What does Security Hardened Sandbox change/do? What does Data Protection change/do? If you can provide examples, that would be helpful. I couldn't find any info anywhere on how these settings could help or benefit a user.
Hardened is as od 1.2.x and earlier just a sandbox with drop admin rights enabled. As of 1.3.x it will include additional mitigation like syscall restrictions and device isolation (not allowing sandboxed programs to talk to drivers unless explicitly permitted) Data Protection also called Privacy Enhanced Boxes are boxes set up such that programs can only read the HKLM, C:\Windows, C:\Program Files, C:\Program Files (x86) and nothing else, no HKCU and no other path on any volume. This way boxed programs can not access any private or personal data. You may also wonder what an Application Compartment type box is, these are boxes that don't use the a restricted token instead they only relay on file, registry and handle filtering, while this results in a much lowered isolation, it significantly increases the compatibility with problematic applications.
Thanks David for explaining the features. Data Protection is an interesting feature that prevents programs/viruses from trying to access/read files in other locations on my computer. I bought a certificate at https://xanasoft.com/product-category/sandboxie/ and will activate this feature. Thanks again!
Sandboxie Plus 1.2.6 (64 bit) Windows 10 21H2 (64 bit) Thunderbird 102.0.3 (64 bit) I have Firefox set up and working perfectly but I'm unable to get Thunderbird working using Data Protection and get the following error messages. How can I fix this issue?
A good strategy to get the needed folder structure is to switch the data protection of for the first start of an app this way it can copy required files/folders into the box. After the first run you can create a snapshot to which the box will revert on content deletion instead of going back to an empty state.
I assume this will only work as a strategy if using IMAP? If POP3 then the local files outside of TB wouldn't get updated? Yes, you can guess which I use
Hello @DjKilla, did you find a solution to the Thunderbird error messages with Data Protection in the meantime ? I have exactly the same problem with these error messages and tried many "Open FilePath" settings , so that COM+/DCOM can be disabled by SB+, unfortunately I didn't find the right pad, also no suitable setting. #80 https://www.wilderssecurity.com/threads/sandboxie-plus-v1-4-0-v1-4-1-v1-4-2.447865/page-4 Sabine, Win11 21/H2, SB+ 1.50, Thunderbird 102.4 with POP3
@DjKilla @Glitzersternchen Try adding this to the box config: Code: WriteKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole Info: https://github.com/sandboxie-plus/sandboxie-docs/blob/main/Content/WriteKeyPath.md OR Code: ReadKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole Info: https://github.com/sandboxie-plus/sandboxie-docs/blob/main/Content/ReadKeyPath.md If neither works Code: OpenKeyPath=thunderbird.exe,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole Info: https://github.com/sandboxie-plus/sandboxie-docs/blob/main/Content/OpenKeyPath.md
@busy, I think, between your offered codes "ReadKeyPath" is the safest one, because only read access is given. I entered your line in the Thunderbirdbox and TB now works perfectly with Data Protection. Many, many thanks busy ! Sabine
I actually tried everything and couldn't get Thunderbird to work with Data Protection so I had given up. What a surprise to see an answer/fix to get Thunderbird to work with Data Protection posted. Big thank you to 'busy' for posting! Looking forward to finally having a little more extra protection in my setup!
there seam to be some underlying issue with permissions in the user registry when data protection is enabled, I'm looking into it ...
Proper fixes to this and another issues might be addressed in a timely fashion if a separate telemetry module could be implemented already.
Librewolf (portable) works for me (v1.6.1). I do not use firefox. You may have some non-default config/settings/locations etc. If you care to share them here, someone may be able to help.
