I have CIS v4 on my XP SP3 machine and am fairly pleased with it so far. Much quieter than v3 but maybe a bit too quiet?

Regarding the sandbox, I am used to Sandboxie but the CIS sandbox seems to be very different so I am wondering, is there any benefit to sandboxing a web browser in CIS? If so, is there any fix to running Chrome in a sb set to limited instead unrestricted?

How about a mail program like Thunderbird? Can that be sb’d but be set up to keep email files?

Looks like CIS has had a bit of a rough start but I applaud the developers for their efforts and look forward to CIS 4 only getting better.

The automatic sandboxing as in this version is not like SandboxIE. It does restrict access to important places but does not virtualise:

You can manually put files in the Sandbox and you can choose the level of protection you want (here you are able to set some virtualisation). To run a program in the Sandbox each time you run it go to Defense + → Sandbox → Program Running in the sandbox → Add.

Manual sandboxing is what I am asking about. Is there any advantage to manually sandboxing a browser? It sounds like you are saying yes.

How about Chrome having to run unrestricted in a sandbox? Any fix to this?
Finally, if I sandbox my email client, can I set it to directly access the mail files and keep them?


With manual sandboxing you will have the extra layer of file system and registry virtualisation.

Not sure what you mean with problem with Chrome. I do know they will be fixing the problem where some rogue apps could jump out of the box:

To your last question I have no answer as I haven’t tested the sandbox very extensively.