This isn't something I have tried. If you have a java sandbox (SBIE), it doesn't matter what non-sandboxed application wants to use the java in the sandbox, the sandbox would have to have access to the real system for it to escape the sandbox at all. How much of the real system, I don't know. Perhaps just the chrome directory, maybe more. Sandboxie traps what happens in the sandbox there. What you want to do is a good idea, but limitations I think are what you are up against. At a very basic level, you defeat the purpose of using the sandbox to contain java, as you have to let it out to work with a non-sandboxed process. This would imply that, if you got it to work, the java in the sandbox would have access to whatever it was you made an exception for, which could mean it has free access to modify etc. You could try read only or read/execute but not write access. That might do the trick. Theories only on this topic though. Sul.