds like one of these should resolve what you're seeing.

-Jim

Buster, I don't know where to set that.

Jim, neither of these things work. The browser is fully installed in its own sandbox and gets called via regular system browser association. So a sandboxed instance is started, inside of the sandbox the program uses, that called it, which I don't want. (Since the browser won't have any of its settings, addons and other security measures.)
I also don't want to deny this program entirely internet access, since it uses that to send crash reports. (And I can control that via firewall.)

Domochevsky wrote:Buster, I don't know where to set that.

Go to "Sandbox Settings" of the sandbox you want to configure. Then open "Resource Access -> File Access -> Blocked Access".

Click in "Add Program" and select the browser(s) you want to block.

Let us know if that fits your needs.

Buster wrote:

Domochevsky wrote:Buster, I don't know where to set that.

Go to "Sandbox Settings" of the sandbox you want to configure. Then open "Resource Access -> File Access -> Blocked Access".

Click in "Add Program" and select the browser(s) you want to block.

Let us know if that fits your needs.

Alright, that seems to work. It fails now with "Application not found".
Now how do I instigate that policy in all sandboxes (except the browser's) by default...

Domochevsky wrote:Now how do I instigate that policy in all sandboxes (except the browser's) by default...

Repeat the operation for all sandboxes you want.

You could apply the policy to all sandboxes but I doubt you can do it for "all except".