Sandboxie-Plus 1.13.6 (Pre-Release)

In this release, we've introduced several enhancements and fixes to improve user experience and system functionality. A notable addition is the "BlockInterferenceControl=y" option, designed to prevent sandboxed processes from manipulating windows and mouse pointers, although it's recommended to disable this feature in gaming environments due to potential compatibility issues. We've also implemented support for hardlinks and introduced a new mechanism for terminating non-responsive sandboxed processes.

On the changes front, several experimental options have been renamed to more accurately describe their functions, such as "IsBlockCapture=y" to "BlockScreenCapture=y" and "IsProtectScreen" to "CoverBoxedWindows=y", and these have been clearly labeled as experimental in the user interface.

This update also includes various fixes across the board. We've resolved issues with the settings dialog not displaying correct RAM disk letters, and a series of bugs introduced by a new QT version that affected the updater and troubleshooting wizard. Additionally, specific problems caused by enabling "DropAdminRights/FakeAdminRights" have been addressed, and crashes in KeePass due to "BlockScreenCapture=y" have been fixed. Other corrections ensure that Sandboxie remains compatible with older Windows 7 systems.

(Summary by ChatGPT LOL)

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.13.6
Added

• added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao)
  • Note: this option may cause issues in games hence do not enable it for gaming boxes.
• added support for hardlinks #3826
• added mechanism to terminate stuck sandboxed processes from the driver
• added Make the trigger list editable #3742
• added Optionally extend the screenshot protection to the UI #3739
• added a button to edit local/custom templates #3738
• asses Permanently Re-sizable or Larger "Run Sandboxed" Window #3697

Changed

• improved Avast template #3777
• renamed a bunch of experimental options and marked them as experimental in the UI
  • "IsBlockCapture=y" -> "BlockScreenCapture=y"
  • "IsProtectScreen=>" -> "CoverBoxedWindows=y"

Fixed

• fixed When I change the BlockDNS and BlockPorts options, the Apply button is not activated #3807
• fixed troubleshooting wizard broke with new qt #3810
• fixed Settings dialog now showing the right ram disk letter
• fixed issues with updater broke with new qt due to missing SSL support 3810
• fixed Enabling "DropAdminRights/FakeAdminRights" adds "BlockInterferePower and ForceProtectionOnMount" to the INI #3825
• fixed KeePass "Out of Memory" crash due to "BlockScreenCapture=y" #3768
• fixed Sandboxie 1.13.4 with IsBlockCapture=y brakes on Windows 7 #3769
• fixed explorer.exe issue "FakeAdminRights=y" #3638
• fixed Make it possible to disable forced folder warning #3569

 

Installation over flawed v.1.13.5 went as expected and witout issues. V1.13.6 after preliminary checks seems to perform well, in particular the auto-updater-feature seems to be up and running again. No issues detected so far.

 

This is a known 1.13.5 issue and fixed in 1.13.6

 

No, I'm afraid you misunderstood. Since the auto-updater was broken in v1.13.5 b/c of sloppy Qt-version-update this flawed version is NEVER going to "heal itself", not even with properly working future releases. That is exactly the "dead-lock-situation" I've been talking about in the previous thread.

In order to update to v1.13.6 IMMEDIATELY you will have to retrieve it manually from the good old GitHub-repository once again.

 

I initially thought that this was meant to be implemented as being mutually exclusive b/c there would be no need to start Sbie together with Windows as long as it would "trigger itself" before any sandboxed process could be started AND that this way it would also re-enable itself in case of inadvertant shutdown or even forced shutdown after crash.

But then again how would it monitor its own status if not somehow already running in the background?

I just tested with the new version and can now confirm that even if one unchecks the startup together with Windows and would only rely on the second option (start before any sandboxed process) the corresponding tick-mark will go away / "be grayed-out" again on the next system-reboot - even though thankfully Sbie seems to be active still and work as expected. So maybe it's not a real "bug" but only a matter of proper indication - but then should still be remedied somehow although not being a matter of urgency in that case.

 

stapp - I did a clean install of 1.13.6 and the setting (Check sandboxes' auto-delete status when Sandman starts) is now fixed.

 

Quick note: Sandboxie Plus 1.13.6 still has the issue from 1.13.5 where apps don't open after switching from the default yellow box to the red box. Did a couple of clean installs when 1.13.6 came out yesterday. I'll be doing a few clean installs again today to see if I can find the cause. Could be something in the code changed and nothing I do will work but I'll give it a try anyway.

 

this is so strange and 1.13.4 was definitely fine?

 

Yea, 1.13.4 and earlier versions worked perfectly. I spent the entire day today installing, uninstalling and re-installing again trying everything I could think of to find the issue. I used basic default settings, took out some registry entries in my ini file, waited an hour before trying to open up the apps to see if a sandboxie process was slow starting, compared the global ini file from 1.13.4 and 1.13.6 to see what changed and removed entries/settings that might be causing the issue and changing the order of how I opened the apps. Still the same issue. The box shows the app is running but the app never opens completely.

This only happens after switching to a red box. Everything opens in the default yellow box with all of my settings but after switching to a red box, creating a snapshot and enabling auto-delete, nothing opens. Even after switching to just a red box, the apps don't open.

 

@DjKilla could you please do a hybrid test, start with working 1.13.4 and then start replacing components using files from broken 1.13.5

First replace SbieDrv.sys to that end you can use the maintenance menu to stop all Sbie components, once stooped you should be able to freely replace files, then use the same menu to start all components by clinking connect, and confirming the UAC prompt.

If the newer driver works fine proceed with replacing sbiedll.dll (keep in mind that there are 2 different copies one in the install_dir and one in the install_dir\32, and they should not be confused) to this end you only need to stop the sbiesvc but can proceed like with the driver by stopping all.

Again if this works fine as well, proceed by replacing SbieSvc.exe and test again.

Once SbieDrv.sys SbieDll.dll and SbieSvc.exe have been replaced you effectively have upgraded to full 1.13.5 the other file should be not relevant for this issue.

Once I know which of the 3 components is causal for your issue I'll inspect it extra thoroughly to find what may be the issue.

I may send you then some modified builds of that component for further testing.

I would like to release a final 1.13.7 soon so we need to squash this bug ASAP.

 

That is unexpected, on my test VM Win 11 22635.3500 all boxes work fine with edge

PS: the update message ist from the compatybility asistent some templates are not contaigent on installed updates not sure why it failed on your system but its an old feature in tehre since many builds

 

It's the SbieDll.dll file in the main folder.

Don't know if this will help but I think I may have found a strange pattern with versions 1.13.5 and 1.13.6. When I do a clean install and switch to a red box (no snapshot, no auto-delete) and try to open Firefox, it doesn't open. If I try to open Edge, it doesn't open. But if I do a clean install and switch to a red box (no snapshot, no auto-delete) and try to open Edge first, it opens correctly. If I then try to open Firefox, it opens correctly. It might be my imagination or I got lucky opening up the apps but maybe it's something to check out.

Sandbox setup:
Windows 10 22H2 (64-bit)
Firefox 125.0.2 (64-bit)
Thunderbird 115.10.1 (64-bit)
Microsoft Edge 124.0.2478.51 (Official build) (64-bit)

 

hmmmm... ok so 1.13.4 works fine and 1.13.5 is broken, issue is the SbieDll.dll
Between these 2 versions there were only 2 changes
1. the option CpuAffinityMask was added, when its not configured it does not do anything so it should not be the issue and
2. the DeleteV2 mechanism was improved for better performance, I don't see how that would cause such an issue yet, but its easy to test.
When creating the new boxed don't enable Delete V2 and please test if 1.13.5 and/or 1.13.6 work fine in your scenario when its disabled, let me know the result, if we can confirm that the bug is caused by delete V2 I'll investigate that in details what may there go wrong.

 

Soooooooo, after testing every setting, combination of setups and whatever else I could think of, the ONLY setting I didn't test the entire time was simply switching the 'Virtualization scheme' from version 2 to version 1. Guess what? That's the issue! The last two versions (1.13.5, 1.13.6) which has the new re-worked 'Virtualization scheme' version 2 in the SbieDll.dll file broke something.

Here's how I tested everything:

1) Did a clean install of 1.13.5, set all of my setting up with 'Virtualization scheme' version 1, switch to red box with snapshot, auto-delete and everything works correctly. With version 2 nothing opened or worked.

2) Did a clean install of 1.13.5 again, but this time I took the working version of the SbieDll.dll file from 1.13.4 and replaced the same file in version 1.13.5 with 'Virtualization scheme' version 2 and everything works correctly.

So 'Virtualization scheme' version 2 is broken in the SbieDll.dll file in the last two versions of Sandboxie Plus.

 

hmm... ok good so we know whats broken
Whats your step by step procedure to reproduce it? Ideally with a video and sandboxie ini dump

 

Sandboxie Plus 1.13.6 also works when selecting 'Virtualization scheme' version 1.

Setting it up is easy. Do a clean install, setup whatever settings you want in both global and sandboxie, add Firefox, Edge, Thunderbird, etc. to the 'App Templates' then open up each app one at a time to get the paths needed in Sandboxie. Now switch to the red box and Firefox won't open. Edge doesn't open either in that order (Firefox first, then Edge).

My detailed setup:

1) Clean install of Sandboxie Plus 1.13.5 or 1.13.6
2) Setup global settings (General Config>enable Check sandboxes' auto-delete, Shell Integration>enable Start UI when a sandboxed process..., Shell Integration>disable Scan shell folders..., Advanced Config>enable Use Windows Filtering Platform...) <click> Ok
3) Double click the default yellow sandbox to get to the sandboxie settings
4) Add my settings to the 'Edit ini Section'

Spoiler: My Sandboxie ini settings

Template=Edge_Force
Template=Firefox_Force
Template=Thunderbird
UseFileDeleteV2=y
UseRegDeleteV2=y
ForceProcess=thunderbird.exe
ProcessGroup=<StartRunAccess>,thunderbird.exe,plugin-container.exe,msedge.exe,firefox.exe
ProcessGroup=<InternetAccess>,thunderbird.exe,msedge.exe,firefox.exe
NotifyStartRunAccessDenied=n
ClosedIpcPath=!<StartRunAccess>,*
NormalFilePath=firefox.exe,D:\Data
NormalFilePath=firefox.exe,D:\Jerry
NormalFilePath=firefox.exe,D:\Sweepstakes
OpenFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Local\Mozilla
OpenFilePath=firefox.exe,C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
OpenFilePath=thunderbird.exe,C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
OpenFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\21zxtxk5.default-release\storage
OpenFilePath=msedge.exe,C:\Users\Rockin' Jerry\AppData\Local\Microsoft\Edge
NormalFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Roaming\Mozilla
ReadFilePath=firefox.exe,C:\Users\Rockin' Jerry\Desktop
ReadKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
ReadKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\
AllowNetworkAccess=!<InternetAccess>,n
ProtectHostImages=y

4) Add the following settings (General Options>Sandboxed window border>Border disabled, File Options>File Rocovery (remove default folders and add my recovery folders (D:\Data, Jerry, Sweepstakes)) <click> Ok
5) Open each app one at a time. Since I save files using Firefox, I save any file to each recovery folder for Sandboxie to create the path.
6) Switch to the red box in the sandboxie settings <click> Ok
7) I usually click Options>Reload configuration (Probably not needed)
8: Create a snaphot (right-click on the Sandboxie box, Snapshots Manager>Take Snapshot) <click> the X to close the windows
9) I usually click Options>Reload configuration (Probably not needed)
10) Go back to the Sandboxie settings (double click on the Sandboxie box) then File Options>enable Auto Delete, <click> Ok
11) I usually click Options>Reload configuration (Probably not needed)
12) Firefox won't open and Edge won't open (in that order)

**If you do everything above using 'Virtualization scheme' version 1, everything works.
***My personal setup is not necessary to get the same issue. You can simply set it up your way in the default yellow box using 'Virtualization scheme' version 2 and get the same issue when switching to a red box and opeing Firefox.
****The issue occurs when opeing Firefox first then Edge. Both will not open in a red box using 'Virtualization scheme' version 2. This issue may occur with other apps not tested possibly when opened in a certain order (unconfirmed).

The complete sandboxie ini using 'Virtualization scheme' version 2 in a red box (Not working):

Spoiler: Sandboxie ini red box

Enabled=y
BlockNetworkFiles=y
BorderColor=#0423ee,off,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
Template=Edge_Force
Template=Firefox_Force
Template=Thunderbird
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
NormalFilePath=firefox.exe,D:\Data
NormalFilePath=firefox.exe,D:\Jerry
NormalFilePath=firefox.exe,D:\Sweepstakes
OpenFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Local\Mozilla
OpenFilePath=firefox.exe,C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
OpenFilePath=thunderbird.exe,C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
OpenFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\21zxtxk5.default-release\storage
OpenFilePath=msedge.exe,C:\Users\Rockin' Jerry\AppData\Local\Microsoft\Edge
NormalFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Roaming\Mozilla
ReadFilePath=firefox.exe,C:\Users\Rockin' Jerry\Desktop
ReadKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
ReadKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\
RecoverFolder=D:\Sweepstakes
RecoverFolder=D:\Jerry
RecoverFolder=D:\Data
ProcessGroup=<StartRunAccess>,thunderbird.exe,plugin-container.exe,msedge.exe,firefox.exe
ProcessGroup=<InternetAccess>,thunderbird.exe,msedge.exe,firefox.exe
ForceProcess=thunderbird.exe
NotifyStartRunAccessDenied=n
ClosedIpcPath=!<StartRunAccess>,*
AllowNetworkAccess=!<InternetAccess>,n
ProtectHostImages=y
UseSecurityMode=y
UsePrivacyMode=y
AutoDelete=y

 

@DjKilla
please update to 1.13.6a using the preview channel and the online updater, or manually from the patch: https://github.com/sandboxie-plus/Sandboxie/releases/download/v1.13.6/Sandboxie-Patch-1.13.6a.zip

It was a very subtle bug, the new optimized code omitted to update a variable which is only used in the registry case and not in the file case, that bug could have been dragged a long with random failures for a long time, thanks for running into it and for all the testing.

I think with it fixed we are ready for a 1.13.7 final release

 

Everything is working now. You can release 1.13.7 when you're ready!

Did a clean install of the latest version 1.13.6 and replaced both of the files SbieDll.dll and SbieDll.pdb manually in the main folder with the x64 patch. I also replaced the file SbieDll.dll manually in the 32 folder with the x64 patch. I continued with my setup and when I switched to the red box, everything worked correctly. So the bug is fixed. Thanks again for your time, help and patience while I tested and confirmed the bug!