Hello! I'm trying to build as secure as possible settings to run only single program in Sandboxie. I have done these already and I want some comments. I have also couple of questions. Settings (Opera) Appearance: Show sandbox name in window title Recovery: Quick Recovery - Immediate Recovery - Delete: Invocation - Automatically delete contents of sandbox Command - "c:\Program Files\Eraser\eraserl.exe" -folder "%SANDBOX%" -subfolders -method Gutmann -results -queue File Migration: 51200 Forced Folders: - Forced Programs: opera.exe Lingering Programs: - Resource Access: Internet Access - opera.exe File Access - Direct Access - , All Programs File Access - Full Access - , All Programs !!!File Access - Blocked Access - D: E: ( All Except System Drive C: ), All Programs File Access - Read-Only Access - , All Programs Registry Access - Direct Access - , All Programs Registry Access - Blocked Access - , All Programs Registry Access - Read-Only Access - HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG ( All Registry Locations ), All Programs !!!IPC Access - Direct Access - , All Programs !!!IPC Access - Blocked Access - , All Programs Window Access - , All Programs Low-Level Access - Applications: Web Browser - Email Reader - - = all disabled. So now some questions (I have set !!! in those settings): 1. Is there any way to disable ALL File Access? I can't add drive where opera.exe is. I haven't tried to add all folders and files except Opera folder because that is quite slow process. Any other ideas? 2. What is IPC Access? 3. In this thread https://www.wilderssecurity.com/showthread.php?t=196864 I found this: How I can set that kind of settings? 4. I open ini file and see these: ClosedFilePath=!opera.exe,\Device\RawIp ClosedFilePath=!opera.exe,\Device\Ip* ClosedFilePath=!opera.exe,\Device\Tcp* ClosedFilePath=!opera.exe,\Device\Afd* Are those this one, Internet Access - opera.exe? -MikeNAS EDIT: I posted this on Sandboxie forums too.