Releases: sandboxie-plus/Sandboxie
Release v1.12.3 / 5.67.3
Release Notes
This build brings a lot of usability improvements, most notably the ability to auto force all removable media (Requires a supporter certificate).
In the settings, exceptions can be specified, based on the volume serial number to exclude selected devices from forced sandboxing.
This build also enhances on the global hotkeys, two new hotkeys "Alt + Break" have been added to bring the sandman window in front with the top most flag set, and "Ctrl + Alt + F" to toggle disabling of forced processes, furthermore the terminate all hotkey "Shift + Break" (panic hotkey) has been improved, individual sandboxes can be configured to be excluded from a blanket global terminate all command, however when the panic hotkey is invoked 3 times with < 1 sec between presses it will terminate all boxed processes, no exceptions.
Also worth mentioning is an improvement to the service handling which allows to install and run the GOG launcher sandboxed in a reduced isolation box with the following configuration:
UnrestrictedSCM=y
RunServicesAsSystem=y
NoSecurityIsolation=y
Template=RpcPortBindingsExt
Further work is ongoing to make GOG work in a standard sandbox.
For a full list of changes and fixes please review the full Changelog.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.12.2 / 5.67.2
This build fixes many issues and adds some new functionality.
This is a unsigned pre-release build, a final build is scheduled for the end of this week.
For a full list of changes and fixes please review the full Changelog.
Release v1.12.1 / 5.67.1
This build fixes a couple of issues, among them an issue with Firefox 120.
For a full list of changes and fixes please review the full Changelog.
Release v1.12.0 / 5.67.0
Release Notes
This build brings a lot of usability improvements most notably the ability to auto force all removable media (Requires a supporter certificate).
In the settings exceptions can be specified, based on the volume serial number to exclude selected devices form forced sandboxing.
This build also enhances on the global hot keys, two new hot keys have been added "Alt + Break" to bring the sandman window in front with the top most flag set, and "Ctrl + Alt + F" to toggle disabling of forced processes, furthermore the terminate all (panic hotkey) hot key "Shift + Break" has been improved, individual sandboxes can be configured to be excluded from a blanket global terminate all command, however when the panic hotkey is invoked 3 times with < 1 sec between presses it will terminate all boxed processes, no exceptions.
Also worth mentioning is an improvement to the service handling which allows to install and run the GOG launcher sand boxed in a reduced isolation box with the following configuration:
UnrestrictedSCM=y
RunServicesAsSystem=y
NoSecurityIsolation=y
Template=RpcPortBindingsExt
Further work is ongoing to make the GOG work in a standard sandbox.
For a full list of changes and fixes please review the full Changelog.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.11.4 / 5.66.4
Release Notes
This is a maintenance release fixing a various issues and adds minor improvements
For a full list of changes and fixes please review the full Changelog.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.11.3 / 5.66.3
Release Notes
This is a maintenance release fixing a few issues, and updating the 7z library to 23.01 which fixes a security issue present in previous versions of this library.
For a full list of changes and fixes please review the full Changelog.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.11.2 / 5.66.2
Release Notes - New Features and Enhancements
Sandboxie-Plus 1.11.x comes with a new component ImBox.exe which in combination with new service and driver mechanisms enables exciting new functionality. The ImBox.exe is a block device proxy for the ImDisk driver (which can be installed using the add-on manager introduced in 1.10.x) and is capable of creating dynamic RAMDisks as well as mounting Encrypted Box Images using DiskCryptor's robust and reliable AES-XTS implementation.
-
The RAMDisks integration is available to all project supporters with a valid supporter certificate, it allows for seamless RAMDisk usage once configured on the add-on options settings page and enabled for selected sandboxes. The RAMDisk can be mounted without a drive letter providing a seamless experience, the appropriate Folders on the shared RAMDisk are linked to the default box root folder locations. The RAMDisk is NOT persistent this means that all data stored on the RAMDisk vanish once the system is rebooted, making such a sand box ideal to store transient confidential data.
-
The Encrypted Box Image feature uses encrypted container files to store a boxes root directory (containing all files and the boxes registry hive) the mounted encrypted volume is by default guarded by the driver such that only processes runnign within the sandbox (and essential sbie+ components) can access the files stored on that volume. In combination with the "ConfidentialBox=y" option, host process read access to sandboxed processes memory is effectively blocked, ensuring no rogue process on the host can access confidential data in RAM belonging to sandboxed processes. The combination of this mechanisms creates secure enclaves, which ensure data processed within an enclave can not leak to the host (except for user configured OpenFilePath locations) and is protected even when the host would to be compromised (only adversaries which obtained kernel level privileges can bypass these mechanisms).
Note: As the new Box Encryption feature opens up a completely new branch of use-cases, which would merit being a separate product on its own, it requires a separate advanced encryption option which must be obtained in addition to a valid supporter certificate, except for the following certificate types: Contributor, Patreon, Huge and Large, all others need to be upgraded using a upgrade key which can be obtained on the web store and has to be entered on the support page.
Also for more clarity the available certificate scheme was restructured Small was renamed to Subscription, Medium to just Personal, Large was removed and a Family Pack subscription was added.
For a full list of changes and fixes please review the full Changelog.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.11.1 / 5.66.1
This is a maintenance release it fixes various bugs and issues, see the full changelog for details
There is an issue with validating one of the new certificate types in this build, newer issued certificates should work and all users which have received an affected one will get an updated one by email.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.11.0 / 5.66.0
Release Notes - New Features and Enhancements
-
ImDisk Driver Integration
We are excited to introduce the integration of the ImDisk driver. This new addition allows users to create boxes that reside directly in a RAM disk, offering enhanced performance and speed. -
Encrypted Sandbox Support
Your data security is our priority. With our newly added Encrypted Sandbox support, users can now establish confidential boxes that ensure zero data leaks to the host PC. This feature is designed for those seeking an extra layer of security.
ImBox Component: Leveraging the cryptographic prowess of DiskCryptor, our new ImBox component ensures that the sandbox root folder is securely stored within an encrypted container file.
Enhanced Security with SbieDrv: Our innovative use of SbieDrv actively prevents processes that don't belong to the sandbox from accessing an encrypted sandbox's root folder. Your data remains isolated and protected.
ConfidentialBox Option: With the "ConfidentialBox=y" option, host process read access to sandboxed processes memory is effectively blocked, further safeguarding your sensitive information.
Upgrade now and experience a more secure and streamlined sandboxing experience!
Note: The Encrypted Sandbox feature requires a advanced level supporter certificate, Contributor, Great Patreon, Huge and Large type certificates qualify, Business, Medium and Small needs to be upgraded using a upgrade key which can be obtained on the web store and has to be entered on the support page. The client then obtains an upgraded certificate of the same type from the server.
Also for more clarity the available certificate scheme was restructured Small was renamed to Subscription, Medium to just Personal, Large was removed and a Family Pack subscription was added.
For a full list of changes and fixes please review the full Changelog.
You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
Release v1.10.5 / 5.65.5
This build adds a new scriptable troubleshooting wizard to help resolve sandboxing and UI issues, the wizard can be directly invoked from the SBIEMSG pop Up dialog. The settings dialog has been slightly restructured to add more space to update options, a bug was fixed causing the updater to run every day and not once per week, and a setting was added allowing to pick the update interval.
We have also added an addon manager which allows to install additional components, like a script debugger for the troubleshooting wizard, a file checker, the logapi dll, and a few other usefull addons.
This build has also significantly reworked the low level injection mechanism, it should now work better and is much more flexible, although this being a large change requires some testing to ensure it works great on all scenarios.
For a full list of changes and fixes please review the full Changelog.