Release v0.4.0 / 5.43

This build brings a great new feature, snapshots, these allow to save a box state. The file system changes are saved incrementally for every snapshot a folder named snapshot-n where n is the snapshot id will be created in the box folder. The snapshot layout as well as the information which one is the currently used one are saved in a snapshot.ini in the box folder. With this feature tracing what applications do will be even easier, as well as undoing destructive changes that may have occurred.

Also with this release the SbiePlus build gets an own proper installer, from the get go. If you want t use the Plus build portable just choose the "Extract" option from the installer that will just unpack it to a selected folder.

Important Note:

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.

If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos

Changelog

Added

• added a proper custom installer to the the Plus release
• added sandbox snapshot functionality to sbie core
  -- filesystem is saved incrementally, the snapshots built upon each other
  -- each snapshot gets a full copy of the box registry for now
  -- each snapshot can have multiple children snapshots
• added access status to resource monitor
• added setting to change border width
• added snapshot manager UI to SandMan
• added template to enable authentication with an Yubikey or comparable 2FA device
• added ui for program allert
• added software compatybility options to teh UI

Changed

• SandMan UI now handles deletion of sandboxe content on its own
• no longer adding redundnat resource accesses as new events

Fixed

• fixed issues when hooking functions from delay loaded libraries
• fixed issues when hooking an already hooked function
• fixed issues with the new box settings editor

Removed

• removes deprecated workaround in the hooking mechanism for an obsolete antimalware product

Release v0.3.5 / 5.42.1

This build brings the new SandMan UI a large step closer to full feature parity with SbieCtrl

Important Note:

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.

If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos

Changelog

Added

• Added settings window
• added translationsupport
• added dark theme
• added auto start option
• added sandbox options
• added debug option "NoAddProcessToJob=y"

Changed

• improved empty sandbox tray icon
• improved message parsing
• updated homepage links

Fixed

• fixed ini issue with sandman.exe when renaming sandboxes
• fixed ini auto reload bug introduced in the last build
• fixed issue when hooking delayd loaded libraries

Release v0.3 / 5.42

This is a huge update fixing many bugs and security issues, it also expands on the functionality of the new SandMan.exe UI component, Check out the full ChangeLog for more details.

Important Note:

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.

If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos

Changelog:

Added

• API_QUERY_PROCESS_INFO can be now used to get the original process token of sandboxed processes
  -- Note: this capability is used by TaskExplorer to allow inspecting sandbox internal tokens
• Added option "KeepTokenIntegrity=y" to make the sbie token keep its initial integrity level (debug option)
  -- Note: Do NOT USE Debug Options if you dont know their security implications (!)
• Added process id to log messages very usefull for debugging
• Added finder to resource log
• Added option to hide host processes "HideHostProcess=[name]"
  -- Note: Sbie hides by default processes from other boxes, this behavioure can now be controlled with "HideOtherBoxes=n"
• Sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" howeever that breaks sandboxed explorer and other
• BuiltIn Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
• Processes can be now terminated with the del key, and require a confirmation
• Added sandboxed window border display to SandMan.exe
• Added notification for sbie log messages
• Added Sandbox Presets sub menu allowing to quickly change some settings
  -- Enable/Disable API logging, logapi_dll's are now distributed with SbiePlus
  -- And other: Drop admin rights; Block/Allow internet access; Block/Allow access to files on te network
• Added more info to the sandbox status column
• Added path column to SbieModel
• Added info tooltips in SbieView

Changed

• Reworked ApiLog, added pid and pid filter
• Auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes
• Sandbox names now replace "_" witn " " for display allowing to use names that are build of separated words

Fixed

• added mising PreferExternalManifest itialization to portable mode
• fixed permission issues with sandboxed system processes
  -- Note: you can use "ExposeBoxedSystem=y" for the old behaviour (debug option)
• fixed missing SCM access check for sandboxed services
  -- Note: to disable the access check use "UnrestrictedSCM=y" (debug option)
• fixed missing initialization in serviceserver that caused sandboxed programs to crash when querying service status
• fixed many bugs that caused the SbieDrv.sys to BSOD when run with MSFT Driver Verifier active
  -- 0xF6 in GetThreadTokenOwnerPid and File_Api_Rename
  -- missing non optional parameter for FltGetFileNameInformation in File_PreOperation
  -- 0xE3 in Key_StoreValue and Key_PreDataInject

Release v0.2.2 / 5.41.2

This build finally fixes the MSI installer issue, also it adds some debugging improvements.

Important Note:

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.

If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos

Changelog:

Added

• added option SeparateUserFolders=n to no longer have the user profile files stored separately in the sandbox
• added SandboxieLogon=y it makes processes run under the SID of the "Sandboxie" user instead of the Anonymous user
  -- Note: the global option AllowSandboxieLogon=y must be enabled, the "Sandboxie" user account must be manually created first and the driver reloaded, else process start will fail
• improved debugging around process creation errors in the driver

Fixed

• fixed some log messages going lost after driver reload
• found a workable fix for the MSI installer issue, see Proc_CreateProcessInternalW_RS5

Release v0.2.1 / 5.41.1

This build focuses on usage improvements and bug fixes.

Please note that if you want to use an existing Sandboxie installation it must be updated to version 5.41.1

Important Note:

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.

If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos

[0.2.1 / 5.41.1] - 2020-06-18

Added

• added different sandbox icons for different types
  -- Red LogAPI/BSA enabled
  -- More to come :D
• Added progress window for async operations that take time
• added DPI awareness
• the driver file is now obfuscated to avoid false positives
• additional debug options to sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y
  -- Note: using these options weekens the sandboxing, they are intended for debugging and may be used for better application virtualization later

Changed

• SbieDll.dll when processinh InjectDll now looks in the SbieHome folder for the Dll's if the entered path starts with a backslash
  -- i.e. "InjectDll=\LogAPI\i386\logapi32v.dll" or "InjectDll64=\LogAPI\amd64\logapi64v.dll"

Fixed

• IniWatcher did not work in portable mode
• service path fix broke other services, now properly fixed, may be
• found workaround for the msi installer issue

Release v0.2 / 5.41

This build brings a much more feature complete SandMan (Sandboxie Manager) it is now capable of installing/uninstalling and controlling the driver/service from the Sandbox->Maintenance menu these options are available.
If a Sandboxie-Plus.ini is created in its root directory it will operate in a fully portable mode.

Please note that if you want to use the existing Sandboxie installation it must be updated to version 5.41

Important Note:

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.

If you want SandboxiePlus to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos

[0.2 / 5.41] - 2020-06-08

Added

• IniWatcher, no more clicking reload, the ini is now reloaded automatically every time it changes
• Added Mainanance menu to the Sandbox menu, allowing to install/uninstall and start/stop sandboxie driver, service
• SandMan.exe now is packed with Sbie files and when no sbie is installed acts as a portable instalation
• Added option to clean up logs

Changed

• sbie driver now first checks the home path for the sbie ini before checking SystemRoot

Fixed

• Fixed a resource leak when running sandboxed
• Fixed issue boxed services not starting when the path contained a space
• NtQueryInformationProcess now returns the proper sandboxed path for sandboxed processes

Release v0.1

First release of the early new Sandboxie UI concept, and some driver improvements for better logging/debugging. The new UI uses a new Sandboxie API library made for Qt integration.

The SandMan.exe (Sandboxie Manager) is intended as a replacement for the SbieCtrl.exe

[0.1 / 5.40.2] - 2020-06-01

Added

• Created a new Qt-based UI named SandMan (Sandboxie Manager)
• Resource monitor now shows the PID
• Added basic API call log using updated BSA LogApiDll

Changed

• reworked resource monitor to work with multiple event consumers
• reworked log to work with multiple event consumers

Release v5.40.1

This is the first non original release, it fixes the the issue: #1 and adds some new debug capabilities.

Change Log:

Added

• "Other" type for the Resource Access Monitor
  -- added call to StartService to the logged Resources

Fixed

• fixed "Windows Installer Service could not be accessed" that got introduced with Windows 1903

Note:

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets.
This means some anti malware applications flag it as potentially dangerous: https://www.virustotal.com/gui/file/f1587c91eb6ff49c20fa1f026358ebe8f9bc10625f86013c975abe894cd146ac/detection

Based on the source code released by Sophos

This release is built from the original sources as released by Sophos, using VS2015. The only modification made is a repaired encoding in SbieControl.rc

The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I had to use a leaked code signing certificate I found laying around the Internet.
This means some anti-malware applications flag it as potentially dangerous: https://www.virustotal.com/gui/file/f1587c91eb6ff49c20fa1f026358ebe8f9bc10625f86013c975abe894cd146ac/detection

Note: For Windows XP, use SandboxieInstall32_xp.exe