Add support for Microsoft EFS (NTFS encryption feature)

[isaak654]

Is your feature request related to a problem or use case?

Source: https://forum.xanasoft.com/viewtopic.php?f=15&t=368

Hello
sandboxie 1.0.22 and earlier
Windows 7 pro 64bit and w10 pro 64bit
If I encrypt Thunderbird profile, then I cannot use that program, because I get a message "Thunderbird is already started". Sandboxie launch that program like "anonymous access" and so (I suppose) it cannot read my EFS certificate.

Describe the solution you'd like

It would be useful to launch isolated sandboxed programs even if they were encrypted with EFS.

Describe alternatives you've considered

No response

[Dyras]

Yes please! Preferably as a feature you can opt-out of on a Sandbox-basis. I encrypt all my sensitive files on my computer with EFS, because I know that if malware in my Firefox-Sandbox tries grabbing my pictures or whatever, they are encrypted and can't be opened.

[DavidXanatos]

I have looked into this and it looks like EFS only works when the process token belongs to the user which has access,
impersonating that user's token when issuing NtOpenFile is not sufficient.

So, if you need EFS to work I would suggest using a compartment type box, this work fine.

Alternatively we could move the NtOpenFile call out to a proxy process and pass back the handle but that really complicates things and I'm not sure if its worth the afford.