Enabling read-access in privacy mode

User avatar
Posts: 405
Joined: Sat Apr 22, 2023 8:30 am

Enabling read-access in privacy mode

Post by bastik-1001 »

Your situation: You have enabled privacy mode and want to configure a sandbox so that processes can read files from a certain folder, while attempts to write to that folder are still redirected to the sandbox.

Please note, that privacy mode requires a supporter certificate, which can be obtained by several means.

The goal:
Sandboxed process(es) in a privacy enhanced sandbox should be able to read files and folders in `C:\Users\[username]\Desktop` and when (new) files are saved to `C:\Users\[username]\Desktop` those are written to the folder in the sandbox. The folder is just an example and can be any folder that isn't available for reading in privacy mode.

Notepad.exe reads C:\Users\[username]\Desktop\source.txt (outside the sandbox) and when saving C:\Users\[username]\Desktop\output.txt the file is saved, but not written to the actual location. It's supposed to get saved in the sandbox and could be recovered from there, if desired.

The solution is to use NormalFilePath

To match my example, you have to set:

Code: Select all

Instead of editing your Sandboxie.ini manually, you can set the same via the user interface by right-clicking on the sandbox to open the options, and then Resource Access. At the tab Files you have to add the file/folder you want to make readable and select Normal for the access type.

Here is the documentation for the NormalFilePath. Here is an overview of resources access types.