Disable Object Filter

DisableObjectFilter is a sandbox setting in Sandboxie Ini available since v1.0.0 / 5.55.0. This setting disables the object filtering mechanism, allowing sandboxed processes to bypass object access restrictions and directly interact with processes, threads, and other system objects outside the sandbox.

Prerequisites

Note

Object filtering requires global activation via EnableObjectFiltering=y in the [GlobalSettings] section. When globally enabled, individual sandboxes can disable it using DisableObjectFilter=y.

Usage

[DefaultBox]

DisableObjectFilter=y

Syntax

DisableObjectFilter=<y/n>

Where:

y disables object filtering for this sandbox
n (default) maintains object filtering when globally enabled

Security Implications

Warning

This setting disables driver-level enforcement of object access restrictions. Malicious software can potentially bypass these protections through various techniques including code injection, API hooking, or direct system calls, making this setting unsuitable for untrusted applications.

Master Override

DisableObjectFilter is automatically enabled when:

NoSecurityFiltering is set in Application Compartment mode¹.

Alternative Granular Controls

DisableFileFilter: Disables only file system filtering.
DisableKeyFilter: Disables only registry filtering.
NoSecurityFiltering: Disables all filtering in Application Compartment mode.

Object filter control in process.c: The setting proc->disable_object_flt = no_filtering || Conf_Get_Boolean(proc->box->name, L"DisableObjectFilter", 0, FALSE) allows DisableObjectFilter to completely bypass object filtering either independently or as part of NoSecurityFiltering in Application Compartment mode. ↩