Releases: sandboxie-plus/Sandboxie
Release v1.14.3 / 5.69.3
In the 1.14.x release line, several significant updates and fixes have been introduced to enhance the functionality and performance of sandboxed processes. These enhancements are aimed at providing users with a more robust and versatile experience, ensuring smoother and more secure operations.
One of the major updates is the introduction of the ability to force sandboxed processes to use a predefined SOCKS5 proxy. This feature allows for more controlled and secure network interactions. Additionally, the capability to intercept DNS queries for logging or redirection has been added, providing administrators with greater oversight and flexibility in managing network traffic. Notably, support for SOCKS5 proxy authentication based on RFC1928 has been incorporated, thanks to Deezzir's contributions, who also developed a Test Dialog UI for the SOCKS5 proxy. It is important to note that utilizing the Proxy and DNS features requires an advanced type certificate.
The release also introduces a new command line option, /fcp /force_children, to the start.exe utility. This option enables the initiation of a program outside the sandbox while ensuring that all its child processes are sandboxed, enhancing security without compromising flexibility. Additionally, a new feature allows for the limitation of memory usage and the number of processes within a single sandbox through job objects. This was made possible by Yeyixiao's contribution and can be configured using "TotalMemoryLimit" for overall sandbox memory limits and "ProcessMemoryLimit" for individual process limits.
Further improvements include the addition of a new "Sandboxie\All Sandboxes" SID to the token creation process, which fundamentally alters the token creation mechanism. This feature can be activated with the "SandboxieAllGroup=y" setting. Users can now also configure the "EditAdminOnly=y" setting on a per-box basis, providing more granular control over administrative permissions. Additionally, a new UI option allows users to start unsandboxed processes while forcing child processes into a sandbox, and the "AlertBeforeStart" option prompts a warning before launching a new program into the sandbox if the initiating program is not a Sandboxie component.
Moreover, the update introduces a mechanism to block unsafe calls via RPC Port message filtering and a template to prevent sandboxed processes from accessing system information through WMI. A new "Job Object" Options page has been added, consolidating all job object-related options for easier management. Several critical fixes have been implemented, including resolving Chrome printing problems and various bugs affecting sandbox properties and program launching. Compatibility with Steam running sandboxed has also been improved.
Compatibility with Windows build 26217 has been validated, and dynamic data has been updated accordingly. Finally, an issue with an early batch of Large Supporter certificates has been resolved, ensuring smoother operation and fewer disruptions. These updates collectively enhance the security, performance, and usability of sandboxed processes, providing users with a more reliable and efficient environment.
For a full list of changes and fixes please review the full change log.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.14.2 / 5.69.2
In the latest update, several significant features and improvements have been introduced. Notably, a new SbieIni option allows users to modify password-protected configurations with improved security features. The New Box Wizard now includes a "PromptForInternetAccess" checkbox, and options to hide non-system processes and Sandboxie processes from sandboxed process lists have been added. Additionally, a mechanism to block unsafe calls via RPC Port message filtering and a template to prevent sandboxed processes from accessing system information through WMI are now available. A new "Job Object" Options page consolidates all job object related options. Several critical fixes have been implemented, including resolving security issues with the "UseCreateToken=y" mechanism, issues with exporting sandboxes, Chrome printing problems, and various bugs affecting sandbox properties and program launching. Compatibility with Steam running sandboxed has also been improved.
This release note is brought to you by Chat GPT.
For a full list of changes and fixes please review the full change log.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.14.1 / 5.69.1
In this release, we have introduced several key features and improvements. A new "Sandboxie\All Sandboxes" SID has been added to the token creation process, fundamentally altering the mechanism for token creation, which can be activated with "UseCreateToken=y". Additionally, users can now configure the "EditAdminOnly=y" setting on a per-box basis, and a new UI for "CoverBoxedWindows" option is available in the new box wizard. We have also added a UI option to start unsandboxed processes while forcing child processes into a sandbox. An important new feature is the "AlertBeforeStart" option, which prompts a warning before launching a new program into the sandbox if the initiating program is not a Sandboxie component. Various fixes have been made, including resolving issues with proxy authentication, memory leaks, and driver verifier problems.
For a full list of changes and fixes please review the full change log.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.14.0 / 5.69.0
In this release, several significant updates and fixes have been introduced to enhance the functionality and performance of sandboxed processes.
A new option has been added to limit the memory of sandboxed processes and the number of processes in a single sandbox through job objects, thanks to the contribution of Yeyixiao. This can be configured using "TotalMemoryLimit" to limit the whole sandbox and "ProcessMemoryLimit" to limit individual processes.
A command line option, /fcp /force_children, has been added to start.exe, enabling the initiation of a program unsandboxed while having all its children processes sandboxed. Additionally, the ability to force sandboxed processes to use a predefined SOCKS5 proxy has been introduced. There is now also the capability to intercept DNS queries for logging and/or redirection. Support for SOCKS5 proxy authentication based on RFC1928 has been added, thanks to Deezzir, who also contributed a Test Dialog UI for the SOCKS5 proxy.
Please note that the Proxy and DNS features require an advances type certificate.
Compatibility with Windows build 26217 has been validated, and dynamic data has been updated accordingly. Lastly, an issue with an early batch of Large Supporter certificates has been resolved, ensuring smoother operation and fewer disruptions.
For a full list of changes and fixes please review the full change log.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.13.7 / 5.68.7
In the latest update of Sandboxie Plus, we have introduced several enhancements and fixes to improve user experience. Notably, file version information for SbieDll.dll and SbieSvc.exe has been added to the Sandboxie Plus About dialog. We have made improvements to the checkboxes related to the DropAdminRights feature in SandMan. This release also addresses several important bug fixes: an issue with symbolic linking of files has been resolved, and corrections have been made to the start agent option and the Delete V2 functionality that was previously introduced in version 1.13.5. These updates ensure better stability and functionality of the Sandboxie Plus software.
For a full list of changes and fixes please review the full change log.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.13.6 / 5.68.6
In this release, we've introduced several enhancements and fixes to improve user experience and system functionality. A notable addition is the "BlockInterferenceControl=y" option, designed to prevent sandboxed processes from manipulating windows and mouse pointers, although it's recommended to disable this feature in gaming environments due to potential compatibility issues. We've also implemented support for hard links and introduced a new mechanism for terminating non-responsive sandboxed processes.
On the changes front, several experimental options have been renamed to more accurately describe their functions, such as "IsBlockCapture=y" to "BlockScreenCapture=y" and "IsProtectScreen" to "CoverBoxedWindows=y", and these have been clearly labeled as experimental in the user interface.
This update also includes various fixes across the board. We've resolved issues with the settings dialog not displaying correct RAM disk letters, and a series of bugs introduced by a new QT version that affected the updater and troubleshooting wizard. Additionally, specific problems caused by enabling "DropAdminRights/FakeAdminRights" have been addressed, and crashes in KeePass due to "BlockScreenCapture=y" have been fixed. Other corrections ensure that Sandboxie remains compatible with older Windows 7 systems.
For a full list of changes and fixes please review the full change log.
Patch Sandboxie-Patch-1.13.6a.zip fixes an issue with Delete V2 introduced in 1.13.5
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.13.5 / 5.68.5
Release Notes
This build introduces a bunch of updates and some changes, the Delete V2 mechanism has been improved to handle marking a lot of host files as deleted efficiently, and the Qt library has been updated to a custom build of Qt 5.15.13 https://github.com/xanasoft/qt-builds/ (thx @LumitoLuma)
For a full list of changes and fixes please review the full change log.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Contributors
Assets 7
Release v1.13.4 / 5.68.4
Release Notes
In this update, we've introduced several key enhancements and fixes. A notable feature addition is the option to prevent sandboxed processes from capturing window images outside their environment, aimed at enhancing security; this can be activated via the "IsBlockCapture=y" setting in SandMan UI. We've also streamlined process management with the introduction of "LingerExemptWnds=n", eliminating exemptions for lingering processes with windows from termination, and added a the suspend all sandbox processes button to the toolbar and menu . Additionally, we've addressed an important bug fix related to symlinks in start menu folders, ensuring smoother system operation.
Thank you to our contributors Yeyixiao and offhub for their inputs in this update.
For a full list of changes and fixes please review the full change log.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.13.3 / 5.68.3
Release Notes
This release advances the 1.13.x build line from its experimental pre release stage to stable release, it adds significant enhancements to the hooking mechanism associated with SCM-related functions, which enhances compatibility with newer versions of Windows. The revised hooking mechanism now supports API call tracing without the necessity for LogAPI.dll.
Additionally, this update introduces a feature aimed at increasing the privacy of encrypted boxes. When the option IsProtectScreen=y is set, windows of processes operating within boxes with this option enabled will be obscured during screenshot capture or recording, enhancing user privacy.
The release also enhances the compatibility of privacy-focused boxes with Windows Explorer, resolving issues related to the Recycle Bin. To this end a new default compatibility template has been introduced, which uses a new functionality of the wildcard pattern mechanism. Now the "**" pattern is supported, which acts as a placeholder for an arbitrary string without including the backslash ("") character, thus allowing users to apply wildcards to exactly one directory level, unlike the single asterisk ("*") which applies to multiple levels.
The update also introduces compatibility with Windows 11 insider builds up to 26080.
And modifies how the driver manages offset-dependent kernel object changes, the new method now enables loading an offset configuration directly from the registry, allowing offsets to be updated without the need to rebuild the driver.
To increase system stability, Sandboxie will cease using outdated known offsets for new, unrecognized kernel builds. This change applies except in cases where the PC is part of the Windows Insider Program.
In such instances, instead of using outdated offsets, the software will disable token-based security isolation and will display the warning SBIE1207, indicating that it has reverted to an less secure fallback mode of operation.
To force the use of the last known offsets on a newer build of windows than known to be supported import the below reg file to your system registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SbieDrv\Parameters]
"AllowOutdatedOffsets"=dword:00000001
While this build has been tested and appears functional, users may encounter minor issues in certain edge cases.
For a full list of changes and fixes please review the change log starting from 1.13.0.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.13.2 / 5.68.2
Release Notes
This build fixes various issues and adds a few features, for a full list of changes please review the change log.