Closed File Path

Closed File Path

ClosedFilePath is a sandbox setting in Sandboxie Ini. It specifies path patterns for which Sandboxie will deny all access by sandboxed programs, including read access. This setting essentially blocks files and folders from being accessed by sandboxed programs.

Shell Folders may be specified. Program Name Prefix may be specified.

Example:

   .
   .
   .
   [DefaultBox]
   ClosedFilePath=!iexplore.exe,%Cookies%
   ClosedFilePath=%Personal%
   ClosedFilePath=!iexplore.exe,\Device\RawIp
   ClosedFilePath=!iexplore.exe,\Device\Ip*
   ClosedFilePath=!iexplore.exe,\Device\Tcp*
   ClosedFilePath=!iexplore.exe,\Device\Afd*

The example blocks any program other than Internet Explorer (iexplore.exe) from accessing the folder containing downloaded Internet cookies for the active user account. This would block any downloaded malicious software from spying on cookies.

(Note that this does not stop browser extensions, like add-on toolbars, from looking into the Cookies folder, because these extensions execute inside the Internet Explorer program process.)

The second example shows how to configure Sandboxie to block sandboxed programs from accessing the Documents folder.

The value specified for ClosedFilePath can include wildcards. For more information on this, including examples that show the use of wildcards, see OpenFilePath.

The third example (spanning four lines) disables Internet access within a sandbox except for Internet Explorer (iexplore.exe). See also Sandbox Settings > Restrictions > Internet Access.

Note: Unlike the corresponding OpenFilePath setting, the ClosedFilePath settings always applies to sandboxed programs, whether the program executable file resides within the sandbox, or out of it.

Related Sandboxie Control setting: Sandbox Settings > Resource Access > File Access > Blocked Access