Sandboxie 3.74 on Windows 7 (x64)

Download the Flash Player Installer from http://get.adobe.com/flashplayer/download/?installer=Flash_Player_11_for_Other_Browsers&os=Windows%207&browser_type=Gecko&browser_dist=Firefox&d=McAfee_Security_Scan_Plus_FireFox_Browser&dualoffer=false

Make a sandbox that has the [#] indicators in the title.
Run the Flash Player Installer inside the Sandbox.
The Flash Player Installer won't have the [#] indicators.
Also, the Flash Player Installer manages to move itself to the Temp folder.

some installers dont show that although sandboxed - return to common use...

What Brummelchen said. Depending how it's creating its title bar, etc. (custom or non-standard). I notice that with QuickTime, for example.




Yeah, anything can put anything in the Temp folder. %TEMP% and %TMP% seem to be Direct Access in Sandboxie no matter what.

Since when? I don't see it.

Don't "see" it, literally, in Direct Access you mean? I didn't mean that. I meant that it seems to be a default "hidden" OpenFilePath internally. (And since I started using it, which isn't long ago. )


I don't really like it. Especially that files there don't count as "in the sandbox" when using Start/Run Access (for me: *.exe or *.*). Put something there and it can be started... In my case, I'll just assume SRP isn't bypassed and processes running without admin privs can't run anything from there anyway. (Even though I'm using XP as admin, I'm using a little trick with registry permissions to get 2 sets of SRP rules; everything allowed as true admin.)

I already don't like how Sandboxie allows otherwise protected files (in Windows and Program Files) to be modified in the sandbox, therefore weakening things a bit from inside a sandbox. Start/Run Access doesn't solve anything for DLLs...

What are you talking about.
%TEMP% and %TMP% are not built-in exclusions.

Untouched DefaultBox with default settings... Run Explorer in it and put something in the Temp folder. It's on the real system, not in the sandbox. I don't think I ever remember seeing the Temp folder in any sandbox when browsing contents, but not certain. I assumed the OP is getting the same behavior.

I've never used the default Temp locations, if that would make a difference. I have User and System %TEMP% and %TMP% all set to D:\Temp

No, I don't see this. Maybe you have some template that gives access to D:\Temp ? Perhaps due to something in your Applications > Folders settings page? One more thing I can think about, if your print spooler directory was set to D:\Temp.

No, no Templates. But I guess you nailed it, thanks! I do have the print spool set to the same folder. So the print spool directory is a built-in exclusion? What, do programs that print need to write to that folder which is then used by the Print Spooler service? (Ahh yes, I guess that's how it works. I see the default system32\spool\PRINTERS allows the Users group to Create Files.)

I guess putting a spool folder under Temp will take care of that. Thanks again and sorry for the hijack.