FunkyBuddha Posted August 15, 2023 #1 Posted August 15, 2023 SANDBOXIE-PLUS FEATURES Sandboxie Plus offers a multitude of new functionality which improves security, compatybility and the overall sandboxing expirience. Some of these features (*) are howeever only avaiable to users with a Support Certificate which can be obtained by contributing to the sandboxie project or purchased in our online shop. Some more features (**) are available to participants of the Sandboxie-Insider program which. Rule Specificity * With this option rules are prioritized based on their specificity (see changelog/docs for details) this way sub paths can be readable/writeable while parent parts are still protected. Security enhanced sandboxes * Restrict syscall elevation to approved known safe / filtered sys calls Limit access to device endpoints to known safe / filtered endpoints Privacy enhanced Sandboxes * With this applying a preset rule collection all locations potentially containing personal data can be protected. Applications running in boxes with personal data protection will see an empty PC with no user data on it. Compartment Mode * This mode is intended to optimize compatibility at the cost of security, here sandboxie’s token-based isolation scheme is not used. Isolation is limited to the FS minifilter as well as registry and object callbacks. This has the potential to greatly improve compatibility with variouse applications. Virtual Disk Integration ** RamDisk support, available since the latest insider build, allows you to create a virtual disk in your system's memory, using the ImDisk driver, which can speed up file access and increase confidentiality as all box contents will be discarded when the disk is unmounted (manually or automatically on reboot). Encrypted Box Image support is currently in development and allows you to create encrypted sandboxed environments for an even greater protection of your confidential data. With this feature the box file root is being mounted from an AES-XTS encrypted box image, other ciphers are available as well. Upcoming additions to this root functionality will contain secure box passphrase handling and a driver extension to prevent applications not running in the encrypted sandbox from accessing the sandboxed files. Enchanced network filering and redirection ** Proxy injection is yet another feature which has been added in the insider builds, it allows to force any application to use a Socks 5 proxy instead of a direct connection. DNS query logging, filtering and redirection feature allows you to block, or redirect DNS queries made by sandboxed programs for selected domains. WFP (Windows Filtering Platform) support With this feature Sandboxie can be like an application firewall which applies the rules on a per box bases allowing the same application access to the internet in one box while blocking it in another. Windows 11 context menu integration Process/Thread handle filtering (obCallbacks) Using this mechanism greatly improves on isolation of processes and provides enhanced security. Win32 syscall hooking With this feature win32 sys calls can get the same treatment as NT sys calls which helps with graphics and hw acceleration. Info: Quote Hidden Content Give reaction to this post to see the hidden content. Download: Quote Hidden Content Give reaction to this post to see the hidden content. 5 3
FunkyBuddha Posted December 8, 2023 Author #2 Posted December 8, 2023 Change-log since last announcement: [1.12.3 / 5.67.3] - 2023-12-02 Added added template to add useful exclusions to confidential boxes Fixed FIXED SECURITY ISSUE ID-23 SeManageVolumePrivilege is now blocked, as it allowed to read MFT data (thanks Diversenok) fixed program launch when forcing processes into a confidential box #3173 Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 2
FunkyBuddha Posted December 18, 2023 Author #3 Posted December 18, 2023 Changelog All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning. [1.12.4 / 5.67.4] - 2023-12-18 Added added display of Date & Time in the Sbie Messages tab #3429 Changed without an active, non expired, supporter certificate, automatic updates/downloads are not longer available for the stable channel the autoamtic updater will still work and notify about new stable releases, the user will be guided to visit the download page and download the latest installer manually the cleanup button is now also enabled when not connencted to core the box creation wizard now allows to create a black box based on any other box type Fixed fixed running sandboxed processes located in a imdisk volume #3472 fixed sample 634d066fd4f9a8b201a3ddf346e880be unable to be terminate on windows 7 x64 #3482 fixed UseNewSymlinkResolver causes applications to create both the link and the target folder #3481 fixed Renaming a sandbox breaks Group hierarchy #3430 fixed Encrypted confidential Box + red box preset blocks box access to it's own root directories #3475 fixed SandMan-v1.12.3 crashing #3492 Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 3
FunkyBuddha Posted December 20, 2023 Author #4 Posted December 20, 2023 Release Notes The latest update brings notable improvements and fixes to Sandboxie-Plus. Key enhancements include the integration of Date & Time display in the Sbie Messages tab, and a streamlined the box creation process, allowing for more versatile box types. Among the various fixes, issues with sandboxed processes and stability concerns in SandMan-v1.12.3 have been addressed, ensuring a more reliable and efficient user experience. We also announce a change in our update policy: automated update download & installation now requires an active supporter certificate to use the stable channel. Users on the preview channel with all the experimental potentially buggy test builds can still use auto update without a certificate. Users on the stable channel from now on will instead receive a update notification guiding them to our manually download page. For a full list of changes and fixes please review the full Changelog. Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 3
FunkyBuddha Posted January 5, 2024 Author #5 Posted January 5, 2024 [1.12.6 / 5.67.6] - 2024-01-02 Changed improved behaviour of toolbar customization menu Fixed fixed issue introduced in 1.12.4 with start.exe failing to run in a confidential box #3514 fixed "The directory name is invalid" when starting a process in an encrypted private box #3475 fixed symbolic links created inside a sandbox not working properly #3181 fixed issue with drives mounted to multiple folders or a drive letter and a folder fixed issue with file paths when using sandboxes with relocated root (e.g. to an ImDisk volume) #3506 fixed issue with explorer.exe on Windows 11 when using "SysCallLockDown=y" #3516 fixed SandMan not showing icons of processes located on an ImDisk volume Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 1
FunkyBuddha Posted February 6, 2024 Author #6 Posted February 6, 2024 [1.12.7 / 5.67.7] - 2024-01-10 Fixed fixed "Duplicate Box Config" option not being able to keep the order of the original sandbox configuration Hidden Content Give reaction to this post to see the hidden content. fixed "Save options as new defaults" option not appearing when "Configure Advanced Options" is enabled Hidden Content Give reaction to this post to see the hidden content. fixed Windows Explorer issue when running in a sandbox with data protection enabled on Windows 11 #3517 the default template for privacy boxes now sets NormalFilePath=%ProgramData%\Microsoft\* fixed message boxes with MB_DEFAULT_DESKTOP_ONLY or MB_SERVICE_NOTIFICATION not being able to display title and text correctly in Security Hardened sandboxes #3529 fixed issue with npm failing to run inside a Security Hardened sandbox on Windows 11 #3505 fixed symlink and open path issue introduced in 1.12.6 #3537 when a volume without an associated drive letter is encountered, Sandboxie uses \drive\{guid} instead of \drive\[letter] Note: if the volume is subsequently assigned a drive letter, the data under \drive\{guid} will be ignored! fixed "Run Unsandboxed" command when right-clicking shortcuts created with Sandboxie Plus #3528 Note: for the fix to take full effect, the shell integration needs to be re-applied fixed Error Status: 0x0000065b (Function failed during execution) #3504 fixed Privacy Enhanced sandboxes failing with error code SBIE2204 #3542 fixed OpenFilePath directories not being enumerated within their parent folders #3519 Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 1
FunkyBuddha Posted February 9, 2024 Author #7 Posted February 9, 2024 [1.12.9 / 5.67.9] - 2024-02-06 Fixed fixed issue with symlink resolver introduced in the previous build #3481 [1.12.8 / 5.67.8] - 2024-01-31 Added added Japanese language on Plus UI #3573 Fixed fixed warning issue: SBIE2321 Cannot manage device map: C0000034 / 11 #2996 fixed issue with explorer.exe that could not run on emulate admin sandbox #3516 fixed potential BSOD issue with WFP when trace logging is enabled #2471 fixed issue with running programs pinned to the Run menu that did not use the same working directory #3555 fixed UseNewSymlinkResolver causing applications to create both the link and the target folder #3481 fixed Plus UI notification window becoming stuck when a modal dialog is displayed #3586 Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 1 2
FunkyBuddha Posted May 20, 2024 Author #8 Posted May 20, 2024 [1.13.7 / 5.68.7] - 2024-05-01 Added added file version information for SbieDll.dll and SbieSvc.exe in the Sandboxie Plus About dialog Changed improved checkboxes about DropAdminRights in SandMan #3851 (thanks offhub) Fixed Issue with symbolic linking of files #3852 fixed issue with start agent option #3844 (thanks offhub) fixed issue with Delete V2 introduced in 1.13.5 [1.13.6 / 5.68.6] - 2024-04-21 Added added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao) Note: this option may cause issues in games hence do not enable it for gaming boxes added support for hard links #3826 added mechanism to terminate stuck sandboxed processes from the driver added Make the trigger list editable #3742 added Optionally extend the screenshot protection to the UI #3739 added a button to edit local/custom templates #3738 added Permanently Re-sizable or Larger "Run Sandboxed" Window #3697 added Notepad++ template #3836 Changed improved Avast template #3777 renamed a bunch of experimental options and marked them as experimental in the UI "IsBlockCapture=y" -> "BlockScreenCapture=y" "IsProtectScreen=>" -> "CoverBoxedWindows=y" Fixed fixed When I change the BlockDNS and BlockPorts options, the Apply button is not activated #3807 fixed troubleshooting wizard broke with new Qt #3810 fixed Settings dialog now showing the right ram disk letter fixed issues with updater broke with new Qt due to missing SSL support #3810 fixed Enabling "DropAdminRights/FakeAdminRights" adds "BlockInterferePower and ForceProtectionOnMount" to the INI #3825 fixed KeePass "Out of Memory" crash due to "BlockScreenCapture=y" #3768 fixed Sandboxie 1.13.4 with IsBlockCapture=y not working on Windows 7 #3769 fixed explorer.exe issue "FakeAdminRights=y" #3638 fixed Make it possible to disable forced folder warning #3569 [1.13.5 / 5.68.5] - 2024-04-10 Added added Setting all processes per box to a certain core #3276 set "CpuAffinityMask=0x00000001" in Sandboxie.ini, where 0x00000001 is a bit mask indicating which cores are to be used only supports cores 0-31, for 32+ will be always disabled when this option is used added checkbox for Samba and DNS port blocking added Weasel template #3806 (thanks xWTF) Changed on systems in test signing mode, Sandboxie will try outdated offsets by default changed Qt5 version to Qt5.15.13 with latest security patches #3694 (thanks LumitoLuma) moved network restrictions from general restrictions tab to an own tab on the network page improved certificate retrieval UI messages improved MPC-BE template #3798 Fixed fixed Virtualization scheme Version 2 causing extremely slow file deleting speed #3650 Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 1 1
FunkyBuddha Posted July 2, 2024 Author #9 Posted July 2, 2024 Changelog All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning. [1.14.3 / 5.69.3] - 2024-07-01 Changed changed Qt 5 version to Qt 5.15.14 with OpenSSL 3.3.1 #3994 (thanks offhub) Fixed fixed Applications cannot be launched as admin in a sandbox with "UseCreateToken/SandboxieAllGroup" enabled when using an MSFT account #4022 fixed Firefox issue with Sbie 1.14.1 and 1.14.2 #4012 rolled back the driver verifier fix added in 1.14.1 fixed CustomChromiumFlags and --single-argument issue #4033 fixed Sandboxie programs do not terminate after closing programs that run as admin with UseCreateToken/SandboxieAllGroup enabled #4030 [1.14.2 / 5.69.2] - 2024-06-19 Added added SbieIni option to modify password-protected configs #3903 usage: set|append|insert|delete [/passwd:********] Note: use /passwd without the password to have SbieIni prompot for the password on the console, this hides the password from view and from bing captured with the command line added checkbox for "PromptForInternetAccess" option to the New Box Wizard added option "HideNonSystemProcesses" to hide processes not in a sandbox from processes lists for sandboxed processes added option "HideSbieProcesses" to hide Sandboxie Work Process (SbieSvc, SandboxieRpcSs, etc.) added option "HideFirmwareInfo" when it is set, the programs that try getting fireware information will get false data from HKEY_CURRENT_USER\SOFTWARE\SandboxieHide\FalseFirmwareValue added template "BlockAccessWMI" to prevent sandboxed processes from accessing system information through WMI added template "BlockLocalConnect" to prevent sandboxed processes from sending network packs to localhost to breakout sandbox added new option "AllowCoverTaskbar" for #3975 added RPC Port message filter mechanism to block unsafe RDP calls via the driver #3930 usage: "RpcPortFilter=Port,ID,Label" label is optional added "Job Object" options page to colelct all job object related options Changed Extend "Temp Template" to make it could delete local template section Fixed fixed security issue with the newly introduced experimental "UseCreateToken=y" mechanism fixed issue with "UseCreateToken=y" when using a MSFT online account fixed Export sandbox not containing hidden files #3980 (thanks L4cache) fixed Chrome stopped printing #3926 Sandboxie will add CustomChromiumFlags=--disable-features=PrintCompositorLPAC to chrome based browsers command line Note: Less Privileged App Container (LPAC) don't work with sandboxie currently fixed Problem accessing a relative symlink with a target that starts with a dot #3981 fixed Can't open a sandbox's properties window via double-click in System Tray context window #3861 fixed Delay in launching forced programs after version 1.12.9 #3868 this issue was introdiced in 1.13.0 and may have broadly affected other usecases and cause variosue problems fixed issue with Misc Options list improved compatibility with steam running sandboxed [1.14.1 / 5.69.1] - 2024-06-06 Added added "Sandboxie\All Sandboxes" SID into token with SandboxieLogon #3191 to use this feature "SandboxieAllGroup=y" must be enabled Note: this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y" added "EditAdminOnly=y" can now be configured per box added UI for CoverBoxedWindows in NewBoxWizard added UI option to start unsandboxed process but force child processes in SelectBoxWindow added option "AlertBeforeStart" when it is set, a prompt pops up before launching a new program into the sandbox using "Start.exe" and checks if the program that started "Start.exe" is a Sandboxie component itself, if it is not, a warning pops up added option for EditAdminOnly in SetupWizard Changed split the advanced new box wizard page in two reorganized box options a bit Fixed fixed issue with proxy authentication setting fixed memory leak in sbiesvc fixed issue with inconsistent WFP option application #3900 fixed resource leak in buffer hashing function fixed DLL name corruption when BlockInterferenceControl is enabled #3945 fixed issue with driver verifier [1.14.0 / 5.69.0] - 2024-05-17 Added added option to limit the memory of sandboxed process and the number of process in single sandbox through job object (thanks Yeyixiao) use "TotalMemoryLimit" (Number, limit whole sandbox, Byte) and "ProcessMemoryLimit" (Number, limit single process, Byte) to set memory limit use "ProcessNumberLimit" (Number) to set process number limit added ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao) use "UseChangeSpeed=y" to open this feature, use "AddTickSpeed" / "AddSleepSpeed" / "AddTimerSpeed" / "LowTickSpeed" / "LowSleepSpeed" / "LowTimerSpeed" (Number) to set when set to "AddSleepSpeed=0", all sleep function calls will be skipped added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed added ability to fore sandboxed processes to use a pre defined socks 5 proxy added ability to intercept DNS queries so that they can be logged and/or redirected added support for SOCKS5 proxy authentication based on RFC1928 (thanks Deezzir) added Test Dialog UI for SOCKS5 proxy (thanks Deezzir) added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox Changed validated compatibility with windows build 26217 and updated dyn data Fixed fixed an issue with an early batch of Large Supporter certificates Link: Quote Hidden Content Give reaction to this post to see the hidden content. 2 1
FunkyBuddha Posted July 16, 2024 Author #10 Posted July 16, 2024 [1.14.4 / 5.69.4] - 2024-07-13 Changed improved removal of leftovers #4050 Fixed fixed The Start Restrictions tab's layout is broken #4045 fixed Administrators cannot change the sandbox configuration #4057 #4068 Added added hwid display Link: Quote Hidden Content Give reaction to this post to see the hidden content. 1
FunkyBuddha Posted July 25, 2024 Author #11 Posted July 25, 2024 [1.14.5 / 5.69.5] - 2024-07-23 Added: added HwID display added Language Spoof "CustomLCID=1033" #4024 (thanks Yeyixiao) added option to always run the sandman UI as admin #4090 added Proxy exclusion #4036 added "ForceChildren=Program.exe" #4070 added UI options for "ForceRestartAll" and "UseCreateToken" in OptionWindow added an optional context menu option to make folder/file forced quickly Note: you can also use "Sandman.exe /add_force program_path" to do it Changed: the certificate format can now take an explicit validity days specification, needed for gapless certificate renewal Fixed: fixed two supporter certificate popping up every time a Sandboxes' settings are opened #4074 fixed issue with HwID-bound serial keys failing when no HwID could be obtained fixed issue with "UseChangeSpeed=y" fixed broken "HideFirmwareInfo=y" implementation changed reg path to key "HKCU\System\SbieCustom", value: "SMBiosTable" added UI options fixed schannel error SEC_E_SECPKG_NOT_FOUND in encrypted sandboxes #4081 fixed The name of the sandbox is too long, causing an error in sbie2327 #4064 fixed Job objects cannot be assigned memory limits greater than 4 GB #4096 Info: Quote Hidden Content Give reaction to this post to see the hidden content. Link: Quote Hidden Content Give reaction to this post to see the hidden content. 1
FunkyBuddha Posted August 15, 2024 Author #12 Posted August 15, 2024 [1.14.6 / 5.69.6] - 2024-07-30 Added added alias for a sandbox #4112 Fixed fixed issue with Windows 7 caused by the new CustomLCID option #4117 fixed Settings Window issue with non-advanced certificates introduced in 1.14.0 fixed issue with API_PROCESS_EXEMPTION_CONTROL Link: Quote Hidden Content Give reaction to this post to see the hidden content. 2 3
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now