Restrict read access to whitelist programs

Ideas for enhancements to the software
Post Reply
D1G1T@L

Restrict read access to whitelist programs

Post by D1G1T@L » Tue Oct 05, 2010 1:19 pm

Uncle Ronen,will it be possible to introduce another roadblock to potential drivebys, by restricting read access to any sandboxed system folders/drives besides programs explicitly allowed (added to a whitelist.)?. I know you have the start/run restricition, but this would be another great safety net.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Oct 05, 2010 5:31 pm

It should be possible by using negating on the ReadFilePath setting. Something like,

ProcessGroup=<TrustedPrograms>,firefox.exe,notepad.exe
ReadFilePath=!<TrustedPrograms>,C:\Windows
ReadFilePath=!<TrustedPrograms>,C:\Program Files

"!" meaning EXCEPT IF here, we're saying that C:\Windows and C:\Program Files are going to be read-only folders EXCEPT IF the program is firefox.exe or notepad.exe.

I'm describing this as INI settings raher than through the GUI because the GUI doesn't support the "!" at this time. (I should fix that.)

But why not use Start/Run Access and be done with it?
tzuk

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest