Strange behaviour of sandbox file system virtualization

I used foxy, a P2P file sharing app, to downloaded a file. I have sandboxed foxy with

  • restriction level set to “limited” and
  • file system virtualization enbaled.

I deleted the file using foxy’s internal UI and exit the program. However, when I run foxy next time, the file re-appear again??? ???

This is not the case if I do not sandbox foxy or disable file system virtualization.

I finally find out that a hidden “sandbox” directory is created and the downloaded file is saved somewhere inside the “sandbox” directory if file system virtualization is enabled. I suppose those “temporary” files can be deleted by the sandboxed application itself or will be deleted by CIS aftward but they are not. They are not able to be deleted by the sandboxed applications itself and leaving them permanently state in my PC even after a reboot.

Is it a bug or the intended behaviour of CIS’s sandbox?

(By the way, I’m running beta 716 on Win 7 inside VirtualBox)

I would also like to know the sandbox cleaning mechanism. The sandbox behave that way exactly and all I could do is to clean that folder (sandbox) manually. What is worse this is the folder name used by SandBoxie. I don’t think it’s a good idea mixing the two programs data in one folder.

I trust a more rational approach would be like that

  1. A sandboxed application should have full control on those “temporary” files and/or
  2. The “temporary” files will be cleaned by CIS after exit of the sandboxed application (may be with some backups)

What criteria should CIS use to decide if this one is a temporary file and this one is not? There is sometimes quit a mess in the folder.

I think point 1 is essential and more rational.
For point 2, I have no concret idea. May be just delete all.

Should we sandbox all the third party applications that use untrusted data? This is what DefenseWall does in this case. What should CIS do?

I think that’s some what off topic as your question is regarding how sandbox is triggered. However, just let you know that GeSWall sandbox/isolate applications that use untrusted resources(their term Threat Gates).