result of run program in sandbox is diffrent between auto and by self add


I think this maybe a bug??!!

when I run a program , sandbox were be auto use and run into limited restriction level.

But I found some registry info still write into real world.

Then I add that program into the sandbox on Defense+ Tasks ->Sandbox->Add a Program to the Sandbox,

the same registry would NOT write into real world.

So, both of that sandbox restriction is different ??


CIS 4 sandbox is an equivalent to this at the moment

Programs that get automatically sandboxed are not virtualised. So, it is possible to write to non protected registry keys.

Were the registry keys you saw being written to part of the Protected Registry Keys?

NO, It’s not my protected registry keys… :-\

However, If I want to totally protect my system , I should add program to the sandbox by myself ?

Even they are the same of limited restriction level?

It sounds a little bit strange :-\

I saw the description by mouse1 :

Manually sandboxed software is virtualised by default
Automatically sandboxed software is not yet virtualised, but is likely to be in forthcoming releases. This will allow file and key access restrictions to be relaxed on sandboxed software so it will run better.;msg380909#msg380909


You found the right info. If you want full virtualisation you need to manually sandbox the program at the moment.