Application Sandboxing is an action in Application Control Solution (ACS) action that limits the environments in which certain code can execute. The sandbox runs a process in a job object that limits its ability to interact with other processes, as well as limiting some specific types of interactions with the operating system, such as:
- Reading or writing from the clipboard
- Shutting down the system
- Adjusting display settings
to To further lock down applications in the sandbox, you can adjust process rights to add a restricted SID. (For more information, go to [REVIEW] Adjust Process Rights Improvements- Restricted SID.)
| Tip | |
|---|---|
|
...
| |
Some of the |
...
Internet-facing apps today (such as Internet Explorer, Chrome, Word, and Adobe Reader) already implement their own extended sandboxing. As such, |
...
the sandboxing feature |
...
would not |
...
apply to them. |
"You can place multiple apps in the same sandbox.
For further reading about Application Sandboxing in Windows, go to:
- http://www.chromium.org/developers/design-documents/sandbox
- http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
Apply Sandbox Action
...
Create Sandbox Action
To create a sandbox action, do the following steps:
- In the Security Manager Console, click the Policies tab.
- In the file library in the left pane, navigate to Arellia Solutions > Application Control > Actions.
- Right-click the Actions folder, click New, and then click Sandbox Action.
In the Create Item dialog box, give the sandbox a Name and Description.
- Click Save.
- In the right-pane, set the Restrictions by selecting the check boxes.
- Click Save.
You can find the new action at the bottom of the list of Actions folders.