[.04] Sandboxie ignores __COMPAT_LAYER setting

[Am Yisrael Chai]

This is a behavior of Sandboxie that is inconsistent with Windows:

In Windows, setting the environment variable __COMPAT_LAYER=RunAsInvoker will override an application manifest of highestAvailable, and the application will NOT be elevated.

But Sandboxie ignores the __COMPAT_LAYER and will elevate the application based solely on the manifest.

Similarly, Sandboxie also ignores HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers, which also overrides the application manifest in Windows.

This makes it difficult for me to test applications in Sandboxie, because I need to be able to specify the elevation behavior without modifying the checksums of my applications.

I wonder if there is a setting to make the current version of Sandboxie behave consistently with Windows, or if this ability will be found in a future version of Sandboxie.

I hope I have explained this clearly. Please let me know if anything needs clarification.

HOW TO REPRODUCE
Try these steps in both Windows and Sandboxie to observe the difference:

1. Find an application (preferably non-installer) that is manifested as highestAvailable.
2. Run it normally to verify that the UAC prompt shows up.
3. Then, set the environment variable __COMPAT_LAYER=RunAsInvoker
4. Run the application again to see the inconsistent behavior in Windows and Sandboxie.

[tzuk]

Thanks, I was not aware of this feature. Sandboxie checks the manifest for highestAvailable but doesn't check the __COMPAT_LAYER environment variable. I will check and fix as necessary.

[tzuk]

In version 4.01.04, Sandboxie implements the behavior in this topic:

If registry key ..\AppCompatFlags\Layers or the environment variable __COMPAT_LAYER specify the RunAsInvoker compat switch,
Sandboxie will not do UAC elevation.