What is the difference between "Limited" and "Restricted" for Sandbox?

If you go to Defence+ > Execution Control Settings, there are several options under “Treat unrecognized files as”.

However “Limited” and “Restricted” seem very similar. Their description from Help page says basically the same thing for both in other words.

For both the application is not allowed to execute more than 10 processes at a time and the application is allowed to access very few operating system resources.

Under Limited application is run without Administrator rights and for Restricted is run with very limited access rights, which is similar to “without Administrator rights”.

Can somebody give a little bit more insight on this issue and these settings?
I would like to know some more details.

Have raised the fact that these descriptions need improvement. Expect that perhaps with 6.0, but maybe a dev will take pity meanwhile as I understand it.

Limited - full UAC restrictions plus some D+ restrictions. Used to be sandbox default, so very similar to partially limited. THink partially limited relaxes a few UAC restrictions

Restricted - implements more OS & probably restrictions than UAC, not sure re D+

You can see the OS restrictions in the security pane of a sandboxed process in process explorer, job restrictions can be determined via the OS (job id on process properties tab in process explorer), but D+ ones cannot.

Actually correction - use killswitch process properties, that gives you job restrictions as well.

Security is on Advanced button of job and general tabs

Nice stuff Egemen :slight_smile:


So for example restricted (actually advanced permissions on genera tab)

[attachment deleted by admin]