LSQuarantineTypeSandboxed - Undocumented

Question

Created Jun ’20

Replies 2

Boosts 0

Participants 2

We occasionally have files that have a quarantine type set to LSQuarantineTypeSandboxed. This does not appear to be in the LSQuarantine header file as a valid quarantine type.

We are reluctant to handle this and would like to understand what this type is and why it was set. If it is a valid type that we should ask the user about, we will.

Answered by Security Engineer in 615102022

That type indicates that the process was touched by a sandboxed process that didn't have permissions to write that file.

What are you asking users about with respect to quarantine state?

Boost

Answer 1

Security Engineer OP

Apple

Jun ’20

Accepted Answer

That type indicates that the process was touched by a sandboxed process that didn't have permissions to write that file.

What are you asking users about with respect to quarantine state?

0

Answer 2

JMP Humphrey OP

Jun ’20

We are looking at the Quarantine state to ask users if they are sure they want to open the file. For example, we have scripts that can be downloaded from the web that when opened can auto-run. We ask the user if they want to open it in "safe mode", in edit only mode only, or just normal.

Doesn't sound like this Quarantine type would apply.

0