Open isaak654 opened 2 years ago
Yes please! Preferably as a feature you can opt-out of on a Sandbox-basis. I encrypt all my sensitive files on my computer with EFS, because I know that if malware in my Firefox-Sandbox tries grabbing my pictures or whatever, they are encrypted and can't be opened.
I have looked into this and it looks like EFS only works when the process token belongs to the user which has access, impersonating that user's token when issuing NtOpenFile is not sufficient.
So, if you need EFS to work I would suggest using a compartment type box, this work fine.
Alternatively we could move the NtOpenFile call out to a proxy process and pass back the handle but that really complicates things and I'm not sure if its worth the afford.
Is your feature request related to a problem or use case?
Source: https://forum.xanasoft.com/threads/microsoft-efs.368/
Describe the solution you'd like
It would be useful to launch isolated sandboxed programs even if they were encrypted with EFS.
Describe alternatives you've considered
No response