In ReHIPS it's possible to allow or block access to registry keys or file system objects (files and folders). But logging is quite complicated. You see, Sandboxie is built on hooking and proxying calls. A lot of hooking actually. And this concept has its advantages and drawbacks. For example it has performance penalty. But since it proxies each and every call it can log access attempts quite freely. ReHIPS on the other hand doesn't control access itself, it relies on Windows already implemented security checks, so ReHIPS isn't involved when a program tries to access something, ReHIPS can be even disabled, when it happens, Windows does all the heavy-lifting. As a drawback there is no simple way to log these access attempts. Well, there can something be done actually, logging access to some certain objects in possible via Windows audit system. But it isn't useful when it comes to a situtation like "this program wants something, but I don't know what".