|Trust No Program|
OpenFilePath is a sandbox setting in Sandboxie Ini. It specifies path patterns for which Sandboxie will not apply sandboxing for files. This lets sandboxed programs have direct access to update files and folders outside the sandbox. This setting essentially punches a hole in the sandbox, at a particular folder location.
. . . [DefaultBox] OpenFilePath=C:\Downloads\ OpenFilePath=*.eml OpenFilePath=iexplore.exe,%Favorites% OpenFilePath=msimn.exe,*.eml
When reviewing these examples, keep in mind that Sandboxie places a wildcard star at the end of the value, unless a star already appears anywhere in the value. So for example, C:\Downloads\ becomes C:\Downloads\*, while *.eml remains unchanged.
Wildcard stars are used to specify patterns with variable, unknown parts. For example, a.eml matches only that one file, whereas *.eml matches a.eml, test.eml, important message.eml and so on. But note that neither form matches a.txt.
The first example setting specifies that any files (or folders) created in the folder C:\Downloads (and in any folder below it) will not be sandboxed. Note that the final backslash character is important, because a star will be placed at the end of the string.
The second example shows how wildcards can be used to exempt *.eml files from sandboxing, regardless of where they are created. .eml files are typically created by Outlook and Outlook Express, when a message is explicitly saved to disk.
The third example setting specifies that the Favorites folder of the active user account should be exempted. This means that new Favorite shortcuts will added outside the sandbox. In this example, a ProgramNamePrefix is used, so the setting only applies to the Internet Explorer program, iexplore.exe
The fourth example combines the previous two examples, by showing a path containing a wildcard, applied only to a specific program.
Note: For security reasons, this setting does not apply when the program executable file resides within the sandbox. This means that (potentially malicious) software downloaded into your computer and executed, cannot take advantage of this setting.
A setting similar to OpenFilePath, which is always applied, is OpenPipePath.