What is the difference between the two lists (Advanced options- Security settings - Defence+ - HIPS - protected objects)?
I can add folders to “Protected files” list, so what’s the difference?
Protected Files - Affects Both HIPS and Sandbox, will stop sandboxed processes from modifying the files but they can still see and read the files, will show alerts for HIPS.
Protected Data Folders - Is supposed to stop sandboxed processes from being able to see/read/modify anything inside the folders, it’s as if the files aren’t even there. I’m not quite sure what happen with HIPS.
I say “Is supposed to” because the behavior is inconsistent throughout the different sandbox levels, I’ve made a bug report about that and they fixed it partially but it’s still not completely fixed.
I just tested the feature with Zoom player 9 free (not yet recognized), and while it CAN see protected folders, it can’t seem to access them, so it somewhat works…
P.S. Funny enough if you place the same folder in “protected files” list, unknown program (zoom player) can access and read \ play files just fine…can’t delete and possibly write \ modify though.
Are you using the Sandbox? If so, at what setting?
By “[…] it CAN see protected folders […]” do you mean see the folders or see the files in the folder?
I use default settings (auto sandbox = Partially limited).
It can see the folder, but can’t access it \ see inside it.
Also, I with they didn’t “bury” this option so deep in menus.
Protected Data Folders doesn’t actually hide the folder, just the items inside the folder so the folder will still be visible.
Also for Partially Limited, certain methods can bypass Protected Data Folders. My own program I made can see, read and modify files in Protected Data Folders when sandboxed as partially limited (and even untrusted) Currently the only setting that works as it should is Fully Virtualized, that blocks my application from even seeing that files in Protected Data Folders. I’ve made a bug report about the bypass but it hasn’t been fixed yet. Protected Data Folders for Partially Limited will still block many applications from accessing the files, just not all.