Sandboxie: Resources to protect (ClosedPaths/ReadPaths)

Hello everyone,

I 'm new to the Sandboxie World. Over the past few days, i 've been trying to configure my sandboxes based on some great ideas that i came across here, while reading some SB threads. Right now, i 'm trying to harden them by setting ClosedPaths and ReadPaths.

- Q1: How can i enhance/extend the following "basic" (i use it in all my sandboxes) set of paths?

ClosedFilePath=C:\Boot\ #Windows 7 Ultimate without "System Reserved" partition#
ClosedFilePath=C:\PerfLogs\
ClosedFilePath=C:\Windows\Sandboxie.ini
ClosedFilePath=C:\Program Files\Sandboxie\Templates.ini
ClosedFilePath=C:\Users\Default\
ClosedFilePath=C:\Users\Public\
ClosedFilePath=D:\ #Data Partition#
ClosedFilePath=\Device\Mup\
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ReadFilePath=C:\autoexec.bat
ReadFilePath=C:\config.sys
ReadFilePath=%Start Menu%\Programs\Startup\
ReadFilePath=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
ReadKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
ReadKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
ReadKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\

- Q2: Is there any workaround in order to implement a "block-all-but" scheme?