The setting should go in a sandbox section, might also work in the GlobalSettings section. But not UserSettings.
The first program reported to trigger this was reported here:
Didn't look into this one specifically. Second one is the QQ messenger which I am testing for an unrelated problem report:
In this case it seems to be related to reading a disk volume serial number. It's probably not overwriting any disk sectors. And even if it does, I don't want to drive everyone crazy with unnecessary messages.
|Sorry, I'm a little confused by this. So are they attempts to open the partition, which are then blocked along with writing priviledges? or are programs allowed to 'open' the partition but prevented just from writing directly to it?
I didn't check if the request is successful when Sandboxie is not involved. But it sounds reasonable that a program without admin privileges shouldn't be able to open the disk for write access. Maybe the program first tries to get full access, but if that doesn't work, it falls back to request read-only access.
In any case, Sandboxie sees a request to open something like \Device\HarddiskVolume1\DR0 with write access flags, and so it issues the warning. It's only been a couple of weeks since I added this feature and as I said I already stumbled upon two programs which appear to be legitimate but cause the message to appear. I feel like having this as default behavior in version 3.60 is just asking for trouble when a lot of people start seeing SBIE1313. So, it's going to be opt-in.