Sandboxie Plus (open source fork of Sandboxie)

[Mohammad.Poorya]

Sandboxie Sandboxie v0.6.5 / 5.47.0

Changes in Sandboxie 5.47.0:

Added

• added detection for waterfox.exe, Palemoon.exe, basilisk.exe and brave.exe firefox forks
  
• added bluetooth API support, IPC port can be opened with “OpenBluetooth=y”
  — this should resolve issues with many unity games hanging on startup for a long time
  
• added enhanced RPC/IPC interface tracing
  
• when DefaultBox is not found by the SandMan UI, it will be recreated
  
• “Disable Forced Programs” time is now saved and reloaded
  

Changed

• reduced sandman cpu usage
  
• sandboxie.ini and templates.ini can now be UTF8 encoded
  — this feature is experimental, files without a UTF-8 Signature should be recognized also
  — “ByteOrderMark=yes” is obsolete, sandboxie.ini is now always saved with a BOM/Signature
  
• legacy language files can now be UTF8 encoded
  
• reworked file migration behaviour, removed hardcoded lists in favour of templates
  — you can now use “CopyAlways=”, “DontCopy=” and “CopyEmpty=” that support the same syntax as “OpenFilePath=”
  — “CopyBlockDenyWrite=program.exe,y” makes a write open call to a file that won’t be copied fail instead of turning it read only
  
• removed hardcoded SkipHook list in favour of templates
  

Fixed

• fixed old memory pool leak in the sbie driver
  
• fixed issue with item selection in the access restrictions ui
  
• fixed updater crash in sbiectrl.exe
  
• fixed issues wih RPC calls introduced in sbie 5.33.1
  
• fixed recently broken terminate all command
  
• fixed a couple minor UI issues with Sandman UI
  
• fixed IPC issue with windows 7 and 8 resulting in process termination
  
• fixed “recover to” functionality
  

https://github.com/sandboxie-plus/Sandboxie/releases

DOWNLOAD Sandboxie 5.47.0 (32-bit)
DOWNLOAD Sandboxie 5.47.0 (64-bit)

[Mohammad.Poorya]

Sandboxie Plus 0.6.7 / Sandboxie 5.47.1

ChangeLog

Added

• added UI Language auto detection
  

Fixed

• fixed brave.exe is now properly recognized as chrome based not firefox based
  
• fixed issue introduced in 0.6.5 with recent edge builds
  -- the 0.6.5 behavioure can be set ona per process basis using "RpcMgmtSetComTimeout=POPPeeper.exe,n"
  
• fixed grouping issues
  
• fixed main windows restore state from tray
  

 Download page: https://github.com/sandboxie-plus/Sandboxie/releases
 
x64
Sandboxie Plus: https://github.com/sandboxie-plus/Sandbo...v0.6.7.exe
Sandboxie: https://github.com/sandboxie-plus/Sandbo...5.47.1.exe
x86
Sandboxie Plus: https://github.com/sandboxie-plus/Sandbo...v0.6.7.exe
Sandboxie: https://github.com/sandboxie-plus/Sandbo...5.47.1.exe

[harlan4096]

Sandboxie v0.7.0 / 5.48.0:

ChangeLog

Added

• sandboxed indicator for tray icons, the tooltip now contains [#] if enabled
  
• the trace log buffer can now be adjusted with "TraceBufferPages=2560"
  -- the value denotes the count of 4k large pages to be used, here for a total of 10 MB
  
• new functionality to the list finder
  

Changed

• improved RPC debugging
  
• improved IPC handling around RpcMgmtSetComTimeout, "RpcMgmtSetComTimeout=n" is now the default behavioure
  -- required exceptions have been hard coded for specific calling dll's
  
• the LogApi dll is now using Sbies tracing facility to logg events instead of an own pipe server
  

Fixed

• FIXED SECURITY ISSUE: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
  
• fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
  
• fixed issue with resource monitor sort by timestamp
  
• FIXED SECURITY ISSUE: a race condition in the driver allowed to obtain a elevated rights handle to a process (thanks typpos)
  
• FIXED SECURITY ISSUE: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
  -- this allowed elevated processes to change passwords, delete users and alike, to disable filtering use "OpenSamEndpoint=y"
  
• FIXED SECURITY ISSUE: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
  -- this allowed elevated processes to change hardware configuration, to disable filtering use "OpenDevCMApi=y"
  

Download

[Mohammad.Poorya]

Sandboxie 0.7.1 / 5.48.5

ChangeLog

Added

• sandboxed indicator for tray icons, the tooltip now contains [#] if enabled
  
• the trace log buffer can now be adjusted with "TraceBufferPages=2560"
  -- the value denotes the count of 4k large pages to be used, here for a total of 10 MB
  
• new functionality to the list finder
  
• Enchanced RpcMgmtSetComTimeout handing with "UseRpcMgmtSetComTimeout=some.dll,n"
  -- this option allows to specify for each individual dll if RpcMgmtSetComTimeout should be used or not
  -- this setting takes precedence over hard coded and per process presets
  -- "UseRpcMgmtSetComTimeout=some.dll" and "UseRpcMgmtSetComTimeout=some.dll,y" are equivalent
  
• Added "FakeAdminRights=y" option that makes processes in a given box think thay have admin permissions
  -- this option is recomended to be used in combination with "DropAdminRights=y" to improve securits
  -- With "FakeAdminRights=y" and "DropAdminRights=y" installers should still work
  
• added RPC support for SSDP API (the Simple Service Discovery Protocol), Enable with "OpenUPnP=y"
  

Changed

• improved RPC debugging
  
• improved IPC handling around RpcMgmtSetComTimeout
  -- required exceptions have been hard coded for specific calling dll's
  
• the LogApi dll is now using Sbies tracing facility to logg events instead of an own pipe server
  
• SbieCrypto no longer triggers message 1313
  
• changed enum process API now more (no limit) than 511 proceses per box can be enumerated
  
• Reorganized box settings a bit
  
• Made COM tracing more verbose
  

Fixed

• FIXED SECURITY ISSUE: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
  
• fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
  
• fixed issue with resource monitor sort by timestamp
  
• FIXED SECURITY ISSUE: a race condition in the driver allowed to obtain a elevated rights handle to a process (thanks typpos)
  
• FIXED SECURITY ISSUE: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
  -- this allowed elevated processes to change passwords, delete users and alike, to disable filtering use "OpenSamEndpoint=y"
  
• FIXED SECURITY ISSUE: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
  -- this allowed elevated processes to change hardware configuration, to disable filtering use "OpenDevCMApi=y"
  
• fixed issues with webcam access when the DevCMApi filtering is in place
  
• fixed issue with free download manager for 'AppXDeploymentClient.dll' RpcMgmtSetComTimeout=y is used
  
• fixed not all WinRM files were blocked by the driver, with "BlockWinRM=n" this file block can be disabled
  

https://github.com/sandboxie-plus/Sandbo.../tag/0.7.1

[harlan4096]

Sandboxie Plus v0.7.2/ Classic v5.49.0:

Homepage
Download Page & Changelog
Download | 32-Bit
Download | 64-Bit
Download | 32-Bit Plus
Download | 64-Bit Plus

[harlan4096]

Sandboxie v0.7.3 / 5.49.5:

Change Log

Added

• added "UseSbieWndStation=y" to emulate CreateDesktop for selected processes, not only for Firefox and Chrome
  
• added option to drop the console host process integrity, now you can use "DropConHostIntegrity=y"
  
• added option to easily add local templates
  

Changed

• reworked window hooking mechanism to improve performance
  -- resolves issues with file save dialogs taking 30+ sec to open
  -- this fix greatly improves the win32 GUI performance of sandboxed processes
  
• reworked RPC resolver to be ini configurable
  -- the following options are now deprecated:
  --- "UseRpcMgmtSetComTimeout=some.dll,n", so use "RpcPortBinding=some.dll,*,TimeOut=y"
  --- "OpenUPnP=y", "OpenBluetooth=y", "OpenSmartCard=n" use the new templates instead
  -- See the Templates.ini for usage examples
  

Fixed

• fixed process-specific hooks being applied to all processes in a given sandbox
  
• fixed issue with messages and templates sometimes not being properly displayed in the SandMan UI
  
• fixed issue with compatibility settings not being applied properly
  
• fixed auto delete issue that got introduced with 0.7.1
  
• fixed issue with NtSetInformationFile, FileDispositionInformation resulting in Opera installer failing
  
• fixed issue with MacType introduced in the 0.7.2 build
  
• fixed global sandboxed windows hooks not working when window rename option is disabled
  
• fixed issue with saving local templates
  
• fixed issue when using runas to start a process that was created outside of the Sandboxie supervision
  -- since the runas facility is not accessible by default, this did not constitute a security issue
  -- to enable runas functionality, add "OpenIpcPath=\RPC Control\SECLOGON" to your Sandboxie.ini
  -- please take note that doing so may open other yet unknown issues
  
• fixed a driver compatibility issue with Windows 10 32 bit Insider Preview Build 21337
  
• fixed issues with driver signature for windows 7
  

Download

[harlan4096]

Sandboxie + Release v0.7.4 / 5.49.7:

ChangeLog

Added

• added "UseSbieWndStation=y" to emulate CreateDesktop for selected processes, not only for Firefox and Chrome
  
• added option to drop the console host process integrity, now you can use "DropConHostIntegrity=y"
  
• added option to easily add local templates
  
• added option to disable file migration prompt
  
• added UI options for variouse security isolation features
  
• added missing functionality to set template values in the plus UI
  

Changed

• reworked window hooking mechanism to improve performance
  -- resolves issues with file save dialogs taking 30+ sec to open
  -- this fix greatly improves the win32 GUI performance of sandboxed processes
  
• reworked RPC resolver to be ini configurable
  -- the following options are now deprecated:
  --- "UseRpcMgmtSetComTimeout=some.dll,n", so use "RpcPortBinding=some.dll,*,TimeOut=y"
  --- "OpenUPnP=y", "OpenBluetooth=y", "OpenSmartCard=n" use the new templates instead
  -- See the Templates.ini for usage examples
  
• Align default settings of AutoRecover and Favorites to the Plus version (thanks isaak654)
  
• list of email clients and browsers is now centralized on Dll_GetImageType
  

Fixed

• fixed process-specific hooks being applied to all processes in a given sandbox
  
• fixed issue with messages and templates sometimes not being properly displayed in the SandMan UI
  
• fixed issue with compatibility settings not being applied properly
  
• fixed auto delete issue that got introduced with 0.7.1
  
• fixed issue with NtSetInformationFile, FileDispositionInformation resulting in Opera installer failing
  
• fixed issue with MacType introduced in the 0.7.2 build
  
• fixed global sandboxed windows hooks not working when window rename option is disabled
  
• fixed issue with saving local templates
  
• fixed issue when using runas to start a process that was created outside of the Sandboxie supervision
  -- since the runas facility is not accessible by default, this did not constitute a security issue
  -- to enable runas functionality, add "OpenIpcPath=\RPC Control\SECLOGON" to your Sandboxie.ini
  -- please take note that doing so may open other yet unknown issues
  
• fixed a driver compatibility issue with Windows 10 32 bit Insider Preview Build 21337
  
• fixed issues with driver signature for windows 7
  
• fixed minor issue with logging internet blocks
  
• fixed issue with file recovery when located on a network share
  
• fixed ui issue with CallTrace
  
• fixed crated sandbox links gettign double extension
  
• fixed misplaced labels in the classic ui (thanks isaak654)
  
• fixed separator line in Sbiectrl (thanks isaak654)
  

Download

[harlan4096]

Sandboxie + Release v0.7.5 / 5.49.8:

ChangeLog

Added

• with "OpenClipboard=n" clipboard access for a sandbox can be now disabled
  

Changed

• now by default the OpenBluetooth template is enabled to enable compatybility with unity games
  
• "PreferExternalManifest=program.exe,y" can now be set on a per process basis
  

Fixed

• fixed compiled issues with the most recent vs2019 update
  
• fixed issue with vivaldi browser
  
• fixed some issues with box options in the plus ui
  
• fixed some issues with hw acceleration in chromium based browsers
  
• the stop all command now issues "kmdutill scandll" first to solve issues when the SbieDll.Dll is in use
  
• workaround for electorn apps, by forcing a additional commandline argument on the gpu renderer process
  

Download

[harlan4096]

Sandboxie + Release v0.8.0 / 5.50.0:
 
ChangeLog

Added

• Sandboxie now applies by default "Close...=!,..." directives to non-excluded images if they are located in a sandbox
  -- added 'AlwaysCloseForBoxed=n' to disable this behaviour as it may not be always desired, and it doesn't provide extra security
  
• added process image information to Sandman UI
  
• localized template categories in the Plus UI
  
• added "DisableResourceMonitor=y" to disable resource access monitor for selected boxes
  
• added option to show trace entries only for the selected sandbox
  
• added "UseVolumeSerialNumbers=y" that allows drive letters to be suffixed with the volume SN in the \drive\ sandbox location
  -- it helps to avoid files mixed together on multiple pendrives using the same letter
  -- note: this option is not compatible with the recovery function of the Classic UI, only SandMan UI is fully compatible
  

Changed

• portable cleanup message now has y/n/c options
  
• consolidated Proc_CreateProcessInternalW and Proc_CreateProcessInternalW_RS5 to remove duplicate code
  
• the ElevateCreateProcess fix, as sometimes applied by the Program Compatibility Assistant, will no longer be emulated by default
  -- use 'ApplyElevateCreateProcessFix=y' or 'ApplyElevateCreateProcessFix=program.exe,y' to enable it
  
• trace log gets disabled only when it has no entries and the logging is stopped
  

Fixed

• fixed APC issue with the new global hook emulation mechanism and WoW64 processes
  
• fixed IPv6 issues with BlockPort options
  
• fixed an issue with CheatEngine when "OpenWinClass=*" was specified
  
• fixed memory corruption in SbieDrv
  
• fixed crash issue with process elevation on CreateProcess calls
  
• fixed process elevation when running in the built-in administrator account
  
• fixed template preview resetting unsaved entries in box options window
  

Download

[harlan4096]

Sandboxie + Release v0.8.1 / 5.50.1

Changelog

Added

• Sandboxie now applies by default "Close...=!,..." directives to non-excluded images if they are located in a sandbox
  -- added 'AlwaysCloseForBoxed=n' to disable this behaviour as it may not be always desired, and it doesn't provide extra security
  
• added process image information to Sandman UI
  
• localized template categories in the Plus UI
  
• added "DisableResourceMonitor=y" to disable resource access monitor for selected boxes
  
• added option to show trace entries only for the selected sandbox
  
• added "UseVolumeSerialNumbers=y" that allows drive letters to be suffixed with the volume SN in the \drive\ sandbox location
  -- it helps to avoid files mixed together on multiple pendrives using the same letter
  -- note: this option is not compatible with the recovery function of the Classic UI, only SandMan UI is fully compatible
  

Changed

• portable cleanup message now has y/n/c options
  
• consolidated Proc_CreateProcessInternalW and Proc_CreateProcessInternalW_RS5 to remove duplicate code
  
• the ElevateCreateProcess fix, as sometimes applied by the Program Compatibility Assistant, will no longer be emulated by default
  -- use 'ApplyElevateCreateProcessFix=y' or 'ApplyElevateCreateProcessFix=program.exe,y' to enable it
  
• trace log gets disabled only when it has no entries and the logging is stopped
  

Fixed

• fixed APC issue with the new global hook emulation mechanism and WoW64 processes
  
• fixed IPv6 issues with BlockPort options
  
• fixed an issue with CheatEngine when "OpenWinClass=*" was specified
  
• fixed memory corruption in SbieDrv
  
• fixed crash issue with process elevation on CreateProcess calls
  
• fixed process elevation when running in the built-in administrator account
  
• fixed template preview resetting unsaved entries in box options window
  
• fixed an issue with driver verifier and user handles
  
• fixed driver memory leak of FLT_FILE_NAME_INFORMATION objects
  
• fixed broken clipboard introduced in 5.50.0
  
• fixed dcom launch issue on windows 7 32 bit introduced in 5.50.0
  

Download