|Trust No Program|
ClosedFilePath is a sandbox setting in Sandboxie Ini. It specifies path patterns for which Sandboxie will deny all access by sandboxed progams, including read access. This setting essentially blocks files and folders from being accessed by sandboxed programs.
. . . [DefaultBox] ClosedFilePath=!iexplore.exe,%Cookies% ClosedFilePath=%Personal%
ClosedFilePath=!iexplore.exe,\Device\RawIp ClosedFilePath=!iexplore.exe,\Device\Ip* ClosedFilePath=!iexplore.exe,\Device\Tcp* ClosedFilePath=!iexplore.exe,\Device\Afd*
The example blocks any program other than Internet Explorer (iexplore.exe) from accessing the folder containing downloaded Internet cookies for the active user account. This would block any downloaded malicious software from spying on cookies.
(Note that this does not stop browser extensions, like add-on toolbars, from looking into the Cookies folder, because these extensions execute inside the Internet Explorer program process.)
The second example shows how to configure Sandboxie to block sandboxed programs from accessing the My Documents folder.
The value specified for ClosedFilePath can include wildcards. For more information on this, including examples that show the use of wildcards, see OpenFilePath.
The third example (spanning four lines) disables Internet access within a sandbox except for Internet Explorer (iexplore.exe). See also Sandbox Settings > Restrictions > Internet Access.
Note: Unlike the corresponding OpenFilePath setting, the ClosedFilePath settings always applies to sandboxed programs, whether the program executable file resides within the sandbox, or out of it.