Why should I empty my sandboxes?

[CrusherW9]

I have Sandboxie installed on my laptop as my core security feature and I have a handful of sandboxes, each devoted to it's own purpose. I was thinking about some stuff which led me to wonder why emptying sandboxes is so important? I understand that emptying the sandbox you use your browser in is critical. But I have a sandbox for Steam and it's games and I don't see why I should ever empty this. A virus in this sandbox poses no real threat other than crashing a game or stealing bandwidth in which case a sandbox empty would be the easy fix. I read through the "Detecting Key Loggers" page and according to this, if I "Terminate Programs" in my Steam sandbox after use, I'm good; no empty required. But I also have internet access and Start/Run restrictions for the sandbox. So technically, I shouldn't have to do this. Also, according to this link, I'm protected form rootkit key-loggers and windows hook key-loggers. Scripted key-loggers would only apply to the program that got infected and thus wouldn't transfer outside the sandbox. I'm not sure about windows message key-loggers though. From what I can tell, they "can only reliably record activity within one program" so this would mean only the program that launched it, right? If so, there is nothing to steal from Steam or Counter Strike for instance so I'm good here too. As of now, I have all of my sandboxes set to auto empty, and scanning my steam sandbox and then recovering everything every time I close steam is getting old. Am I missing something or should I simply not worry about emptying sandboxes like these?

[Guest10]

In many cases you don't need to worry about deleting contents.
I have at least 12 sandboxes with specific programs installed inside them, and never delete the contents (not the least of which, is because it would delete the program).

I think that a reasonable approach for sandboxes that you do not delete is to apply restrictions to what the main program can do;
apply a list of start/run restrictions to avoid surprises when unknown programs try to run (this one cannot be used when the program is installed inside of a sandbox);
perhaps specify the main program as a Leader Program, so that all other programs using that sandbox are ended when the main program ends;
and use Write-Only folder restrictions for folders that contain sensitive information, outside of the sandbox (like your documents folder, or possibly folders containing cookies, passwords, etc). That will keep sandboxed programs from being able to read the files in those folders.

[CrusherW9]

perhaps specify the main program as a Leader Program, so that all other programs using that sandbox are ended when the main program ends

This is a great idea. I went to go apply this and then saw that I already had. As for folder/file restrictions, I keep all my stuff on a separate partition and have blocked all access to that. I guess I'm good to go then. Thanks for reminding me of this setting. I'm much more confident in my setup now.