OpenFin recommends the use of this flag only in non-production environments or when trying to triage cases in a production environment.
The Chromium Sandbox
is the last line of defense between a system and remotely delivered code. Disabling the sandbox removes this security layer which is protecting the end-user from compromise if an attacker were to exploit a vulnerability in the browser/chromium code base. The browser/chromium code is designed to be secure even without the sandbox but
running with the sandbox is strongly recommended.
When the sandbox is enabled the browser/renderer processes are run as a low level integrity
. A/V software providers have been known to use the low level integrity as a simplistic approach to identify “virus like” behavior. In these cases, the 2 most commonly seen side effects are the A/V provider software:
- kills the renderer process
- impacts performance while a scan is actively run
Given the vast amount of A/V providers, possible configurations, and variable causes (especially for external deployments) OpenFin customers have found whitelisting OpenFin to be the preferred approach to sorting through each individual A/V environment.