is semi-isolation possible?

shmu26 · January 08, 2017, 12:16:26 PM

let's say I want to run Word or Foxit isolated, but at the same time, I want to be able to open my files, wherever they may be. I am aware that this will reduce security, but if I am willing to take the risk, is there a setting for this?
I assume the risk would be pretty small, because if the app is isolated from system files, I don't see how it's going to hurt me.

aDVll · January 08, 2017, 12:25:32 PM

What do you ean able to open all your files? You are already able to open files from anywhere because isolated applications have read access to everything except user folders.
You want to access user profile while isolated?

shmu26 · January 08, 2017, 12:35:43 PM

yes, I want to access the real user profile.

aDVll · January 08, 2017, 12:38:03 PM

Quote from: shmu26 on January 08, 2017, 12:35:43 PM
yes, I want to access the real user profile.

Hmm maybe it's possible but not safe for sure. What happens if you run a ransomware. You lose all your files.

shmu26 · January 08, 2017, 12:43:42 PM

true, you lose the fool-proof protection that isolation provides. But you still have the HIPS protection, which depends on the user not doing something stupid.

aDVll · January 08, 2017, 12:57:31 PM

Quote from: shmu26 on January 08, 2017, 12:43:42 PM
true, you lose the fool-proof protection that isolation provides. But you still have the HIPS protection, which depends on the user not doing something stupid.

Yeah, you basically make rehips useless by doing that. I honestly believe is not needed because if you browse to the folder you can open it to isolation from there.

I assume you use expert mode that has the setting to none(open file access) so that's why you can't open them?

EDIT: Expert mode has many usability changes which make everything require more effort. You exchange usability for safety. Personally i don't believe it's worth it.

shmu26 · January 08, 2017, 01:07:41 PM

Quote from: aDVll on January 08, 2017, 12:57:31 PM
I assume you use expert mode that has the setting to none(open file access) so that's why you can't open them?

EDIT: Expert mode has many usability changes which make everything require more effort. You exchange usability for safety. Personally i don't believe it's worth it.

thanks for tip. So if I set the file access to "read", then I can use windows explorer to browse to My Documents in my real user profile, and open a file in isolated Word?
But I can't browse to there from within Word. Correct?

aDVll · January 08, 2017, 01:09:09 PM

Quote from: shmu26 on January 08, 2017, 01:07:41 PM
Quote from: aDVll on January 08, 2017, 12:57:31 PM
I assume you use expert mode that has the setting to none(open file access) so that's why you can't open them?

EDIT: Expert mode has many usability changes which make everything require more effort. You exchange usability for safety. Personally i don't believe it's worth it.
thanks for tip. So if I set the file access to "read", then I can use windows explorer to browse to My Documents in my real user profile, and open a file in isolated Word?
But I can't browse to there from within Word. Correct?

Correct.

shmu26 · January 08, 2017, 01:31:01 PM

so if I want to keep my paranoid rules for powershell etc, but I also want to keep troubles to a minimum, maybe I should go back to standard mode, and just remove "microsoft windows" from the TVL.

aDVll · January 08, 2017, 02:12:23 PM

Quote from: shmu26 on January 08, 2017, 01:31:01 PM
so if I want to keep my paranoid rules for powershell etc, but I also want to keep troubles to a minimum, maybe I should go back to standard mode, and just remove "microsoft windows" from the TVL.

No. Put it in standard mode, Keep microsoft and change powershell/etc to block. Way easier and less annoying. At least until Fixer does the change for alert.