Sandboxie Support

Hi,

It's very simple feature request. An example: let's set firefox as the only one program it can start in 'Firefox' sandbox. The idea is to let firefox start other processes when it needs it like: rundll32.exe, spellchecker.exe etc. Tickbox next to 'Run access'.

SBIE already does this, anything started by a program which is running in a sandbox is also sandboxed. If however you mean you have trouble with specific programs being unnable to run you may want to re-check the 'Restrictions' > 'Start/Run Access' page and see if you have it set to allow only specific programs and add those you want allowed there. Automating this process or some form of whitelisting would defeat the point of this option.

btm wrote:SBIE already does this, anything started by a program which is running in a sandbox is also sandboxed.

I know, but this is not I'm talking about.
Does you always know what child process will be created by parent one? No. That's why I want tickbox to allow all child processes to run, while the only parent process will be on 'Start/Run Access' list. In this case sandboxie would deny to run any process not started by parent one

Dun wrote: I know, but this is not I'm talking about.
Does you always know what child process will be created by parent one? No. That's why I want tickbox to allow all child processes to run, while the only parent process will be on 'Start/Run Access' list. In this case sandboxie would deny to run any process not started by parent one

But what happens if a program, a browser for example, which is compromised spawns a child process? Well I am going to ask a more basic question: Can a compromised / exploited or whatever browser spawn a malicious child process? Even with a different unknown name?

Where do you want to get this malicious child process from?
Choosing 1 app + its child process is still tighten than default 'Start/Run access = All' setting.

Let me put this in other words. How the hell I know which processes are needed to be added to 'Start/Run access' when I want to run any app and make it work as stable as outside of sandobox?

Firefox is relatively easy to know what process it needs to run, however just 'firefox.exe' is not enough to make it stable.

You are right. Then I agree with you and second your request, good idea indeed.