Releases: sandboxie-plus/Sandboxie
Release v0.5.0 / 5.45.0
This build is a major milestone in the development of Sandboxie, it marks the first open source release that has a driver properly signed for windows 10 and 8.
For windows 7 unfortunately the signing process did not returned a working driver, a solution is being worked on.
Therefor please NOTE that due to this the "for windows 7" installers include the old provisionally signed driver for the time being.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
The new SandMan UI finally reached full feature parity with the old legacy UI, it has a new interactive notification window and brings many new features improving on many aspects of Sandboxie-Plus, the UI has a myriad of usability improvements. The snapshot management has been greatly improved as have been the debug options for tracing and resolving compatibility issues. The process start warning mechanism has been extended to a fully fledged system wide process start blocker, that now accepts executable names as well as folders. And last but not least this build also brings an optional Updater mechaism to keep Sandboxie (Plus and Legacy) up to date.
You can support my work through donations, any help will be greatly appreciated.
Change Log
Added
- added new notification window
- added user interactive control mechanism when using the new SandMan UI
-- when a file exeeds the copy limit instead of failing, the user is prompted if the file should be copied or not
-- when internet access is blocked it now can be exempted in real time by the user - added missing file recovery and auto/quick recovery functionality
- added silent MSG_1399 boxed process start notification to keep track of short lived boxed processes
- added ability to prvent system wide process starts, sandboxie can now instead of just alerting also block processed on the alert list
-- set "StartRunAlertDenied=y" to enable prcess blocking - the process start alert/block mechanism can now also handle folders use "AlertFolder=..."
- added ability to merge snapshots
- added icons to the sandbox context menu in the new UI
- added more advanced options to the sandbox options window
- added file migration progress indicator
- added more run commands and custom run commands per sandbox
-- the the box settings users can now speficy programs to be available from the box run menu
-- also processes can be pinned to that list from the presets menu - added more windows 10 specific template presets
- added ability to create desktop shortcuts to sandboxed items
- added icons to box option tabs
- added box grouping
- added new debug option "DebugTrace=y" to log debug output to the trace log
- added check for updates to the new SandMan UI
- added check for updates to the legacy SbieCtrl UI
Changed
- File migration limit can now be disabled by specifying "CopyLimitKb=-1"
- improved and refactored mesage logging mechanism, reducing memory usage by factor of 2
- terminated boxed processes are now kept listed for a coupel of seconds
- reworked sandbox dletion mechaism ofthe new UI
- restructured sandbox options window
- SbieDLL.dll can now be compiled with an up to date ntdll.lib (Thanks to TechLord from Team-IRA for help)
- improved automated driver self repair
Fixed
- fixed issues migrating files > 4GB
- fixed a issue that would allow a maliciosue application to bypass the internet blockade
- fixed issue when logging messages from a non sandboxed process, added process_id parameter to API_LOG_MESSAGE_ARGS
- fixed issues with localization
- fixed issue using file recovery in legacy ui SbieCtrl.exe when "SeparateUserFolders=n" is set
- when a program is blocked from starting due to restrictions no redundant messages are issues anymore
- fixed UI not properly displaying async errors
- fixed issues when a snapshot operation failed
- fixed some special cases of IpcPath and WinClass in the new UI
- fixed driver issues with WHQL passing compatybility testing
- fixed issues with classical installer
Release v0.4.5 / 5.44.1
This build fixes many bugs and introduces a lot of new debugging facilities.
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
ChangeLog
Added
- added "Terminate all processes" and "disable forced programs" commands to tray menu in SandMan ui
- program start restrictions settings now can be switsched between a white list and a black list
-- programs can be terminated and blacklisted from the context menu - added additional process context menu options, lingering and leader process can be now set from menu
- added option to view template presets for any given box
- added text filter to template view
- added new compatybility templates:
-- Windows 10 core UI component: OpenIpcPath=\BaseNamedObjects[CoreUI]-* solving issues with Chinese Input and Emojis
-- FireFox Quantum, access to windows FontCachePort for compatybility with windows 7 - added experimental debug option "OriginalToken=y" which lets sandboxed processes retain their original unrestricted token
-- This option is comparable with "OpenToken=y" and is intended only for testing and debugging, it BREAKS most SECURITY guarantees (!) - added debug option "NoSandboxieDesktop=y" it disables the desktop proxy mechanism
-- Note: without an unrestricted token with this option applications wont be able to start - added debug option "NoSysCallHooks=y" it disables the sys call processing by the driver
-- Note: without an unrestricted token with this option applications wont be able to start - added ability to record verbost access tracess to the resource monitor
-- use ini options "FileTrace=", "PipeTrace=", "KeyTrace=", "IpcTrace=", "GuiTrace=" to record all events
-- replace "" to log only: "A" - allowed, "D" - denided, or "I" - ignore events - added ability to record debug output strings to the resource monitor,
-- use ini option DebugTrace=y to enable
Changed
- AppUserModelID sting no longer contains sandboxie version string
- now by default sbie's application manifest hack is disabled, as it causes problems with version checking on windows 10
-- to enable old behavioure add "PreferExternalManifest=y" to the global or the box specific ini section - the resource log mechanism can now handle multiple strings to reduce on string copy operations
Fixed
- fixed issue with disabling some restriction settings failed
- fixed disabling of internet block from the presets menu sometimes failed
- the software compatybility list in the sandman UI now shows the proper template names
- fixed use of freed memory in the driver
- replaced swprintf with snwprintf to prevent potential buffer overflow in SbieDll.dll
- fixed bad list performance with resource log and api log in SandMan UI
Experimental Release v0.4.4 / 5.44.0
This build introduced a couple of architectural changes to the core mechanics of sandboxie, it should work well but with larger changes without a large test base its never guaranteed.
(!) Caution (!):
This is an experimental build, it may break things, if you experience issues please revert to 0.4.3 / 5.43.7
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
ChangeLog
Added
- added SbieLdr (experimental)
Changed
- moved code injection mechanism from SbieSvc to SbieDll
- moved function hooking mechanism from SbieDrv to SbieDll
- introduced a new driverless method to resolve wow64 ntdll base address
removed
- removed support for windows vista x64
Release v0.4.3 / 5.43.7
Maintenance release fix a couple of bugs.
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
SHA256 Check Summs:
- Sandboxie-Plus-x64-v0.4.3.exe b62cf1670939af53930672cab1d9f89b02f980a3c96cb226f7424c4c72798c09
- Sandboxie-Plus-x86-v0.4.3.exe 2a723af7f041756835461a50bb6d19280badeea35eeb9a75e6d55dc80e8e5b84
- SandboxieInstall64-v5.43.7.exe 4e5414f243725caa7f7c4b3c329be13420c166f048a8af0b83bdfd78b890145f
- SandboxieInstall32-v5.43.7.exe c3145d356dc91e88fab91a0cbc4e75a82787d3ac1633e22933fee527deeb3fcd
ChangeLog
Added
- added disable forced programs menu command to he sandman ui
Fixed
- fixed file rename bug introduced with an earlier driver verifier fix
- fixed issue saving access lists
- fixed issue with program groups parsing in the SandMan UI
- fixed issue with intrnet access restriction options
- fixed issue deleting sandbox when located on a drive directly
Release v0.4.2 / 5.43.6
Bug fix release resolving a critical chrome 86+ incompatibility and fixing many resource leaks.
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
SHA256 Check Summs:
- SandboxieInstall32-v5.43.6.exe 77a3c0832826405cd579a3431b511941856cccfadadafd475707b36b5b84b6b5
- SandboxieInstall64-v5.43.6.exe 52ae02dbc7b6f1569adc041daaf5aff27beb3774d82a8f4bb6e0df82494c5f56
- Sandboxie-Plus-x64-v0.4.2.exe af2206bb12a4c33daa126bc92fcf6f2251f09b2df2aa57339b275744d9947d2b
- Sandboxie-Plus-x86-v0.4.2.exe 3fa3244af04b02b4376b7816bcffa0433c152833be89fd72d69009d4272da321
ChangeLog
[0.4.2 / 5.43.6] - 2020-10-10
Added
- added explore box content menu option
Fixed
- fixed thread handle leak in SbieSvc and other components
- msedge.exe is now categorized as a chromium derivate
- fixed chrome 86+ compatybility bug with chroms own sandbox
Release v0.4.1 / 5.43.5
Bug fix release resolving many issues, some of them introduced with the previous build.
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
ChangeLog
Added
- added core version compatybility check to sandman UI
- added shell integration options to SbiePlus
Changed
- SbieCtrl does not longer auto show the tutorian on first start
- when hooking, the to the trampoline migrated section of the original function is not longer noped out
-- it caused issues with unity games, will be investigated and re enabled later
Fixed
- fixed color issue with vertical tabs in dark mode
- fixed wrong path separators when adding new forced folders
- fixed directroy listing bug intriduced in 5.43
- fixed issues with settings window when not being connected to driver
- fixed issue when starting sandman ui as admin
- fixed auto content delete not working with sandman ui
Release v0.4.0 / 5.43
This build brings a great new feature, snapshots, these allow to save a box state. The file system changes are saved incrementally for every snapshot a folder named snapshot-n where n is the snapshot id will be created in the box folder. The snapshot layout as well as the information which one is the currently used one are saved in a snapshot.ini in the box folder. With this feature tracing what applications do will be even easier, as well as undoing destructive changes that may have occurred.
Also with this release the SbiePlus build gets an own proper installer, from the get go. If you want t use the Plus build portable just choose the "Extract" option from the installer that will just unpack it to a selected folder.
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
Changelog
Added
- added a proper custom installer to the the Plus release
- added sandbox snapshot functionality to sbie core
-- filesystem is saved incrementally, the snapshots built upon each other
-- each snapshot gets a full copy of the box registry for now
-- each snapshot can have multiple children snapshots - added access status to resource monitor
- added setting to change border width
- added snapshot manager UI to SandMan
- added template to enable authentication with an Yubikey or comparable 2FA device
- added ui for program allert
- added software compatybility options to teh UI
Changed
- SandMan UI now handles deletion of sandboxe content on its own
- no longer adding redundnat resource accesses as new events
Fixed
- fixed issues when hooking functions from delay loaded libraries
- fixed issues when hooking an already hooked function
- fixed issues with the new box settings editor
Removed
- removes deprecated workaround in the hooking mechanism for an obsolete antimalware product
Release v0.3.5 / 5.42.1
This build brings the new SandMan UI a large step closer to full feature parity with SbieCtrl
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
Changelog
Added
- Added settings window
- added translationsupport
- added dark theme
- added auto start option
- added sandbox options
- added debug option "NoAddProcessToJob=y"
Changed
- improved empty sandbox tray icon
- improved message parsing
- updated homepage links
Fixed
- fixed ini issue with sandman.exe when renaming sandboxes
- fixed ini auto reload bug introduced in the last build
- fixed issue when hooking delayd loaded libraries
Release v0.3 / 5.42
This is a huge update fixing many bugs and security issues, it also expands on the functionality of the new SandMan.exe UI component, Check out the full ChangeLog for more details.
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
Changelog:
Added
- API_QUERY_PROCESS_INFO can be now used to get the original process token of sandboxed processes
-- Note: this capability is used by TaskExplorer to allow inspecting sandbox internal tokens - Added option "KeepTokenIntegrity=y" to make the sbie token keep its initial integrity level (debug option)
-- Note: Do NOT USE Debug Options if you dont know their security implications (!) - Added process id to log messages very usefull for debugging
- Added finder to resource log
- Added option to hide host processes "HideHostProcess=[name]"
-- Note: Sbie hides by default processes from other boxes, this behavioure can now be controlled with "HideOtherBoxes=n" - Sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" howeever that breaks sandboxed explorer and other
- BuiltIn Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
- Processes can be now terminated with the del key, and require a confirmation
- Added sandboxed window border display to SandMan.exe
- Added notification for sbie log messages
- Added Sandbox Presets sub menu allowing to quickly change some settings
-- Enable/Disable API logging, logapi_dll's are now distributed with SbiePlus
-- And other: Drop admin rights; Block/Allow internet access; Block/Allow access to files on te network - Added more info to the sandbox status column
- Added path column to SbieModel
- Added info tooltips in SbieView
Changed
- Reworked ApiLog, added pid and pid filter
- Auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes
- Sandbox names now replace "_" witn " " for display allowing to use names that are build of separated words
Fixed
- added mising PreferExternalManifest itialization to portable mode
- fixed permission issues with sandboxed system processes
-- Note: you can use "ExposeBoxedSystem=y" for the old behaviour (debug option) - fixed missing SCM access check for sandboxed services
-- Note: to disable the access check use "UnrestrictedSCM=y" (debug option) - fixed missing initialization in serviceserver that caused sandboxed programs to crash when querying service status
- fixed many bugs that caused the SbieDrv.sys to BSOD when run with MSFT Driver Verifier active
-- 0xF6 in GetThreadTokenOwnerPid and File_Api_Rename
-- missing non optional parameter for FltGetFileNameInformation in File_PreOperation
-- 0xE3 in Key_StoreValue and Key_PreDataInject
Release v0.2.2 / 5.41.2
This build finally fixes the MSI installer issue, also it adds some debugging improvements.
Important Note:
The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
Changelog:
Added
- added option SeparateUserFolders=n to no longer have the user profile files stored separately in the sandbox
- added SandboxieLogon=y it makes processes run under the SID of the "Sandboxie" user instead of the Anonymous user
-- Note: the global option AllowSandboxieLogon=y must be enabled, the "Sandboxie" user account must be manually created first and the driver reloaded, else process start will fail - improved debugging around process creation errors in the driver
Fixed
- fixed some log messages going lost after driver reload
- found a workable fix for the MSI installer issue, see Proc_CreateProcessInternalW_RS5