[Feature Request] Custom Forced Sandboxing Rules with Script & Condition Support #5004
Description
Is your feature request related to a problem or use case?
The feature of ForceSandbox are not comprehensive enough.
Describe the solution you'd like
Feature Description
I would like to request a new feature for Sandboxie: Custom Forced Sandboxing Rules.
This feature would extend the current “Forced Programs” capability into a more dynamic, security-oriented system.
Script-Based Dynamic Detection
Allow user scripts (e.g. Python, PowerShell, Lua) to intercept newly created processes.
Scripts can query external security cloud APIs (e.g. VirusTotal, FileScanIO, Malprob, Neiki) by file hash.
Based on the result:
Malicious → Force sandbox automatically.
Suspicious → Prompt user whether to sandbox.
Clean → Run normally outside sandbox.
Rule-Based Forced Sandboxing (HIPS-like)
Add an interface to define rules for automatic sandboxing based on conditions such as:
File name or path pattern
File extension
Hidden attribute
File size range
File origin (network download, removable drive, etc.)
Digital signature presence/validity
Automatically sandbox not only all .exe but also .bat/.msi/.js etc. files downloaded from a browser (This can also serve as one of the criteria for the rules. For example, if .exe is downloaded from the browser and is not signed, there is a risk associated with cloud reputation, so run it directly in the sandbox).
If a process hash shows >10/70 detections on VirusTotal → force sandbox.
Run all unsigned utilities inside sandbox to avoid host contamination.
Upgrades static “Forced Programs” into dynamic, intelligent forced sandboxing.
Improves protection against unknown malware and suspicious files.
Provides advanced flexibility for power users and security researchers.
Describe alternatives you've considered
No response