|
|
|
Guards
Sandbox guards are essential sandbox security building blocks. Each guard manages access to certain resources for each defined application group.
For each application group, it is possible to enable guards or leave guards disabled (e.g for performance reasons).
There are several types of guards:
- Registry guard û guards access to registry information
- File guard - guards access to file system
- Process spawning guard û guards the application spawned (called) by other application
- TCP/IP guard û guards the TCP/IP ports and IP addresses.
- Dangerous device access guard û guards the items below written
- Dismount volume
- Lock volume
- Set compression
- Unlock volume
- Disk eject media
- Disk format tracks
- Disk load media
- Disk media removal
- Disk reassign blocks
- Disk set drive layout
- Disk set partition info
- Disk verify
- Serial lsrmst insert
- Checksum guard û protects executables from replacement. The replaced file can have the same name, but TPF will still recognize that it is not the original one. If you have this feature turned on (by default it is disabled), please be aware that it will enforce some restrictions û e.g. TPF may block the installation of a service pack or update of some software. If you update the guarded file, please recalculate the checksum (see section Applications Groups (on page )). Otherwise the application will be treated as unknown and therefore high-restricted and an alert message will be displayed.
- VBA macro guard
- OLE/COM guard
- Services guard
- System low level guard
- Shutdown guard
- Windows messages guard
- Clipboard guard
- Window limit guard
- Memory limit guard
- SMB guard
- Net Special guard
- Cookie guard
- ActiveX and Java guard
- E-mail content filtering guard
- Process termination guard