As the title suggests I would like to know if the automatic sandbox is vulnerable to keyloggers if the level is changed to Fully-Virtualized.
Be aware that by vulnerable I not only mean that data can be read but that the data can be transferred over the internet without the firewall intercepting the request. Therefore, for this topic please assume that the user is very security savvy and will not accidentally allow a dangerous alert.
If you find that it is vulnerable can you please try to find out if there are any settings which can be changed, without changing the level of the behavioral blocker to anything other than fully-virtualized, which can plug the leak?
In theory, no. Only thing that is always vulnerable in virtualized environments like this is data leaking because despite being isolated it can still access any document on your PC and send the data to any remote destination. Only way to overcome that is to go the Sandboxie path of restricting access inside sandbox itself. Limited user rights, restricted drivers and services installation, restricted execution and access to files and also restriction on internet access.
There is one downside of doing this, most of apps will not work in such environments. I think similar would apply if you use Untrusted sandbox level…