Sandboxie-Plus 1.11.0, 1.11.1 Pre-Release

This is a pre-release with major changes bugs are to be expected.

New Features and Enhancements

• ImDisk Driver Integration
  We are excited to introduce the integration of the ImDisk driver. This new addition allows users to create boxes that reside directly in a RAM disk, offering enhanced performance and speed.
  
  
• Encrypted Sandbox Support
  Your data security is our priority. With our newly added Encrypted Sandbox support, users can now establish confidential boxes that ensure zero data leaks to the host PC. This feature is designed for those seeking an extra layer of security.

ImBox Component: Leveraging the cryptographic prowess of DiskCryptor, our new ImBox component ensures that the sandbox root folder is securely stored within an encrypted container file.

Enhanced Security with SbieDrv: Our innovative use of SbieDrv actively prevents processes that don't belong to the sandbox from accessing an encrypted sandbox's root folder. Your data remains isolated and protected.

ConfidentialBox Option: With the "ConfidentialBox=y" option, host process read access to sandboxed processes memory is effectively blocked, further safeguarding your sensitive information.

Upgrade now and experience a more secure and streamlined sandboxing experience!


Note: The Encrypted Sandbox feature requires a advanced level supporter certificate, Contributor, Great Patreon, Huge and Large type certificates qualify, Business, Medium and Small needs to be upgraded using a upgrade key which can be obtained on the web store and has to be entered on the support page. The client then obtains an upgraded certificate of the same type from the server.
Also for more clarity the available certificate scheme was restructured Small was renamed to Subscription, Medium to just Personal, Large was removed and a Family Pack subscription was added.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.11.1
Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.11.0

1.11.1

Added

• 
  
  
  • added 'RamDiskLetter=R:' option allowing to mount the ramdisk root to a drive letter

Changed

• 
  
  
  • changed the new option layout to now be the default for non-vintage views (can be changed back in the settings)

Fixed

• 
  
  
  • fixed issue when re-creating a rambox junction
  • fixed Sandboxie logo scaling in the setup wizards #3227
  • fixed text cut-off in box creation wizard #3226
  • fixed Windows 7 compatibility issue with ImBox.exe
  • fixed issue with 'UseNewSymlinkResolver=y'
  • fixed SandMan crash in Vintage View mode #3264
  • fixed pinning of more than one shortcut that points at the same file #3259

1.11.0

Added

• added ImDisk driver integration, allowing to create boxes residing in a ramdisk
• added Encrypted Sandbox support, with this feature you can create confidential boxes not leaking data to the host pc
  • Using the ImDisk Driver and a new ImBox component utilizing the cryptographic implementation from DiskCryptor the sandbox root fodler is stored in an encrypted container file.
  • Using the SbieDrv to prevent processes not belonging to the sandbox from accessing a encrypted sandboxes root folder
  • With the ConfidentialBox=y option host process read acess to sandboxed processes is blocked
• added certificate info to the about dialog
• added support for new more flexible certificate style
• added option for business customers to retrieve hardware-bound certificates from a serial number
• added option to upgrade existing certificates using an upgrade serial number

Changed

• improved online updater code
• replaced drop-down list with radio buttons in the box creation wizard #1381

Fixed

• fixed symbolic links created inside a sandbox not working properly #3181
• fixed text cut-off issues in Plus UI pop-ups #3195

PS: I have created the release notes using Chat GPT please let me know if you like it or does it sounds to much corporate busyness like?

 

It’s a pre-release. And no info about Imdisk and disabling Windows Fastboot (required for using Imdisk).

 

yes its a Pre-Release as pretty much every x.y.0 release,
why would you need to disable Windows Fastboot to use the ImDisk driver?

 

During install of Imdisk it asks to disable Fastboot??

 

Does it, never noticed that but then one of the first things I do after installing windows is to disable fast boot on my own.
I don't see why fast boot would be that much of a problem,
I always use hibernation which is technically like fast boot just that the user session stays, and I have never noticed any issues.

 

You’re right. Maybe inform the Sandboxie-users that disabling Fastboot is needed with Imdisk?

 

I don't think its needed isn't there an option to not disable it during install, skip, ignore, etc?

 

Using Imdisk Toolkit myself. I enabled Fastboot and got this Imdisk-notification:

 

Ok perfect, just click Do not show this warming again, and be happy.

1. We use a user worker process to provide the memory for the ram disk, which gets terminated before fast boot hibernates so no data leakage there
2. We don't use the data synchronization feature.

So no issues and no worries

 

So I could enable Fastboot with Sandboxie Plus v1.11.0 and use the Imdisk-function. Issue resolved. Now waiting for the official v1.11.0 release.

 

Do I need to uninstall the ImDisk Toollkit already installed?

 

This is getting really expensive! So if I get Sandboxie Plus Personal, does that include the new sandbox encryption? The description says 'It unlocks all supporter exclusive features available at the time of perches as well as new features introduced during its validity period.' If not, then I would also have to buy the Sandboxie Plus Advanced Upgrade?

Currently, if I got just the Sandboxie Plus Personal to use for 2 years, it would cost me $103.72. If I had to buy the Sandboxie Plus Advanced Upgrade to get the new features, then I would be looking at $142.62 to use it for the next 2 years. To get both every year, I would be spending $71.31 per year. ~ OT Remarks Removed ~ I think Sandboxie Plus Personal (Medium) was originally $51.86 for 2 years. Now it's just for 1 year use.

 

A guide for how to set this up might be a good idea

Personaly i can not get Edge to open up and i do not know what files of s-boxie to place in ImDisk.

Any one knows what "Data" there should be in ImDisk?

 

Tried with Brave browser and i got it to work. Set up ImDisk with Brave`s user folder in the "Data section of ImDisk.
Do not know if the above set up is corrextly done.

Maybe it is not, because i can not see any speed improvement at all.

 

I, like others, thought the new encryption mode was covered under my license. It was not. Before I knew that I wanted to try it. Now I can't launch my browser in SBIE or remove encryption. What should I do? Also, if I buy the upgraded license does it get added to the time I have on my existing one, or take its place?

 

I must confess I'm totally confused about the proper usage of the new RAM-Disk-feature. It sounds very interesting to me and so I decided to try it out - but in vain so far.

First I downloaded the necessary ImDisk-toolkit and installed it. But with that installation done I was only confronted with the virtual-disk-driver-tool that let me mount a new RAM-Disk - but it was gone on the next re-boot, no option there to again mount it on Windows-startup.

Next I browsed through the Dfault-sandbox-options to find any advanced new dialog there for setup of the new feature. Basically all I found was a new feature in the "File-Options"-section of Default-Box-option offering to "Store the sandbox content in a RAM-Disk".

So I checked that and gave it a try. But nothing seemed to happen. A test-wise downloaded file would occur unchanged within the usual Sandbox-structure on C-Drive before recovery to the final download-location. And also no RAM-Disk occurred on my system-wide drive-list either.

I wasn't that surprised because it couldn't be TAHT easy, right? So now I went back to the ImDisk-tools and there found out about the ImDisk-configuration-tool. This one finally allowed for the configuration of a recurring RAM-Disk that was present after each re-boot and thereby I declared a 3GB-RAM-Disk (dynamic, virtual drive I that would be re-created on every system re-boot.

Back to Sandboxie now to see if it now would make use of the new I:-drive - but it didn't. Sndbox-structure still occurred on Drive C: (as usual), virtual drive I: remained empty.

So as a last resort I went to Sandboxie-Plus Global-Settings-page and in the "Advanced Config"-section started to reluctantly tamper with the explicit setting for "Sandbox-file-system-root". After having that re-located to new virtual I:-drive I tried to lauch the sandboxed browser again.

A browser?-window came up but only showed an empty black bar on top (about 20% of the total screen-height) and an empty white field below (about 80% of total screen height). The whole Sandbox-structure had now actually moved to virtual-drive-I: - but the browser completely refused to work from there.

So any clues would be welcome, preferably step-by-sep, on what steps exactly are necessary to move the whole Sandbox-structure to a RAM-Disk. Can it all be done from within Sandboxie? Is Sandboxie somehow supposed to create and manage the necessary RAM-Disk internally by itself once the necessary drivers are on board- and if so - how?

Or has a ready-made RAM-Disk first to be declared from outside Sandboxie via the RAM-Disk-configuraten-tool? And if so - how am I then supposed to successfully move the whole Sandbox-structure from familiar C:-drive to the new virtual RAM-Disk?

 

No you can use the one you have unless its very old in which case it will throw an error.

There is a feature Comparison table: https://sandboxie-plus.com/feature-comparison/
to use the new encryption feature a advanced upgrade is needed,
I have improved the description to be more clear, the old one was still from before there was a advanced option.

Only large was for 2 years, medium was always 1 year.

There will be more new features added to the advanced feature set in due time.
I thought introducing an advanced option would be better then increasing the price of the existing options.

You can always enable and disable encryption, also mount and unmount box root, the check for the advanced cert is only done when attempting to run a process in a sandbox.
The upgrade just turns the current certificate into an advanced it does not change the validity period.

As described in the release notes small and medium certs need to be upgraded, patreon, huge, large, and contributor do not.

I know that its sub optimal as there is no single size fits all solution that would suite users with 3 and with 9 months left on their current cert.

So to make this work for all, if you feal you have to little months left on your current cert drop me a PN or email with the email the old cert was got on and I'll calculate you a personal discount coupon for the advanced upgrade, 9 months left 25%, 6 months left, 50%, 3 months left 75% etc...


A different approach to introducing the advanced certs would have been to require the ImBox.exe component to be licensed separately but that would complicate the cert management so introducing a new level of features seamed like the better solution.

far to complicated... you don't need the ImDisk RamDisk tool,
Just have ImDisk installed and enable ramdisk globally:


With that enabled you can now make individual boxes use the ramdisk


The RAMDisk is not persisted between reboots !!!
its use is for boxes where you want the content reliably gone.
Also for regular usage if you have an SSD already a ram disk wont bring any noticeable performance improvement in the typical use cases.


The RAMDisk does not get a letter sandboxie uses symlinks to point individual box root folders to fodlers on the ram disk

You can use MkLink /J [LinkName] [ImDiskDevicePath] to mount the RAMDisk root to a ntfs folder of you choosing.

If you want I can add an option to give a drive letter to the ram disk in the global options.

 

@algol1 : The following link describes what you have to add to sandboxie.ini (v1.11.0)
(in the box settings and global settings) to get started. I have not tried the Imdisk feature.
https://sandboxie-plus.com/ramdisksupport/

EDIT: @DavidXanatos posted the definitive reply as I was typing

 

The option to give a drive letter would be appreciated.

 

@DavidXanatos This is frustrating. The costs of using Sandboxie keep going up and up. If I wanted encryption it would cost me 35 pounds per year for one system; 15 for the advanced cert and 20 for a plus cert? That's nuts. I bought sbie to support you and what you're doing. But at a certain point you're testing the limits of users' generosity by pointing everything behind varying levels of paywalls.

 

So if I understand this correctly - the box-contents will be moved to the RAM-Disk by internal symlinks whereas from a formal point-of-view the primary Sandbox-folder-(sub-)structure will still remain rooted in (and browsable from) its usual C:-drive-location. In other words - and without special mounting of any of those symlinks - the user will still see the whole Sandbox-folder-structure apparently located in C:\Sandbox while internally the contents of it will seamlessly be re-directed to an otherwise invisible RAM-Disk created only for internal Sandbox-usage?

 

Perhaps I should have made the encryption component a plugin to be got separately, and offer as Sandboxie-Plus Enhancement pack, would that be better?

The features I want to put into the advanced set are outside of the scope or regular Sandboxing, and can be done to some extent with 3rd party tools.

With the upgrade cert I wanted to find a balanced point to have 1 price for all the different cert types. What price would you find appropriate?

The contents will not be moved as in moved, to enable the RAMDisk sandbox for a given box it must be empty so nothing to me moved.
Once the box is empty and the RAMDisk enabled, a symlink will be created in the please of where its root folder would have been and redirected to a folder on the RAMDisk, so there will be new content created on the RAMDisk.

 

PS: I have put the upgrade cert on sale for 10€ for now, also I'll add later the option to buy advanced certs directly for the subscription cert for only 20+10 the rest will also get a direct option but bee simply +15.

 

Thanks a lot for pointing this out. I just checked and as it seems I'm good to go. Meaning I've already been using this RAM-Disk-feature unknowingly while looking at the unchanged Sandbox-folder-structure on C:-drive left me with the (wrong) impression that nothing had happened and the new RAM-Disk-feature not working at all.

 

support +++