Application Sandboxing is a feature of an Application Control Solution (ACS) action that limits the environments in which certain code can execute. In other words, it means running The sandbox runs a process in a Job that job object that limits its ability to interact with other processes, as well as limiting some specific types of interactions with the operating system, such as:
- Reading or writing from the clipboard
- Shutting down the system
- Adjusting display settings
to further lock down applications in the sandbox, you can adjust process rights to add a restricted SID. (For more information, go to [REVIEW] Adjust Process Rights Improvements.)
Some of the internet facing apps today (such as IEInternet Explorer, Chrome, Word, Adobe Reader) already implement their own extended sandboxing. As such, this mechanism feature would not apply to them.
"You can place multiple apps in the same sandbox.
Further For further reading that about Application Sandboxing in Windows can be found at, go to:
- http://www.chromium.org/developers/design-documents/sandbox
- http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
"They restrict the process so they’re not allowed to Write to the Windows and everything and they have their own API set to…in essence they can’t use the Windows API set and have to use a restricted API set that the Parent sets up to communicate back to a trusted process to do any user interaction or anything like that."
...
Apply Sandbox Action
Related Links