Sandboxie Plus (open source fork of Sandboxie)

[Decimuss]

Sandboxie v0.5.4 / 5.46.0

ChangeLog
Added
 

• Sandboxie now strips particularly problematic privileges from sandboxed system tokens
  -- with those a process could atempt to bypass the sandbox isolation (thanks Diversenok)
  -- old legacy behavior can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended)
  
• added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
  -- those resources are open by default but for a hardened box its desired to close them
  
• added print spooler filter to prevent printers from being set up outside the sandbox
  -- the filter can be disabled with "OpenPrintSpooler=y"
  
• added overwrite prompt when recovering an already existing file
  
• added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
  
• added more compatybility templates (thanks isaak654)
  

Changed
 

• Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system
  -- use "RunServicesAsSystem=y" to enable the old legacy behavior
  -- Note: sandboxed services with a system token are still sandboxed and restricted
  -- However not granting them a system token in the first place removes possible exploit vectors
  -- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence!
  
• Reworked dynamic IPC port handling
  
• Improved Resource Monitor status strings
  

Fixed
 

• fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
  
• fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
  
• fixed issue with ipc tracing
  
• fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
  -- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y"
  
• fixed hooking issues SBIE2303 with chrome, edge and possibly others
  
• fixed failed check for running processes when performing snapshot operations
  
• fixed some box option checkboxes were not properly initialized
  
• fixed unavailable options are not properly disabled when sandman is not connected to the driver
  
• fixed MSI instalelr issue, not being able to create "C:\Config.Msi" folder on windows 20H2
  
• added missing localization to generic list commands
  
• fixed issue with "iconcache_*" when runngin sandboxed explorer
  
• fixed more issues with groups
  

Homepage
Download page & Changelog
Download / 64-Bit
Download / 32-Bit
Download  / 32-Bit Plus
Download / 64-Bit Plus