Limit Access to system fonts

[sandyXXX]

Hi, I'm using unregistered version 5.22

Quick- Can we control which fonts can be access by program(chrome) running under Sandboxie?
Why- To have different fonts fingerprint other than system installed chrome.

What I want to do-
Browser (running under Sandboxie) access direct registry to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts and few more to access system fonts in order to work and if block its access to that registry browser show some random symbols insteat of text.

so i exported above registry hive in Sandboxie RegHive and block direct access to it particulary in .ini file, but of no use

I want to force programs to use fonts loaded in RegHive of that sandbox (if its possible what I am thinking) and not the system defaults.

Thanks

[Barb@Invincea]

Hello sandyXXX,

Please have a look at the restriction settings below:
https://www.sandboxie.com/ResourceAccessSettings#key

Regards,
Barb.-

[sandyXXX]

well instrunction to force programs(chrome) to access specific registry(fonts loading) through sandbox RegHive instead of system is not provided.

Is there any way to do that?

[Barb@Invincea]

Hello sandyXXX,

Sandboxie is an isolation tool that allows you to run applications without letting them modify your host.
We do offer some ways to block access to registry keys, paths and files (as listed on my previous response). You can try blocking the key you mentioned on your post and see if that works at all. Or try blocking access to the folder where the fonts are located.

Here's an example of how to block a registry key:
https://www.sandboxie.com/ClosedKeyPath

So, for your case you want to do something like:
ClosedKeyPath=chrome.exe,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

Regards,
Barb.-

[Syrinx]

If you are using a persistent box, eg one that doesn't auto-delete, this would be easier to pull off. In such a case you can add any registry entries or files to the sandbox. The sandboxed entries are ALWAYS checked first. As such, if the reg entries or files already exist inside these will be used. It can be a bit more complex if you want to auto-delete the box on close but so long as you can 'backup' the desired defaults and restore them with a script in the 'delete phase' of the box it is actually still possible. In addition a mesh of specific Write*Path=rules (Instead of Closed) might be able to aid you in your endeavor here.

[sandyXXX]

If you are using a persistent box, eg one that doesn't auto-delete, this would be easier to pull off. In such a case you can add any registry entries or files to the sandbox. The sandboxed entries are ALWAYS checked first. As such, if the reg entries or files already exist inside these will be used. It can be a bit more complex if you want to auto-delete the box on close but so long as you can 'backup' the desired defaults and restore them with a script in the 'delete phase' of the box it is actually still possible. In addition a mesh of specific Write*Path=rules (Instead of Closed) might be able to aid you in your endeavor here.

Yes! Thanks you
This is what I want to do, I have a "persistent box" and want some specific registries that program running in sandboxie are using from host system directly (I see their resource access using "Process monitor" tool) not to be blocked but access it from sanbox registry

Can you expain with example as I'm learning so didn't get all of it
Like if I want the control what fonts sandboxed program can use
then where to duplicate host registries into sandbox and also if in case of files/folder (for fonts we might have some folder of fonts that have all system fonts) that registry use where it should be copied in sandbox.

As i tried copying host system Registry Hive into sandbox RegHive but it didn't work.