diff --git a/Sandboxie/core/drv/thread.c b/Sandboxie/core/drv/thread.c
index 21f67b79..385acc0f 100644
--- a/Sandboxie/core/drv/thread.c
+++ b/Sandboxie/core/drv/thread.c
@@ -1138,6 +1138,36 @@ finish:
 }
 
 
+//---------------------------------------------------------------------------
+// Thread_IsProtectedProcess
+//---------------------------------------------------------------------------
+
+NTKERNELAPI BOOLEAN NTAPI PsIsProtectedProcess(_In_ PEPROCESS Process);
+
+_FX BOOLEAN Thread_IsProtectedProcess(HANDLE pid)
+{
+    PEPROCESS ProcessObject;
+    NTSTATUS status;
+    BOOLEAN ret = FALSE;
+
+    //
+    // Check if this process is a protected process,
+    // as protected processes are integral windows processes or trusted antimalware services
+    // we allow such processes to access even confidential sandboxed programs.
+    //
+
+    status = PsLookupProcessByProcessId(pid, &ProcessObject);
+    if (NT_SUCCESS(status)) {
+        
+        ret = PsIsProtectedProcess(ProcessObject);
+
+        ObDereferenceObject(ProcessObject);
+    }
+
+    return ret;
+}
+
+
 //---------------------------------------------------------------------------
 // Thread_CheckObject_CommonEx
 //---------------------------------------------------------------------------
@@ -1204,13 +1234,14 @@ _FX ACCESS_MASK Thread_CheckObject_CommonEx(
                         if (protect_process /*&& MyIsProcessRunningAsSystemAccount(cur_pid)*/) {
                             if ((_wcsicmp(nptr, SBIESVC_EXE) == 0) || (_wcsicmp(nptr, L"csrss.exe") == 0)
                                 || (_wcsicmp(nptr, L"conhost.exe") == 0)
-                                || (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0))
+                                || (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0)
+                                || Thread_IsProtectedProcess(cur_pid))
                                 protect_process = FALSE;
                         }
 
                         if (protect_process) {
 
-                            if (Conf_Get_Boolean(NULL, L"NotifyBoxProtected", 0, TRUE)) {
+                            if (Conf_Get_Boolean(proc2->box->name, L"NotifyBoxProtected", 0, FALSE)) {
 
                                 //WCHAR msg_str[256];
                                 //RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Protect boxed processes %s (%d) from %s (%d) requesting 0x%08X", proc2->image_name, (ULONG)pid, nptr, (ULONG)cur_pid, DesiredAccess);