...
To further lock down applications in the sandbox, you can adjust process rights to add a restricted SID. (For more information, go to [REVIEW] Adjust Process Rights Improvements- Restricted SID.)
Tip | ||
---|---|---|
| ||
Some of the Internet-facing apps today (such as Internet Explorer, Chrome, Word, and Adobe Reader) already implement their own extended sandboxing. As such, the sandboxing feature would not apply to them. |
...
- http://www.chromium.org/developers/design-documents/sandbox
- http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
Create Sandbox Action
To create a sandbox action, do the following steps:
- In the Security Manager Console, click the Policies tab.
- In the file library in the left pane, navigate to Arellia Solutions > Application Control > Actions.
- Right-click the Actions folder, click New, and then click Sandbox Action.
In the Create Item dialog box, give the sandbox a Name , and Description and Classification.
Tip title NoteThe Name is the identifier you give to the action in Arellia Management Server; the Sandbox Name is the system-wide identifier in Windows.
- Click Save.
- In the right-pane, set the Restrictions by selecting the check boxes.
- Click Save.
You can find the new action at the bottom of the list of Actions folders.
...