Why are UI customization tools able to change system font, even in containment?

I tried noMeiryoUI, a tool for changing system UI font (i.e. menu, title bar… those kinda things) Comodo didn’t recognize it so it went to containment, run virtually. I was expecting it won’t function normally, but it did change the font successfully. Even after reset the sandbox, restart my system the change is still there.

I’m curious why it can change something of real system even if it’s been contained?

restriction levels may vary

change unrecognized application rules to untrusted!


Because not all actions are prevented/monitored, it only monitors changes that are harmful or cause a security issue. But if you want you can increase the restriction level in the auto-container rule to limited or higher to provide the most protection.

Restriction level defines what they can do in sandbox. But I thought any action fully virtualized in sandbox should not affect real system? (It’s still working fine even I set restriction level to untrusted) My thought is the program did something, made something out of sandbox change the setting.

Anyway I’m not concerned about security issues, just curious. Thanks for clearing it up.