Sandboxie-Plus 1.15.10, 1.15.11

This release primarily addresses critical compatibility issues with Firefox, ensuring that version 137.0 and later now runs correctly within Sandboxie Plus without generating SBIE2328 notifications. This fix restores proper functionality for Firefox users, resolving a major disruption introduced in the previous version.

In addition to the Firefox fix, this update introduces a new configuration option, BindAdapterIP, which allows users to bind sandboxed applications to a specific host IP address. This can be defined globally or per process via the INI file, offering greater control over network behavior within the sandbox. It’s important to note that the specified IP must be bound to a local network interface, or connections will fail.

Several additional issues have been resolved, including problems affecting Thunderbird. Memory leaks related to process command line retrieval have been addressed, and missing components like SbieShellExt.dll have been restored.

For a full list of changes please review the change log.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.15.11
Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.15.10

 

Thanks for this @DavidXanatos! Everything installed fine over the top. I'm intrigued by the BindAdapterIP. It world fine as long as you know what it is. Some VPNs, which how I'm using it (ProtonVPN's 10.2.0.2), don't really tell you what that IP is. Could it be possible to bind to an adapter, similar to what Qbittorrent offers? Then you wouldn't need to know the address?

Either way, the BindAdapterIP seems to work just fine for me.

 

hmm.. that's a good improvement, I'll look into adding that in an upcoming build.

 

Awesomeness! Thanks!!!

 

One thing to be aware of is, if you're using BindAdapterIP that'll act as a de-facto proxy with the wfp. Meaning, you cannot have BindAdapterIP and another wfp filtering app. In my case BindAdapterIP interferes with Adguard for Windows in Vivaldi. Disabling BindAdapterIP returns Adguard's functions to normal, which is similar to the behavior I'd expect if I gave Vivaldi a proxy. This is not an SBIE bug, I don't think, it's just the way the WFP functions; only one can work at a time.

 

I still do not understand what BindAdapterIP is at all

 

BindAdapterIP can, in effect block all WFP communication except what you add from a host address. The Windows Filtering Platform, WFP, allows you to create per-box kernel-level filtering rules. It's like a firewall for every sandboxie box. In this case, you can allow communication only from specified host addresses and ignore the others. For me, this is especially useful for ensuring communication only occurs through my VPN. Any traffic not coming from that host address, and (apparently soon) designated adapter) will be blocked. In my case, ProtonVPN uses 10.2.0.2 as a host for all VPN servers. So, BindAdapterIP=10.2.0.2 blocks everything not from host. In effect, BindAdapterIP can be a VPN killswitch or a safety-net, when used this way.

 

New Problem with Outlook (Office 2016 click-to-run under Windows 10 Pro 22H2):

Since updating to vs.1.15.10, I can no longer start Outlook inside its sandbox. Instead of starting, it throws up the following message from Microsoft, "Updating Microsoft 365 and Office. Please wait a moment..."). This message box never goes away, but eventually I get another message that the application cannot start.

This did not happen in the previous version. Any ideas? -- jclarkw

 

[1.15.11 / 5.70.11] - 2025-04-16
Fixed

• fixed issue with SboxHostDll.dll failing to be injected into OfficeClickToRun.exe

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.15.11

 

I'm not sure why, but BindAdapterIP seem to interfere with Sandboxie 1.15.10 and 1.15.11 passing downloads on from Firefox / Zen to IDM (Internet Download Manager). I'm not sure why that is. There are no connection restrictions imposed on IDM.

 

Thanks, David -- Quick response! Works for me. -- jclarkw

 

@n8chavez Does adding the BindAdapterIP=127.0.0.1 setting fix the issue?

Code:

BindAdapterIP=10.2.0.2
BindAdapterIP=127.0.0.1

 

That did not, unfortunately. However, this seems to work.

Code:

BindAdapterIP=127.0.0.1,10.2.0.2

I'm not sure why, or if using two addresses breaks BindAdapterIP in any way. I do know that having one address per line breaks BindAdapterIP; only one address is used.

Can anyone else confirm?

 

I still do not understand what BindAdapterIP is at all.

 

Did you not read my post? You already said this and I addressed this specifically.

 

Yes I did but strangely and lately some sort of knowledge is hard for me to understand, I guess my brain is getting worse lately. Nothing you wrote makes sense to me, unfortunately.

 

Okay. My apologies. I will try again. BindAdapterIP is a sandboxie setting that says, if set up, that no application in that specific sandbox can communicate with any address except whats listed. BindAdapterIP will not allow transfers to or from any address other than that address. So, for example, BindAdapterIP=10.2.0.2 only allows applications inside the sandbox to access anything to/from 10.2.0.2. It's useful is you only want applications to have access if your VPN is connected or if you only want access to local addresses (127.0.0.1), etc. BindAdapterIP restricts communication on a per-box basis.

Did that help?

 

@n8chavez This setting only accepts either a single IP (e.g., '127.0.0.1') or a 'program,single IP' pair (e.g., 'firefox.exe,192.168.1.1'). In your example '127.0.0.1,192.168.1.1' does not produce the expected result because '127.0.0.1' parsed as a program name.

Example:

Code:

 
# Single IP
BindAdapterIP=127.0.0.1

# Program.exe,Single IP
BindAdapterIP=firefox.exe,127.0.0.1

# !Program.exe (negated),Single IP
BindAdapterIP=!firefox.exe,127.0.0.1

 

I thought something like that was happening. The odd thing is that IDM works now, and I can't explain why. I'll test it out with the below.

Code:

BindAdapterIP=zen.exe,10.2.0.2
BindAdapterIP=IDMan.exe,127.0.0.1

Edit - The above did not work.

 

@n8chavez
!firefox.exe = All programs except Firefox

 

Yeah, I figured that out. That's why I edited the post so as to not appear dumbass-ish. Mission failed!

 

And this is why many don't ask, neither in school when young nor as adult in forums like this. I don't care what anyone could think of me. Life is hard, though.

 

I don't really care, or else I wouldn't have called attention to it. Plus, when you roll around all day looking like a less sexy Stephen Hawking you learn to laugh at yourself.

 

oh god, I'm sorry for your condition. Many have a burden to carry for the rest of our lives. Again, life is hard. Cheers!
Re BindAdapterIP I think I get it, I just need to play with it to really understand.

 

Thanks. But I'm good with it. Everyone's got their issues. I'm better off then most with cerbral palsy. I chose to look at the bright side.

RE BindAdapterIP, I think I'll wait to see if @DavidXanatos chimes in.