Sandboxie-Plus 1.7.1

This build improves the user experience by providing a new Box creation wizard and improving on the box picker dialog.
It is now possible to create a new sandbox from the run sandboxes dialog and if need be set it as temporary, so that it gets removed after the program terminates. The box picker dialog was improved and contains now a search function to be accessed with Ctrl+F.
The boxes now created use by default the Delete V2 scheme in case you experience any issues with new boxes, this can be changed back in the box options to the old Delete V1, no old boxes will be migrated to Delete V2.
The sandbox options have been restructured and the new layout is used by default, in the global settings under the appearance options it is possible to switch back to the old layout.
To improve on security the SandMan UI now indicates which processes have an administrative and which a system token.
Last but not least this build fixes a lot of issues, please see Changelog for more details.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.7.1

Changelog
Added

• added option to create a new sandbox to run from the box picker dialog
• added sandbox creation wizard (not available in Vintage View mode)
• added ability to open all com classes #2448 -- use OpenClsid={00000000-0000-0000-0000-000000000000} to open all
• the SandMan UI now indicates if a sandboxed process has a Elevated(Admin) or System token
• DropAdminRights can now be configured per process #2293
• added self removing boxes #1936
• added Ctrl+F search filter to the box picker dialog, this allows quickly to find a particular box
• added menu options to edit the templates.ini and the sansboxie-plus.ini

Changed

• refactored network blocking code in driver
• box options now show the expanded paths where apropriate
• made new box option layout the default (can be changed back in appearance settings)

Fixed

• fixed BlockNetworkFiles=y not working together with RestrictDevices=y #2629
• fixed SandMan crash issue introduced in 1.7.0
• fixed trace log filter is not case-insensitive
• fixed performance issues with Delete V2
• fixed issue with NtQueryDirectoryFile data alignment #2443
• fixed issue with Microsoft Edge 111 dev build #2631
• fixed issue with mio sockets #2617
• fixed issue with run menu entries created from the options/settings window #2610
• fixed issues with start menu when using snapshots #2589

 

Where can we check if this scheme is being used?

 

BOX=>File options=>Virtualization Scheme shows Version 1
But sandboxie.ini [GlobalSettings] contains:

Code:

UseFileDeleteV2=y
UseRegDeleteV2=y

What need to be changed?

 

Update,
* Work great with Brave Browser.
* Still has problem with Microsoft Edge with extension, that are addons, for example, Bitwarden.

Always the best,

 

eee... I did not consider the case where a user set UseFileDeleteV2=y and/or UseRegDeleteV2=y globally, will fix that display in the next build.

 

No urgency about the fix (and thank you @stapp for suggesting the workaround).

Could you please post a "current list" of items and their defaults (y/n)
in [Debug Options] of sandboxie-plus.ini (just to play around)! Thanks.

I am loving what I see in v1.7.x so far

 

Code:

[DebugOptions]
Option01=OriginalToken|y|Keep the original unrestricted tocken
Option02=CreateToken|y|Create a new token
Option03=ReplicateToken|y|Replicate token from original
Option04=OpenToken|x|Use a unrestricted and unfiltered token dupliate
Option05=UnrestrictedToken|y|-Don't restrict the sandboxed toke
Option06=KeepTokenIntegrity|y|--Keep token integrity level
Option07=UnstrippedToken|y|--Don't strip the sandboxed toke
Option08=KeepUserGroup|y|---Keep user group
Option09=AnonymousLogon|n|--Don't set the anonymouse SID
Option10=UnfilteredToken|y|-Don't filter the original token
Option11=NoSysCallHooks|y|Don't hook system calls
Option12=NoSandboxieDesktop|y|Don't proxy desktop operations
Option13=NoSandboxieConsole|y|Don't proxy console creation
Option14=DisableComProxy|y|Don't proxy COM operations
Option15=DisableBoxedWinSxS|y|Disable Boxed WinSxS
Option16=NoSandboxieRpcSs|y|Disable Boxed RpcSS
Option17=NoSecurityFiltering|x|Disable Filtering
Option18=DisableFileFilter|y|-Disable File Filter
Option19=DisableKeyFilter|y|-Disable Key Filter
Option20=DisableObjectFilter|y|-Disable Object Filter

 

@DavidXanatos Thank you

 

I can see some typos in here.

 

Those 'don't care' typos don't matter. Feel free to fix them as you please

 

The menu link to templates.ini still points to an incorrect and non-existent location on my system - I don't use the default install folder for SB+

 

How is that possible, the templates.ini's location is resolved like this:
IniPath = (theAPI->GetSbiePath() + "\\Templates.ini").toStdWString();
So it should always pick the templates ini from the directory the laoded SbieDrv.sys is located in.
Can you be more specific what goes wring for you?

 

@DavidXanatos
https://www.wilderssecurity.com/threads/sandboxie-plus-v1-7-0-v1-7-0c.450127/page-2#post-3129517

 

I cant reproduce it but it looks to me as the issue is the space in the path so i put the argument for the editor in "" that should solve that

 

Confirmed. It happens here too.

 

there is a live update 1.7.1a available in the preview channel:

Changed

• reorganized box options once again, old box layout is default again
• SBIE2227 indicating volume without 8.3 name support is now disabled by default -- Note: you can use "EnableVerboseChecks=y" to re enable this check

Fixed

• fixed delete v1/v2 display now respects global presets
• Avoid blocking the Explorer when dragging #2660
• fixed issue with QtSingleApp #2659
• fixed updater sometimes failing to create temp dir #2615
• fixed issue with snapshot removal 2663

 

Edit Templates.ini link from Options menu now working

 

Two questions, can you run a tool like Encrypto inside Sandboxie? And how about an option similar to Comodo Firewall that let's you automatically run apps inside the sandbox unless that app is deemed safe by let's say digital signature?

https://macpaw.com/encrypto

 

As far as I from their website, see encrypto is not using a drivers so it should work just fine.

I was thinking about something of this sort for a while, but I generally don't like the notion of trusting certificates, one issues the signatures oneself.

That said a workable compromise would be to only trust MSFT certificates and whatever vendor certificates the user manually white lists, so don't trust any CA only individual manually allowed certificates.

 

I forget to mention that it didn't work on my system (Win 10), it does install a service though. I decided not to use it, but I just wondered about it from a technical point of view.

It would be an optional feature of course, handy to lockdown the system for noobs, almost similar to whitelisting but with the difference that downloaded malware can run but can't hurt the system since everything is being virtualized. Of course, most well known apps will run outside the sandbox.

 

BTW, check this out, this malware is actually checking to see if it's being run inside Sandboxie.

https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/