Mitigation Policy Flags (Image File Execution Options) are not applied to sandboxed images #3775
Labels
Confirmation pending
Further confirmation is requested
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Set Mitigation Policy Flags (Image File Execution Options) do not show up for sandboxed processes when policies are examined by Task Managers running with the highest (TrustedInstaller) privileges. Policies appear to apply, but it is hard to tell... If I set "DIsable Win32K Calls" policy for an executable image and that policy prevents that executable from running un-sandboxed, then that executable will also not run sandboxed. I don't know how to test if other policies are applied or not. Flags set by developers themselves for their executable images seem to show up, but again, it is hard to tell...
Set Image File Execution Options policies that do not show up for sandboxed processes are:
Control Flow Guard
ASLR - High Entropy
ASLR - Force Relocate
Heap Termination on Corruption
Dynamic Code Prohibition
Extension Point Disablement
Non-Microsoft Binary Block
Remote Load Disablement
Low Integrity Load Disablement
Side-question: Is it a bad idea to apply such policies for sandboxed processes?
Expected behavior
Mitigation Policy Flags (Image File Execution Options) should be showing for sandboxed processes
Affected program
All
What version of Sandboxie are you running now?
Sandboxie Classic 1.13.4
In which sandbox type you have this problem?
In a standard isolation sandbox (yellow sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
What is your Windows edition and version?
Windows 10 19045
The text was updated successfully, but these errors were encountered: