Releases: sandboxie-plus/Sandboxie
Release v0.6.0 / 5.46.5
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
Changelog
Added
- added comfirmation prompts to terminate all commands
- added window title to boxed process info
- added winspy based sandboxed window finder
- added option to view disabled boxes and double click on box to enable it
Changed
- reset columns now resized them to fit the content, also "Reset Columns" can now be localized
- modal windows are now centered to the parent
- improved new box window
Fixed
- fixed issues with window modality
- fixed issues when main window was set to be always on top
- fixed an driver issue with windows 10 insider build 21286
- fixed issues with snapshot dialog
- fixed an issue when writing to a path that aready exist in the napshot but not outside
Release v0.5.5 / 5.46.4
This build resolves an issue with the registry isolation present since window 10 CU.
Further more it adds many minor usability improvements and fixes many UI bugs with the new SandMan UI.
See the change log for a full list.
Sandboxie-Plus-x64-v0.5.5.exe SHA256: b4929200bd4c217579dedca8577b3a74e1e4217249792f64e6ba49ecab408afd
Sandboxie-Plus-x86-v0.5.5.exe SHA256: cdb5f3f07a09443f1e13f7cd048be63b123840a9b81f3ff6258b10b2e1254882
Provisional Windows 7 Drivers.zip SHA256: b7eaa60e96721973c36aa0b00b75e4085dda3c366facc65aa554d935d7494879
Sandboxie-Classic-x64-v5.46.4.exe SHA256: 24dcdce3244bde707f57bde1af372733752d8238076443250871c3f048e4ed9c
Sandboxie-Classic-x86-v5.46.4.exe SHA256: 5052f70fe6ee277c76fb77cfb2c63194d6f19ce9edb5cb107c9269358e93c8fa
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
Changelog
Added
- added "SandboxService=..." to force selected services to be started in the sandbox
- added template cleanup functionality to plus UI
- allow internet prompt now also allow internet access pemanently
- added browse button for box root folder in the SandMan UI
- added explorer info message
- added option to keep the sandman UI always on top
- added drag and drop file on to sandman exe to open/run it sandboxed
- added start SandMan UI when a sandboxed application starts
- recovery window can now list all files
- added file cunter to recovery window
- when "NoAddProcessToJob=y" is specified chrome and alike now can fully use the job system
-- Note: "NoAddProcessToJob=y" reduces the box isolation, but the affected functions are mostly covered by UIPI anyways - added obtimized default column widths to the sbie view
Changed
- improved access tracing, removed redundant entries
- OpenIpcPath=\BaseNamedObjects[CoreUI]-* is now hardcoded in the driver no need for the template entry
- WindowsFontCache is now open by default
- refactored some IPC code in the driver
- updated templates (thanks isaak654)
- when trying to take a snapshot of an empty sandbox a proper error message is displayed
- new layout for the recovery window
- sbie view sorting is now case insensitive
Fixed
- fixed issue allowing to bypass the registry isolation, present since Windows 10 Creators Update
- fixed creation time not always being properly updated in the SandMan UI
- fixed issue child window closing terminating application when main was hidden
- fixed issues with non modal windows
- fixed issues connecting in portable mode to driver
- fixed minor issues with snapshot window
- fixed missing error message when atempting to create an aleady existing sandbox
- fixed issue allowing to save setting when a sandbox was alrady deleted
- fixed issues with disabled items in dark mode
- fixed some dialogs not closing on esc
- fixed tab stops on many windows
Release v0.5.4 / 5.46.2 - Hotfix 2
Urgent security fixes (thanks @diversenok)
Build 5.46.0 resolves many box isolation issues some of them critical that could allow rogue applications to escape the sandbox. It is highly advised to upgrade quickly to the new builds. For further details please review the change log below.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
Hotfix2 (5.46.2) Changelog
Added
- added "CallTrace=*" to log all system calls to the access log
Changed
- improved ipc logging code
- improved MSG_2101 logging
Fixed
- fixed more issues with ipc tracing
- fixed SBIE2101 issue with crome and derivatives
Hotfix (5.46.1) Changelog
Added
- added "RunServiceAsSystem=..." allows specific named services to be ran as system
Changed
- refactored some code around SCM access
Fixed
- fixed a crash issue in SbieSvc.exe introduced with the last build
- fixed issue with sandman ui update check
Removed
- removed "ProtectRpcSs=y" due to incompatybility with new isolation defaults
Release ( 5.46.0) Changelog
Added
- Sandboxie now strips particularly problematic privileges from sandboxed system tokens
-- with those a process could atempt to bypass the sandbox isolation (thanks Diversenok)
-- old legacy behavior can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended) - added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
-- those resources are open by default but for a hardened box its desired to close them - added print spooler filter to prevent printers from being set up outside the sandbox
-- the filter can be disabled with "OpenPrintSpooler=y" - added overwrite prompt when recovering an already existing file
- added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
- added more compatybility templates (thanks isaak654)
Changed
- Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system
-- use "RunServicesAsSystem=y" to enable the old legacy behavior
-- Note: sandboxed services with a system token are still sandboxed and restricted
-- However not granting them a system token in the first place removes possible exploit vectors
-- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence! - Reworked dynamic IPC port handling
- Improved Resource Monitor status strings
Fixed
- fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
- fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
- fixed issue with ipc tracing
- fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
-- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y" - fixed hooking issues SBIE2303 with chrome, edge and possibly others
- fixed failed check for running processes when performing snapshot operations
- fixed some box option checkboxes were not properly initialized
- fixed unavailable options are not properly disabled when sandman is not connected to the driver
- fixed MSI instalelr issue, not being able to create "C:\Config.Msi" folder on windows 20H2
- added missing localization to generic list commands
- fixed issue with "iconcache_*" when runngin sandboxed explorer
- fixed more issues with groups
Release v0.5.4 / 5.46.2 - Test Build
This build tests some driver changes improving on resource access tracing.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
Changelog
Changed
- improved access tracing, removed redundant entries
- OpenIpcPath=\BaseNamedObjects[CoreUI]-* is now hardcoded in the driver no need for the template entry
- WindowsFontCache is now open by default
- refactored some IPC code in the driver
Fixed
- fixed creation time not always being properly updated in the SandMan UI
Release v0.5.4 / 5.46.1 - Hotfix
Urgent security fixes (thanks @diversenok)
Build 5.46.0 resolves many box isolation issues some of them critical that could allow rogue applications to escape the sandbox. It is highly advised to upgrade quickly to the new builds. For further details please review the change log below.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
Hotfix Changelog
Added
- added "RunServiceAsSystem=..." allows specific named services to be ran as system
Changed
- refactored some code around SCM access
Fixed
- fixed a crash issue in SbieSvc.exe introduced with the last build
- fixed issue with sandman ui update check
Removed
- removed "ProtectRpcSs=y" due to incompatybility with new isolation defaults
Release Changelog
Added
- Sandboxie now strips particularly problematic privileges from sandboxed system tokens
-- with those a process could atempt to bypass the sandbox isolation (thanks Diversenok)
-- old legacy behavior can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended) - added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
-- those resources are open by default but for a hardened box its desired to close them - added print spooler filter to prevent printers from being set up outside the sandbox
-- the filter can be disabled with "OpenPrintSpooler=y" - added overwrite prompt when recovering an already existing file
- added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
- added more compatybility templates (thanks isaak654)
Changed
- Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system
-- use "RunServicesAsSystem=y" to enable the old legacy behavior
-- Note: sandboxed services with a system token are still sandboxed and restricted
-- However not granting them a system token in the first place removes possible exploit vectors
-- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence! - Reworked dynamic IPC port handling
- Improved Resource Monitor status strings
Fixed
- fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
- fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
- fixed issue with ipc tracing
- fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
-- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y" - fixed hooking issues SBIE2303 with chrome, edge and possibly others
- fixed failed check for running processes when performing snapshot operations
- fixed some box option checkboxes were not properly initialized
- fixed unavailable options are not properly disabled when sandman is not connected to the driver
- fixed MSI instalelr issue, not being able to create "C:\Config.Msi" folder on windows 20H2
- added missing localization to generic list commands
- fixed issue with "iconcache_*" when runngin sandboxed explorer
- fixed more issues with groups
Release v0.5.4 / 5.46.0
Urgent security fixes (thanks @diversenok)
Build 5.46.0 resolves many box isolation issues some of them critical that could allow rogue applications to escape the sandbox. It is highly advised to upgrade quickly to the new builds. For further details please review the change log below.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
ChangeLog
Added
- Sandboxie now strips particularly problematic privileges from sandboxed system tokens
-- with those a process could atempt to bypass the sandbox isolation (thanks Diversenok)
-- old legacy behavior can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended) - added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
-- those resources are open by default but for a hardened box its desired to close them - added print spooler filter to prevent printers from being set up outside the sandbox
-- the filter can be disabled with "OpenPrintSpooler=y" - added overwrite prompt when recovering an already existing file
- added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
- added more compatybility templates (thanks isaak654)
Changed
- Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system
-- use "RunServicesAsSystem=y" to enable the old legacy behavior
-- Note: sandboxed services with a system token are still sandboxed and restricted
-- However not granting them a system token in the first place removes possible exploit vectors
-- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence! - Reworked dynamic IPC port handling
- Improved Resource Monitor status strings
Fixed
- fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
- fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
- fixed issue with ipc tracing
- fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
-- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y" - fixed hooking issues SBIE2303 with chrome, edge and possibly others
- fixed failed check for running processes when performing snapshot operations
- fixed some box option checkboxes were not properly initialized
- fixed unavailable options are not properly disabled when sandman is not connected to the driver
- fixed MSI instalelr issue, not being able to create "C:\Config.Msi" folder on windows 20H2
- added missing localization to generic list commands
- fixed issue with "iconcache_*" when runngin sandboxed explorer
- fixed more issues with groups
Release v0.5.3 / 5.45.2
This is a maintenance release it brings some small new features and fixes many minor issues.
The plus installer was improved it now provides a extract function and creates the required Sandboxie.ini and Sandboxie-plus.ini for portable operations.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
ChangeLog
Added
- added prompt to choose if links in the sandman ui should be open in a sandboxed or unsandboxed browser
- added more recovery options, "recovery & ..." and more recver to options
- added "ClosedClsid=" to block com objects from being used when thay cause compatybility issues
- added "ClsidTrace=*" option to trace COM usage
- added "ClosedRT=" option to block access to problematic Windows RT interfaces
- added option to make a link for any selected process to sandman ui
- added option to reset all hidden messages
- added more process presets "Force program" and "allow internet access"
- added "SpecialImage=chrome,some_electron_app.exe" option to sandboxie.ini, valid image types "chrome", "firefox"
-- with this option you can enable special hardcoded workarounds to new obscure forks of those browsers - added german translation (thanks bastik-1001) to the sandman UI
- added russian translation (thanks lufog) to the sandman UI
- added portuguese translation (thanks JNylson ) to the sandman UI
- added settings for the porteble boxed root folder option
- added process name to resource log
- added command line column to the process view in the sandman UI
Changed
- changed docs and update urls to the new sandboxie-plus.com domain
- greately improved the innos etup script (thanks mpheath)
- "OpenClsid=" and "ClosedClsid=" now support specifyed a program or group name
- by default when started in portable mode the sandbox folder will be located to the parent directory of the sandboxie instance
Fixed
- grouping menu not fully working in the new sandman ui
- fixed can't set quick recovery in sandman ui
- fixed resource leak when loading process icons in sandman ui
- fixed issue with OpenToken debug options
- fixed chrome crashing on websites that cause the invocation of "FindAppUriHandlersAsync"
- fixed issue connecting to the driver when starting in portable mode
- fixed missing template setup when creating new boxes
- fixed a few issues wiht group handling
- fixed issue with GetRawInputDeviceInfo when runnign a 32 bit program on a 64 bis system
- fixed issue when pressing apply int he "Resource Access" tab the last edited value was not always applyed
- fixed issue merging entries in resource access monitor
removed
- removed obsolete "OpenDefaultClsid=n" use "ClosedClsid=" with the aproproate values instead
- removed suspend/resume menu entry, pooling that state wasts substantial cpu cycles, use task explorer for that functionality
Release v0.5.3a / 5.45.2
This is a maintenance release it brings some small new features and fixes many minor issues.
The plus installer was improved it now provides a extract function and creates the required Sandboxie.ini and Sandboxie-plus.ini for portable operations.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
ChangeLog
Added
- added prompt to choose if links in the sandman ui should be open in a sandboxed or unsandboxed browser
- added more recovery options, "recovery & ..." and more recver to options
- added "ClosedClsid=" to block com objects from being used when thay cause compatybility issues
- added "ClsidTrace=*" option to trace COM usage
- added "ClosedRT=" option to block access to problematic Windows RT interfaces
- added option to make a link for any selected process to sandman ui
- added option to reset all hidden messages
- added more process presets "Force program" and "allow internet access"
- added "SpecialImage=chrome,some_electron_app.exe" option to sandboxie.ini, valid image types "chrome", "firefox"
-- with this option you can enable special hardcoded workarounds to new obscure forks of those browsers - added german translation (thanks bastik-1001) to the sandman UI
- added russian translation (thanks lufog) to the sandman UI
- added portuguese translation (thanks JNylson ) to the sandman UI
Changed
- changed docs and update urls to the new sandboxie-plus.com domain
- greately improved the innos etup script (thanks mpheath)
- "OpenClsid=" and "ClosedClsid=" now support specifyed a program or group name
- by default when started in portable mode the sandbox folder will be located to the parent directory of the sandboxie instance
Fixed
- grouping menu not fully working in the new sandman ui
- fixed can't set quick recovery in sandman ui
- fixed resource leak when loading process icons in sandman ui
- fixed issue with OpenToken debug options
- fixed chrome crashing on websites that cause the invocation of "FindAppUriHandlersAsync"
- fixed issue connecting to the driver when starting in portable mode
- fixed missing template setup when creating new boxes
removed
- removed obsolete "OpenDefaultClsid=n" use "ClosedClsid=" with the aproproate values instead
- removed suspend/resume menu entry, pooling that state wasts substantial cpu cycles, use task explorer for that functionality
Release v0.5.2 / 5.45.1
This is a maintenance release it does not bring any major new features but resolves a myriad of various bugs including a BSOD issue when "Core isolation" was enabled and a major compatibility bug with windows 10 build 2004 and later.
It also brings a few minor +UI Improvements and an entirely new set of Icons.
For Windows 7 unfortunately the signing process did not returned a working driver, a solution is being worked on.
Therefor, for the time being please download the "Provisional Windows 7 Drivers.zip" package and provide the driver to the setup when prompted for.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.
Change Log
Added
- added advanced new box creation dialog to sandman ui
- added show/hide tray context menu entry
- added refresh button to file recovery dialog
- added mechanism to load icons from {install-dir}/Icons/{icon}.png for UI customization
- added tray indicator to show disabled forced program status in the sandman ui
- added program name suggestions to box options in sandman ui
- added saving of column sizes in the options window
Changed
- reorganized the advanced box options a bit
- changed icons (thanks Valinwolf for picking the new once)
- updated Template.ini (thanks isaak654)
- increates max value for disable forced process time in sandman ui
Fixed
- fixed BSOD introduced in 5.45.0 when using windows 10 "Core isolation"
- fixed minor issue with lingering/leader processes
- fixed menu issue in sandman ui
- fixed issue with stop behavioure page in sandman ui
- fixed issue with Plus installer not displaying kmdutil window
- fixed sandman UI saving ui settings on windows shutdown
- fixed issue with Plus installer autorun
- fixed issue with legacy installer not removing all files
- fixed a driver compatybility issue with windows 20H1 and later
-- this solves "stop pending", line messager hanging and other issues... - fixed quick recovery issue in SbieCtrl.exe introduced in 5.45.0
- fixed issue advanced hide process settings, not saving
- fixed some typos in the UI (thanks isaak654)
- fixed issue with GetRawInputDeviceInfo failing when boxed processes are put in a job object
-- this fix resolves isses with CP2077 andother PC Games not getting keyboard input (thanks Rostok) - fixed failing ClipCursor wont longer span the message log
- fixed issue with adding recovery folders in sandman ui
- fixed issue with office 2019 template when using a non default sbie install location
- fixed issue settign last access atribute on sandboxed folders
- fixed issue with process start signal
Release v0.5.1
This build resolves many issues with the last plus release, as well as updates many components.
It is now being compiled with Visual Studio 2019 using Qt 5.15.1.
Also the installer has been changed to use Inno Setup 6.
Therefore it is necessary to manually uninstall the previous build and clean install the new release.
For windows 7 users the provisional driver is now distributed separately, during install the setup will prompt to provide the required driver file which is to be downloaded and unpacked manually.
For the classical Sandboxie build please see the previous release: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.5.0
Changelog
Added
- Added simple view mode
Changed
- Updated SandMan UI to use Qt5.15.1
Fixed
- fixed crash issue with progress dialog
- fixed progress dialog cancel button not wokong for update checker
- fixed issue around NtQueryDirectoryFile when deleting sandbox content
- fixed dark theme in the notification window
- fixed issue with disable force pograms tray menu