Sandboxie-Plus 1.0.8

This build fixed many issues, and adds a new functionality: "BreakoutProcess=program.exe" which allow to preset programs to be able to escape a sandbox, hence this is a feature rather for compartmentalization then security, but the way its implemented, a breakout process, will be captured by an other sandbox if it is configured as a forced process for it. So a possibly security related use case would be to have the a box dedicated to run your web browser only, where it is forced, and have it configured as a break out process for all other boxes or globally. In this scenario no mater what boxed or unboxed application starts a browser it will always run in the browser box.

This new feature is enabled only for certified project supporters, if I reach 250 patrons it will be made available to all users, please consider supporting the development of sandbox-plus: https://www.patreon.com/DavidXanatos

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.8

ChangeLog
Added

• added Portuguese of Portugal on Plus UI (by JNylson, isaak654, mpheath) #1497
• added "BreakoutProcess=program.exe", with this option selected applications can be started unboxed from within a box #1500
  -- the program image must be located outside the sandbox for this to work
  -- if another sandbox has "ForceProcess=program.exe" configured, it will capture the process
  -- use case: set up a box with a Web browser forced, when another box opens a website, this will happen in the dedicated browser box
  -- Note: "BreakoutFolder=some\path" is also available
• added silent uninstall switch /remove /S for Classic installer (by sredna) #1532

Changed

• The filename "sandman_pt" was changed to "sandman_pt_BR" (Brazilian Portuguese) #1497
• The filename "sandman_ua" was changed to "sandman_uk" (Ukrainian) #1527
  -- Note: Translators are encouraged to follow the Localization notes and tips before creating a new pull request
• updated Firefox update blocker (discovered by isaak654) #1545

Fixed

• fixed issue with opening all file access OpenFilePath=* #971
• fixed issue with opening network shares #1529
• fixed possible upgrade issue with Classic installer (by isaak654) 130c43a
• fixed minor issues with Classic installer (by sredna) #1533
• fixed issue with Ldr_FixImagePath_2 #1507
• when using "Run Sandboxed" with SandMan UI and the UI is off, it wil stay off.
• fixed issue with Util_GetProcessPidByName that should resolve the driver sometimes failing to start at boot #1451
• SandMan will now run in background like SbieCtrl when starting a boxed process post506
• fixed taskbar not showing with persistent box border in full screen post474
• fixed box border not spanning across multiple monitors #1512
• fixed issues with border when using DPI scaling #1506
• fixed DPI issues with Qt #1368
• fixed issue with bright flashing on window creation when in dark mode #1231
• fixed issues with the PortableRootDir setting #1509
• fixed issue with the settings window crashing when the driver was not connected
• fixed DPI issues with Finder Tool #912
• fixed another issue with reused process IDs #1547
• fixed issue introduced in 1.0.6 related to SeAccessCheckByType #1548

 

That is a brilliant feature!

 

Looking very good so far! Many thanks for that.

 

Bug introduced: border is not visible in a maximized window except the inferior one



BorderColor=#0055ff,on,4

1280 x 800 / 100%
Running Windows 7 x86 for now
Sandboxie-Plus v1.0.8

Plus v1.0.7 is fine.



Also the autodelete function is still not working on some apps/sandboxes.

 

Did a clean install and everything is working good. I don't get the UAC popup after several reboots. Autodelete is working good for the apps I have sandboxed.

Windows 10 21H2 (64-bit)
Sandboxie Classic 5.55.8 (64-bit)

Sandboxed apps:
Firefox 96.0.1 (64-bit)
Thunderbird 91.5.0 (64-bit)
Microsoft Edge 97.0.1072.62 (Official build) (64-bit)

 

I can't reproduce this on my end it seams workign fine.
do you have this with plus or classic, and whats the dpi settings?

 

I see you're using Windows 7. Is it 32-bit or 64-bit? What's the resolution/dpi of your screen? It also looks like you're using Sandboxie Plus. I'm assuming it's the latest version 1.0.8? What version of Irfanview are you using?

On my end, using Sandboxie Classic 5.55.8 (64-bit), Windows 10 21H2 (64-bit) and Irfanview 4.59 (64-bit), everything works good.

Irfanview Minimized


Irfanview Maximized


The above pics are with the first box checked to display the border. I also tried with both boxes checked, which means the border will only show up when you move your mouse pointer to the window/app title on top. Both ways work for me.


If you're using an older version of Irfanview, you might want to try getting the latest version which includes new features, updates and fixes. It's a free download and is maintained by donations.

Irfanview download:
https://www.irfanview.com/

Irfanview changes/update history:
https://www.irfanview.com/main_history.htm

 

Hi David
Just tried 1.0.8 and it appears the sandman window not reflecting my display settings zoom setting.

Thanks for the great work

 

1280 x 800 / 100%
Running Windows 7 x86 for now
Sandboxie-Plus v1.0.8

Plus v1.0.7 is fine.

 

Hello,
I had to revert back to Sandboxie Classic 5.55.7; auto delete doesn't appear to work again with Chrome.
I have a Lenovo laptop with Windows 11 home fully patched (CPU Intel 8th gen - 8 GB RAM DDR 4 - 256 GB SSD )
[edit to add] Microsoft Defender is the only antimalware I use. UAC turned off.

I'd like to thank DavidXanatos for his efforts.
Cheers

 

1.0.8 installed on 3 laptops so far and all seems to work well! Have tested: Edge (default browser), Firefox, Chrome, Brave and Vivaldi; also Word and Adobe Reader. All behaving as they should.

I have the same issue with the yellow border missing on just the top part of apps in Sandboxie when the app is maximised. It is present on the bottom and the sides. Note, this is only happening on my external monitor when running the laptop as a desktop. When running the apps on the laptops own monitor with Sandboxie, the border displays on all edges. The resolution of the external display is 3480 x 2160 with 200% scaling (the recommended settings), and my laptop monitors are 3480 x 2160 with 250% scaling, and 1920x 1280 with 150% scaling. Seems to be an external display issue? Wasn't happening on 1.0.7. I personally don't consider this minor cosmetic issue a problem, just letting you know it's a difference in this build.

Auto-delete is working well on every app tested as per above, including Chrome. I'm not sure if it makes a difference, but my preferred method to update, is to uninstall Sandboxie and then do a clean installation, including with a fresh ini file.

Also very happy to report no UAC prompts on any of the machines I've upgraded to 1.0.8 with win 32 hooking enabled once again! Office also loads beautifully with this UAC issue seemingly resolved.

Awesome work David. Sandboxie-Plus is looking very polished these days; the GUI looks great and is very easy to use.

 

One day later things still looking VERY good with this release. Indeed pretty much beginning to look like the first rock-solid issue of the v1.x range. Bravo for that!

But as they say there is always room for improvement. Which is why I feel encouraged to propose one further feature. For quite some time now the (Chromium based) browsers won't upgrade properly any more when that browser is forced to run sandboxed. Thankfully @DavidXanatos has already implemented checkboxes in the GUI-Sandbox-options, in particular in the "forced-folders" section, which quite facilitate to temporarily take the parent-folder of the browser out of the "forced-folders"-ensemble for a hassle-free upgrade process.

And yet there seems to be an even easier method for that purpose. When right-clickling the upgrade file from the file-manager there is always an option "run sandboxed" which, when selected, also offers an explicit way (checkbox) to run a program outside the sandbox. If i now chose to run the upgrade-file that way the upgrade-process apparently would complete with success initially. But the browser then would still start sandboxed for the first time within the upgrade process and it has turned out after some experiments that the "upgraded" browser-version afterwards therefore is not really equivalent to an upgraded browser-version that did run across a non-forced parent-folder.

In my opinion however that option to explicitly run a program outside the sandbox should take precedence over the "forced-folders"-setting for that particular run. That is the browser should open un-sandboxed for the first time within the upgrade procedure to complete its upgrade-tasks. In other words by that option the upgrade-process should run in an equivalent manner and with equivalent results as if it had been applied to a parent-folder that would not have been forced to run sandboxed.

From a logics-point-of-view it would IMHO appear inconsistent if the user explicitly chooses to run a certain process outside the sandbox by that dialog-option and then the "forced-folder"-setting would still interfere with that deliberate instruction and still start the browser sandboxed after upgrade-completion thereby apparently somehow crippling the final steps of the upgrade process.

Having that said it is of course completely up to @DavidXanatos to decide how difficult it would be to implement such a proposal based on logical consideration into practical terms and if such a change of the "run-outside-sandbox"-option might perhaps result in unforeseen or unwanted consequences in the aftermath.

 

I don't get it, why is this a great feature? To me it would make more sense to be able to disable sandboxing and to only virtualize browsers since they already have their own built-in sandbox, such a feature would be interesting.

 

My humongous thanks to David for adding "Osiris" to the list of "Other Browsers."

 

Freshly installed Plus 1.0.8 and boxed Firefox. All the basic checks (like instant recovery) passed so far. Looking good.

 

A quick question about the sandboxie plus gui Maintenance->Disconnect option.
Does "Disconnect" stop the driver (sbiedrv.sys) or service (sbiesvc.exe) or both or...??

 

Neider, disconnect only disconnects, to stop the components use the appropriately named "stop all" option

 

Thank you.
A follow-up question related to running two sbie versions (but one at a time):
I have two folders D:\sbie107 and D:\sbie108 with corresponding sbie versions (portable).
At startup, I run sbie v1.08 by starting sandman.exe in D:\sbie108.
If I use "Stop All" (to stop the v108 driver/service),
can I then switch to D:\sbie107 and run v1.07 WITHOUT REBOOTING ??
[If so, this would be convenient in checking differences in the two versions]

 

Almost, unfortunately stop all does not remove the driver or service entry it only stops it, you need to uninstall them using the sub menu beneath the stop all command.

you can use the following script to stopp and uninstall all:

Code:

taskkill /IM SbieCtrl.exe /F

SandMan.exe -op EmptyAll
SandMan.exe -op Disconnect

timeout 1

net stop SbieSvc
KmdUtil.exe /lang=1033 stop SbieDrv

timeout 1

KmdUtil.exe /lang=1033 delete SbieSvc
KmdUtil.exe /lang=1033 delete SbieDrv

echo everythign stopped
pause

just put a copy of this into each of your sandboxie folders and run it, it will do the stop all boxes (-op EmptyAll), and disconnect the running sandman (-op Disconnect)
and then stop the service and driver and finaly remove them

if you press connect in an other sandman it will when needed install driver and service ans start those

 

I'll add a stop and uninstall menu command to the next build, but it will only be visible when run in portable mode

 

Thank you so much @DavidXanatos for adding this useful option in the next build
and for the script (which I will save as a .bat file and try out with v107 and v108 ).
I may be just a "small" supporter but this makes me feel like royalty!!!

 

You're welcome, I think its a useful improvement, and i ran into this issue myself often having to use the advanced menu with more clicks, having a 1 click remove option will surely come in handy when testing different versions.

 

At this rate of meticulous tweaking revisions and overall application development, Mr. Xanatos will surely find himself featured on the front cover of Time Magazine as Man of the Year as well as the recipient of a Nobel Prize. Sandboxie is rapidly becoming an example where impeccable coding truly evolves into a masterful work of art.

 

X2