diff --git a/CHANGELOG.md b/CHANGELOG.md
index f1422699..9c549ae8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,7 +19,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 - fixed box initialization issue in privacy mode [#1469](https://github.com/sandboxie-plus/Sandboxie/issues/1469)
 - fixed issue creating shortcuts introduced in a recent build [#1471](https://github.com/sandboxie-plus/Sandboxie/issues/1471)
-- fixed access issues in privacy enhanced boxes
+- fixed variouse issues in privacy enhanced boxes and rule specificity
+- fixed issue with SeAccessCheckByType
 
 ### Removed
 - removed obsolete SkyNetRootKit detection from 32 bit build
diff --git a/Sandboxie/core/dll/com.c b/Sandboxie/core/dll/com.c
index f8485e54..edd55ed6 100644
--- a/Sandboxie/core/dll/com.c
+++ b/Sandboxie/core/dll/com.c
@@ -543,15 +543,22 @@ _FX BOOLEAN Com_IsClosedClsid(REFCLSID rclsid)
         0x66, 0xf7, 0xe1, 0x1b, 0x36, 0x55, 0xd1, 0x11,
         0xb7, 0x26, 0x00, 0xc0, 0x4f, 0xb9, 0x26, 0xaf };
 
-    if (memcmp(rclsid, EventSystem, 16)      == 0)
-        return TRUE;
+    // moved to templates.ini
+    //static const UCHAR PinToStartScreen[16] = { // {470C0EBD-5D73-4D58-9CED-E91E22E23282} 
+    //    0xbd, 0x0e, 0x0c, 0x47, 0x73, 0x5d, 0x58, 0x4d, 
+    //    0x9c, 0xed, 0xe9, 0x1e, 0x22, 0xe2, 0x32, 0x82
+    //};
 
-    if (memcmp(rclsid, EventSystemTier2, 16) == 0)
-        return TRUE;
+    static const UCHAR* ClosedIDs[] = { EventSystem, EventSystemTier2/*, PinToStartScreen*/ };
 
     ULONG index;
     GUID* guid;
 
+    for (index = 0; index < ARRAYSIZE(ClosedIDs); ++index) {
+        if (memcmp(rclsid, ClosedIDs[index], 16) == 0)
+            return TRUE;
+    }
+
     //
     // initialize list of user-configured CLSID blocks
     // Note: the service threads everythign not explicitly open as closed anyways
diff --git a/Sandboxie/core/dll/proc.c b/Sandboxie/core/dll/proc.c
index cce443f4..cf8a20a1 100644
--- a/Sandboxie/core/dll/proc.c
+++ b/Sandboxie/core/dll/proc.c
@@ -1906,7 +1906,7 @@ _FX UINT Proc_WinExec(LPCSTR lpCmdLine, UINT uCmdShow)
 
     memzero(&pi, sizeof(PROCESS_INFORMATION));
 
-    ok = CreateProcessA(
+   ok = CreateProcessA(
         NULL, (char *)lpCmdLine, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
 
     if (ok) {
diff --git a/Sandboxie/core/dll/rpcrt.c b/Sandboxie/core/dll/rpcrt.c
index 317db1ff..a2a5e321 100644
--- a/Sandboxie/core/dll/rpcrt.c
+++ b/Sandboxie/core/dll/rpcrt.c
@@ -921,10 +921,13 @@ RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSe
         Scm_Start_Sppsvc();
     }
     // we must block this in Win 10 to prevent r-click context menu hang in Explorer
-    else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli)))
-    {
-        return STATUS_ACCESS_DENIED;
-    }
+    // note: this breaks otehr things but we need it, 
+    // so instead we block the {470C0EBD-5D73-4D58-9CED-E91E22E23282} Pin To Start Screen verb handler;
+    // inside Com_CoCreateInstance
+    //else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli)))
+    //{
+    //    return STATUS_ACCESS_DENIED;
+    //}
     return __sys_RpcStringBindingComposeW(ObjUuid,ProtSeq,NetworkAddr,EndPoint,Options,StringBinding);
 }
 
diff --git a/Sandboxie/core/dll/secure.c b/Sandboxie/core/dll/secure.c
index 08647ee3..959afcce 100644
--- a/Sandboxie/core/dll/secure.c
+++ b/Sandboxie/core/dll/secure.c
@@ -887,7 +887,7 @@ _FX NTSTATUS Secure_NtSetSecurityObject(
 //---------------------------------------------------------------------------
 
 
-_FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal)
+_FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal, BOOLEAN bImpersonate)
 {
     if (Dll_OsBuild < 9600) // this magic values are available only from windows 8.1 onwards
         return;
@@ -898,18 +898,44 @@ _FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal)
     // OriginalToken END
 
     if ((LONG_PTR)token == LDR_TOKEN_PRIMARY) {
-        NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, hTokenReal);
+        NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), hTokenReal);
     }
     else if ((LONG_PTR)token == LDR_TOKEN_IMPERSONATION) {
-        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, FALSE, hTokenReal);
+        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), FALSE, hTokenReal);
     }
     else if ((LONG_PTR)token <= LDR_TOKEN_EFFECTIVE) {
-        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, FALSE, hTokenReal);
-        if (!hTokenReal) {
-            NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, hTokenReal);
+        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), FALSE, hTokenReal);
+        if (*hTokenReal == NULL) {
+            NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), hTokenReal);
+        }
+    }
+
+    //
+    // SeAccessCheckByType requires the token to eider be 
+    // an impersonation token of level SecurityIdentification or higher
+    // or a pseudo handle, hence we have to convert the token here
+    //
+
+    if (bImpersonate && *hTokenReal != NULL) {
+
+        HANDLE hTokenRealImp = NULL;
+        OBJECT_ATTRIBUTES objattrs;
+        SECURITY_QUALITY_OF_SERVICE QoS;
+
+        InitializeObjectAttributes(&objattrs, NULL, 0, NULL, NULL);
+        QoS.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
+        QoS.ImpersonationLevel = SecurityImpersonation;
+        QoS.ContextTrackingMode = SECURITY_STATIC_TRACKING;
+        QoS.EffectiveOnly = FALSE;
+        objattrs.SecurityQualityOfService = &QoS;
+
+        if (NT_SUCCESS(NtDuplicateToken(*hTokenReal, MAXIMUM_ALLOWED, &objattrs, FALSE, TokenImpersonation, &hTokenRealImp))) {
+
+            NtClose(*hTokenReal);
+
+            *hTokenReal = hTokenRealImp;
         }
     }
-    return;
 }
 
 _FX NTSTATUS Ldr_NtQueryInformationToken(
@@ -924,7 +950,7 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
     HANDLE hTokenReal = NULL;
     BOOLEAN FakeAdmin = FALSE;
 
-    Ldr_TestToken(TokenHandle, &hTokenReal);
+    Ldr_TestToken(TokenHandle, &hTokenReal, FALSE);
 
     status = __sys_NtQueryInformationToken(
         hTokenReal ? hTokenReal : TokenHandle, TokenInformationClass,
@@ -1024,7 +1050,7 @@ _FX NTSTATUS Ldr_NtQuerySecurityAttributesToken(HANDLE TokenHandle, PUNICODE_STR
     NTSTATUS status = 0;
     HANDLE hTokenReal = NULL;
 
-    Ldr_TestToken(TokenHandle, &hTokenReal);
+    Ldr_TestToken(TokenHandle, &hTokenReal, FALSE);
 
     status = __sys_NtQuerySecurityAttributesToken(hTokenReal ? hTokenReal : TokenHandle, Attributes, NumberOfAttributes, Buffer, Length, ReturnLength);
 
@@ -1034,6 +1060,7 @@ _FX NTSTATUS Ldr_NtQuerySecurityAttributesToken(HANDLE TokenHandle, PUNICODE_STR
     return status;
 }
 
+
 NTSTATUS Ldr_NtAccessCheckByType(PSECURITY_DESCRIPTOR SecurityDescriptor, PSID PrincipalSelfSid, HANDLE ClientToken, ACCESS_MASK DesiredAccess, POBJECT_TYPE_LIST ObjectTypeList, ULONG ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, PULONG PrivilegeSetLength, PACCESS_MASK GrantedAccess, PNTSTATUS AccessStatus)
 {
     NTSTATUS rc;
@@ -1047,8 +1074,8 @@ NTSTATUS Ldr_NtAccessCheckByType(PSECURITY_DESCRIPTOR SecurityDescriptor, PSID P
         SetLastError(0);
         return TRUE;
     }
-
-    Ldr_TestToken(ClientToken, &hTokenReal);
+    
+    Ldr_TestToken(ClientToken, &hTokenReal, TRUE);
 
     rc = __sys_NtAccessCheckByType(SecurityDescriptor, PrincipalSelfSid, hTokenReal ? hTokenReal : ClientToken, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus);
 
@@ -1065,7 +1092,7 @@ _FX NTSTATUS Ldr_NtAccessCheck(PSECURITY_DESCRIPTOR SecurityDescriptor, HANDLE C
     NTSTATUS status = 0;
     HANDLE hTokenReal = NULL;
 
-    Ldr_TestToken(ClientToken, &hTokenReal);
+    Ldr_TestToken(ClientToken, &hTokenReal, TRUE);
 
     status = __sys_NtAccessCheck(SecurityDescriptor, hTokenReal ? hTokenReal : ClientToken, DesiredAccess, GenericMapping, RequiredPrivilegesBuffer, BufferLength, GrantedAccess, AccessStatus);
     
@@ -1080,7 +1107,7 @@ _FX NTSTATUS Ldr_NtAccessCheckByTypeResultList(PSECURITY_DESCRIPTOR SecurityDesc
     NTSTATUS status = 0;
     HANDLE hTokenReal = NULL;
 
-    Ldr_TestToken(ClientToken, &hTokenReal);
+    Ldr_TestToken(ClientToken, &hTokenReal, TRUE);
 
     status = __sys_NtAccessCheckByTypeResultList(SecurityDescriptor, PrincipalSelfSid, ClientToken, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus);
 
diff --git a/Sandboxie/install/Templates.ini b/Sandboxie/install/Templates.ini
index cb48fcb1..f2e854db 100644
--- a/Sandboxie/install/Templates.ini
+++ b/Sandboxie/install/Templates.ini
@@ -165,6 +165,8 @@ ClosedClsid={4991D34B-80A1-4291-83B6-3328366B9097}
 [Template_WindowsExplorer]
 # make search box wait
 ClosedClsid={C2F03A33-21F5-47FA-B4BB-156362A2F239}
+# makes context menu hang
+ClosedClsid={470C0EBD-5D73-4D58-9CED-E91E22E23282} 
 
 [Template_ThirdPartyIsolation]
 # close VMNet0 virtual network