Configuration philosophy

No matter how difficult the Advanced Sandbox Configuration may seem you may find it simple and versatile at the end. The Advanced Sandbox Configuration recognizes three steps:

1. Sandbox Object Definition
   
   Sandbox object is the basic building block of the Advanced Sandbox Configuration. The sandbox object may be File(s) or Folder(s), Registry entry, Service definition, Device definition, OLE/COM object, VBA macro, Process spawning rule or some miscellaneous object.
   
   Example: Define the object TEST as the folder c:\test.
2. Create the profile
   Name the profile and select which guards shall be active within this particular profile (read more about guards). Apart from active guards, the profile is defined by the set of rules applied on a various object types that represent particular security setting (sandbox or part of the sandbox). Each rule consists of sandbox object and relevant access rights. Use predefined Sandbox Object(s), assign it with the access rights and create the rule(s).
   
   Example: Specify that there is NO access to folder c:\test. Name this profile as NO_TEST
3. Assign the profile to the Application Group
   
   Example: Windows Explorer group (which includes application explorer.exe) will be assigned with NO_TEST profile created above. The result - c:\test folder will disappear from Windows Explorer because this process will not have the access rights to it.