diff --git a/Sandboxie/core/drv/file.c b/Sandboxie/core/drv/file.c
index 699f7fc1..229a8cfc 100644
--- a/Sandboxie/core/drv/file.c
+++ b/Sandboxie/core/drv/file.c
@@ -671,21 +671,18 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
     //
 
     ok = Process_GetPaths(proc, normal_file_paths, _NormalPath, TRUE);
+
+    if (ok && proc->use_privacy_mode) {
+        for (i = 0; normalpaths[i] && ok; ++i) {
+            ok = Process_AddPath(
+                proc, normal_file_paths, NULL, TRUE, normalpaths[i], FALSE);
+        }
+    }
+
     if (! ok) {
         Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
         return FALSE;
     }
-
-    if (proc->use_privacy_mode) {
-        for (i = 0; normalpaths[i] && ok; ++i) {
-            ok = Process_AddPath(proc, normal_file_paths, _NormalPath, TRUE, normalpaths[i], FALSE);
-        }
-
-        if (!ok) {
-            Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
-            return FALSE;
-        }
-    }
 #endif
 
     //
@@ -1358,9 +1355,10 @@ _FX NTSTATUS File_Generic_MyParseProc(
         //
 
 #ifdef USE_MATCH_PATH_EX
+        // is_write = ((mp_flags & TRUE_PATH_MASK) == TRUE_PATH_CLOSED_FLAG) && ((mp_flags & COPY_PATH_MASK) == COPY_PATH_OPEN_FLAG); 
         // is_open = ((mp_flags & TRUE_PATH_MASK) == TRUE_PATH_OPEN_FLAG);
         // is_closed = ((mp_flags & TRUE_PATH_MASK) == 0)
-        if ((!write_access || !((mp_flags & TRUE_PATH_WRITE_FLAG) != 0)) && !((mp_flags & TRUE_PATH_MASK) == 0)) {
+        if (proc->use_rule_specificity || ((!write_access || !((mp_flags & TRUE_PATH_WRITE_FLAG) != 0)) && !((mp_flags & TRUE_PATH_MASK) == 0))) {
 #else
         if ((! is_open) && (! is_closed)) {
 #endif
@@ -1420,7 +1418,8 @@ _FX NTSTATUS File_Generic_MyParseProc(
                         // if this is not a atribute or sync request update the permissions for the network path
                         //
 
-                        if ((MyContext->OriginalDesiredAccess != FILE_READ_ATTRIBUTES) &&
+                        if (proc->use_rule_specificity || 
+                            (MyContext->OriginalDesiredAccess != FILE_READ_ATTRIBUTES) &&
                             (MyContext->OriginalDesiredAccess != SYNCHRONIZE))
                         {
                             mp_flags = Process_MatchPathEx(proc, path2, len1, L'n',
@@ -2648,21 +2647,35 @@ get_program:
 
     if (user_devname) {
 
+#ifdef USE_MATCH_PATH_EX
+        ULONG mp_flags;
+#else
         BOOLEAN is_open, is_closed;
+#endif
         KIRQL irql2;
 
         KeRaiseIrql(APC_LEVEL, &irql2);
         ExAcquireResourceSharedLite(proc->file_lock, TRUE);
 
+#ifdef USE_MATCH_PATH_EX
+        mp_flags = Process_MatchPathEx(proc, device_name, wcslen(device_name), L'f',
+            &proc->normal_file_paths, &proc->open_file_paths, &proc->closed_file_paths,
+            &proc->read_file_paths, &proc->write_file_paths, NULL);
+#else
         Process_MatchPath(
             proc->pool, device_name, wcslen(device_name),
             NULL, &proc->closed_file_paths,
             &is_open, &is_closed);
+#endif
 
         ExReleaseResourceLite(proc->file_lock);
         KeLowerIrql(irql2);
 
+#ifdef USE_MATCH_PATH_EX
+        if ((mp_flags & TRUE_PATH_MASK) == 0) {
+#else
         if (is_closed) {
+#endif
 
             status = STATUS_ACCESS_DENIED;
 
diff --git a/Sandboxie/core/drv/file_flt.c b/Sandboxie/core/drv/file_flt.c
index f93f2928..8e7edd19 100644
--- a/Sandboxie/core/drv/file_flt.c
+++ b/Sandboxie/core/drv/file_flt.c
@@ -445,7 +445,8 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
     if (Iopb->MajorFunction == IRP_MJ_SET_INFORMATION) {
         // Do not allow hard links outside the sandbox
         if (Iopb->Parameters.SetFileInformation.FileInformationClass == FileLinkInformation) {
-            if (!Box_IsBoxedPath(proc->box, file, &Iopb->Parameters.SetFileInformation.ParentOfTarget->FileName)) {
+            if(Iopb->Parameters.SetFileInformation.ParentOfTarget &&
+               !Box_IsBoxedPath(proc->box, file, &Iopb->Parameters.SetFileInformation.ParentOfTarget->FileName)) {
                 status = STATUS_ACCESS_DENIED;
                 goto finish;
             }
diff --git a/Sandboxie/core/drv/key.c b/Sandboxie/core/drv/key.c
index 2ee360c7..41d74a5d 100644
--- a/Sandboxie/core/drv/key.c
+++ b/Sandboxie/core/drv/key.c
@@ -260,16 +260,18 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
         return FALSE;
     }
 
-    if (proc->use_privacy_mode) {
-        for (i = 0; normalpaths[i] && ok; ++i) {
-            ok = Process_AddPath(proc, &proc->normal_key_paths, _NormalPath, TRUE, normalpaths[i], FALSE);
-        }
+    if (ok && proc->use_privacy_mode) {
 
-        if (!ok) {
-            Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
-            return FALSE;
+        for (i = 0; normalpaths[i] && ok; ++i) {
+            ok = Process_AddPath(proc, &proc->normal_key_paths, NULL, 
+                                    TRUE, normalpaths[i], FALSE);
         }
     }
+
+    if (!ok) {
+        Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
+        return FALSE;
+    }
 #endif
 
     //