Disable Key Filter

DisableKeyFilter is a sandbox setting in Sandboxie Ini available since v0.9.0 / 5.51.0. This setting disables the registry filtering mechanism, allowing sandboxed processes to bypass registry access restrictions and directly modify the host system registry.

Usage

[DefaultBox]

DisableKeyFilter=y

Syntax

DisableKeyFilter=<y/n>

Where:

• y disables registry filtering completely.
• n (default) maintains normal registry filtering behavior.

Security Implications

Warning

This setting disables driver-level enforcement of registry access restrictions. Malicious software can potentially bypass these protections through various techniques including code injection, API hooking, or direct system calls, making this setting unsuitable for untrusted applications.

Related Settings

Master Override

DisableKeyFilter is automatically enabled when: - NoSecurityFiltering is set in Application Compartment mode¹.

Alternative Granular Controls

• DisableFileFilter: Disables only file system filtering.
• DisableObjectFilter: Disables only object filtering.
• NoSecurityFiltering: Disables all filtering in Application Compartment mode.

---

1. Registry filter control in process.c: The setting proc->disable_key_flt = no_filtering || Conf_Get_Boolean(proc->box->name, L"DisableKeyFilter", 0, FALSE) allows DisableKeyFilter to completely bypass registry filtering either independently or as part of NoSecurityFiltering in Application Compartment mode. ↩