Per-application sandbox rules & more options

I’d like to share a few ideas for features I’ve been missing in CIS6.

How about an ability to set advanced per-application rules for the sandbox? Currently we can only choose from a small number of predefined rulesets i.e. Untrusted, restricted, limited, partially limited. The sandbox would obviously have to offer an advanced configuration GUI, similar to that of HIPS where we can set rules and details for each application.

I.e. I would like to sandbox my browser Firefox and allow it to save files to an unsandboxed folder at D:\Downloads. I’d also like to sandbox my PDF reader FoxitReader and allow it to have write access to D:\PDFs, but not to D:\Downloads. Firefox obviously does not have write access to D:\PDFs either. Both applications have access to the SharedSpace.

There are other options that can be set like per-application access to registry keys. Perhaps even allow advanced users to tinker with those “windows features” that CIS6 uses for its sandbox. Maybe even allow users to create custom rulesets i.e. “Browser”, “p2p”, etc.



Please also consider voting in these other threads: [[url=]Configurable sandbox[/url]] [[url=]Full screen freeze[/url]] [[url=]HIPS Policy inheritance[/url]] [[url=]Classify by file path[/url]] [[url=]Hack tools[/url]] [[url=]Cloud lookup control[/url]] [[url=]Better SVCHOST handling[/url]] [[url=]Firewall WHOIS[/url]] [[url=]Configurable sounds[/url]]

Yes, the sandbox definitely needs more configurability options. Individual sandbox instances would help a lot as well.