Sandboxie-Plus v1.16.7

This release of Sandboxie-Plus introduces a small but useful enhancement and several important refinements. A new checkbox for the “NoRestartOnPCA=y” setting has been added to the box options, giving users direct control without manual editing. The default value for “UseWin32kHooks” has been reverted from “y” back to “n” after it was found to cause compatibility issues with certain applications. Additionally, named syscall invocation under WoW64 has been improved to ensure more robust operation in mixed-architecture scenarios.

A significant focus of this update is stability, with several critical fixes in both user-mode and driver-level components. The “OpenWndStation=y” option now works correctly again when used together with “SandboxieAllGroup=y”.

Most importantly, this update includes fixes that directly affect the driver’s stability. A flaw that could lead to incorrect driver responses during certificate parsing and driver-info queries has been resolved, and a potential handle leak in SbieDll.dll involving SbieApi_DeviceHandle has been fixed as documented in issue #5097. These corrections eliminate scenarios that, under certain conditions, could have contributed to resource exhaustion or triggered system instability, reducing the risk of potential BSODs and improving overall reliability of the sandboxie.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.7

 

That's why I set this feature to UseWin32kHooks=y in GlobalSettings (UseRuleSpecificity=y in GlobalSettings) and UseWin32kHooks=n to my Tor Browser red box, it's not working for this red box though. Tor Browser displays a blank windows. Why?

 

Is tor browser working in 1.16.6 and how was it in 1.16.5 or 1.16.4 ?

EDIT: on my system tor browser runs fine in red, orange and yellow boxes, others i have not tested

 

The following settings can cause this issue when used in conjunction with the UseWin32kHooks=y setting.

Code:

AllowBoxedJobs=y
CoverBoxedWindows=y

 

Nice finding, thank you so much.
In my case, I use AllowBoxedJobs=y only and disabling resolved this issue.
So it's not the UseWin32kHooks=y setting per se causing issues, right?

 

These settings seem to work fine for my two problematic red boxes for Tor Browser and FastDownloader:

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
AllowBoxedJobs=n

[Tor_Browser]
AllowBoxedJobs=n

In terms of security and reliability, which one is better to choose for these two programs I mentioned:
UseWin32kHooks=y or AllowBoxedJobs=y

 

I'm trying these settings but don't seem to work:

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
UseWin32kHooks=n

[Tor_Browser]
UseWin32kHooks=n

UseWin32kHooks=y in GlobalSettings seems to take precedence over the individual box setting.
Why?
Am I missing something about how UseRuleSpecificity= actually works.


In my previous post, the AllowBoxedJobs=n takes precedence over AllowBoxedJobs=y in GlobalSettings.

 

The UseRuleSpecificity setting only has an effect on resource access settings. (Close, Open etc.,)

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
UseWin32kHooks=*,n

[Tor_Browser]
UseWin32kHooks=*,n

OR

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
UseWin32kHooks=fastdownloadername.exe,n

[Tor_Browser]
UseWin32kHooks=torname.exe,n

OR

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
UseWin32kHooks=*.exe,n

[Tor_Browser]
UseWin32kHooks=*.exe,n

OR

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
UseWin32kHooks=!useInvalidName.exe,n

[Tor_Browser]
UseWin32kHooks=!useInvalidName.exe,n

 

Only the last two alternatives worked for me, not the first two ones.

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
UseWin32kHooks=*.exe,n

[Tor_Browser]
UseWin32kHooks=*.exe,n

OR

Code:

[GlobalSettings]
UseWin32kHooks=y
AllowBoxedJobs=y
UseRuleSpecificity=y

[FastDownloader]
UseWin32kHooks=!useInvalidName.exe,n

[Tor_Browser]
UseWin32kHooks=!useInvalidName.exe,n

Thanks a lot @busy

 

@busy
What intrigues me is how where do you get the info to know the syntax. How?

 

head scratch

 

Chrome
Yes, I'm not seeing with Edge.
-----------------------------
Edit: this is odd behavior, too

behavior with Chrome sbox and Default sbox
1.16.7

 

my Chrome v142.0.7444.176 does not like being sbox'd

 

Try configuring it to use a Sandboxed profile only i.e. make the path to the profile a write only path.
Sharing profiles between host and sandbox is error prone.

 

Sorry, I've no notion what you're referring to. I've not knowingly changed a "path" nor a "profile". What profiles am I sharing?

 

Unless configured otherwise in standard yellow/orange/green boxes programs can read unsandboxed paths like the locations where browsers save thair profiles.
Then the profile files are used by the sandboxed and unsandboxed instances of the browsers, only when the sandboxed instance tries to write something a sandboxed file copy is created, resulting in the sandboxed browser loading some own files and some files created and possibly changed by an unsasnboxed instance.

 

Okay...whatever it is that I've done. I've not done it knowingly/deliberately. I've observed that my Helium browser sbox (recently created)...does use chrome.exe processes. Maybe, I'm confusing Chrome with Program Files with Helium installed with AppData.
---
Maybe, the Norton Private Browser sbox that I was trying to create...confused my Chrome sbox.

 

@DavidXanatos
Well, I dusted off my dust collector machine that was at Chrome 142.0.7444.59 + Sandboxie 1.16.3.
Chrome - Home button rendered okay in Chrome sbox with Chrome 142.0.7444.59 + Sandboxie 1.16.3.
After updating Chrome. Home button is missing and corrupted extensions in Chrome sbox with Chrome 142.0.7444.176 + Sandboxie 1.16.3.

 

Do you install Chrome in the host or in a sandbox?

 

host
I'm launching Chrome via Run Sandboxed.
Hello @Mr.X
I was thinking something I did #20 on my daily rider machine was causal. Now, I'm thinking Chrome update #21 is causal.

 

I run 142.0.7444.176 & sbie+ 1.16.7: all is fine.
Share your ini please.

 

Spoiler: MAIN SANDBOXIE INI COPY

MAIN SANDBOXIE INI COPY
#
# Sandboxie-Plus configuration file
#
[GlobalSettings]
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
TemplateReject=Avast_Antivirus
TemplateReject=NortonInternetSecurity
TemplateReject=BitDefenderInternetSecurity
TemplateReject=AdGuard
TemplateReject=7zipShellEx
TemplateReject=Edge_Fix
TemplateReject=OfficeClickToRun
TemplateReject=OfficeLicensing
TemplateReject=SynapticsTouchPad
TemplateReject=WindowsLive
TemplateReject=WindowsRasMan
UseFileDeleteV2=y
UseRegDeleteV2=y
ForceDisableSeconds=6000
NetworkEnableWFP=y
NotifyForceProcessDisabled=y
DefaultBox=Default
SandboxieLogon=y
MarkOfTheWebBox=Chrome
[UserSettings_04D4013A]
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
BoxDisplayOrder=DefaultBox,7Zip,ByteScout,Chrome,Edge,Explorer,Firefox,WindowsExplorer,Hardened,Sumatra,WMP,HardenedDP
SbieCtrl_EnableAutoStart=n
SbieCtrl_UserName=bjm
SbieCtrl_NextUpdateCheck=-1
SbieCtrl_WindowCoords=462,249,977,485
SbieCtrl_ActiveView=40021
SbieCtrl_ProcessViewColumnWidths=250,70,300
SbieCtrl_UpdateCheckNotify=n
SbieCtrl_AutoApplySettings=n
SbieCtrl_HideMessage=1308,cmd.exe [Edge]
SbieCtrl_HideMessage=1308,dllhost.exe [Edge]
SbieCtrl_HideMessage=1308,RuntimeBroker.exe [Edge]
SbieCtrl_HideMessage=1308,software_reporter_tool.exe [Chrome]
SbieCtrl_HideMessage=1308,MicrosoftEdgeUpdateBroker.exe [Edge]
SbieCtrl_HideMessage=1308,identity_helper.exe [Edge]
SbieCtrl_HideMessage=1318,WavesSvc64.exe
SbieCtrl_HideMessage=1318,MicrosoftEdgeUpdate.exe
SbieCtrl_HideMessage=1318,symerr.exe
SbieCtrl_HideMessage=1318,msiexec.exe
SbieCtrl_HideMessage=1318,CCleaner64.exe
SbieCtrl_HideMessage=1318,BelarcAdvisor.exe
SbieCtrl_HideMessage=1308,identity_helper.exe [New_Edge_Box]
SbieCtrl_HideMessage=1308,RuntimeBroker.exe [New_Edge_Box]
SbieCtrl_HideMessage=1308,identity_helper.exe [Standard]
SbieCtrl_HideMessage=2205,Win32Init.5 (0000000000000005)
SbieCtrl_HideMessage=1308,dllhost.exe [Chrome]
SbieCtrl_HideMessage=1308,crashhelper.exe [Firefox]
SbieCtrl_HideMessage=1308,updater.exe [Chrome]
SbieCtrl_RecoverTarget=C:\Users\bjm\Desktop
SbieCtrl_BoxExpandedView=Edge,Firefox
SbieCtrl_EnableLogonStart=y
SbieCtrl_AddDesktopIcon=y
SbieCtrl_AddQuickLaunchIcon=y
SbieCtrl_AddContextMenu=y
SbieCtrl_AddSendToMenu=y
BoxGrouping=:Explorer,Chrome,Security_Hardened,Edge,Private,Helium,Default
[Explorer]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#027df7,ttl,6
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
PromptForInternetAccess=y
AllowNetworkAccess=!<InternetAccess>,n
ClosedFilePath=*:\*Norton*\*
ClosedFilePath=%LocalAppData%\Microsoft\OneDrive\*
UseSecurityMode=y
[UserSettings_087801BB]
SbieCtrl_UserName=bozo
SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=n
SbieCtrl_WindowCoords=200,150,1237,632
SbieCtrl_ActiveView=40021
[UserSettings_082E01AD]
SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=n
[Chrome]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#027df7,ttl,6
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
Template=Chrome_Bookmarks_DirectAccess
Template=LessConfidentialBox
Template=Local_Helium_Bookmarks_DirectAccess
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
UseSecurityMode=y
ProcessGroup=<InternetAccess>,chrome.exe
ProcessGroup=<StartRunAccess>,chrome.exe
ClosedIpcPath=!<StartRunAccess>,*
ConfidentialBox=y
CoverBoxedWindows=y
EditAdminOnly=y
AllowNetworkAccess=!<InternetAccess>,n
PromptForInternetAccess=y
[UserSettings_0C340211]
SbieCtrl_EnableAutoStart=n
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
SbieCtrl_HideMessage=1308,identity_helper.exe [Edge]
SbieCtrl_HideMessage=1308,RuntimeBroker.exe [Edge]
SbieCtrl_HideMessage=1308,dllhost.exe [Edge]
SbieCtrl_HideMessage=1308,MicrosoftEdgeUpdateBroker.exe [Edge]
SbieCtrl_UserName=bjmer
SbieCtrl_WindowCoords=253,188,1237,630
SbieCtrl_ActiveView=40021
BoxGrouping=:Chrome,Default,Edge,Explorer,Firefox,Hardened
[Security_Hardened]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#027df7,ttl
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
ConfigLevel=10
UseSecurityMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
[Edge]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#027df7,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
Template=LessConfidentialBox
Template=Edge_Bookmarks_DirectAccess
ConfigLevel=10
UseSecurityMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
ProcessGroup=<StartRunAccess>,msedge.exe
ProcessGroup=<InternetAccess>,msedge.exe
ConfidentialBox=y
CoverBoxedWindows=y
EditAdminOnly=y
AllowNetworkAccess=!<InternetAccess>,n
[Private]
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#00FFFF,ttl
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
ConfigLevel=10
[Helium]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#027df7,ttl
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
Template=Local_Helium_Bookmarks_DirectAccess
Template=LessConfidentialBox
ConfigLevel=10
UseSecurityMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
ConfidentialBox=y
CoverBoxedWindows=y
EditAdminOnly=y
ClosedIpcPath=!<StartRunAccess>,*
ProcessGroup=<StartRunAccess>,chrome.exe
ProcessGroup=<InternetAccess>,chrome.exe
[Template_Local_Helium_Force]
Tmpl.Title=Force Helium to run in this sandbox
Tmpl.Class=Local
ForceProcess=chrome.exe
[Template_Local_Helium_Profile_DirectAccess]
Tmpl.Title=Allow direct access to the entire Helium profile folder
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data
[Template_Local_Helium_Phishing_DirectAccess]
Tmpl.Title=Allow direct access to Helium phishing database
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data\Safe Browsing*
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data\CertificateRevocation
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data\SmartScreen
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data\Ad Blocking
[Template_Local_Helium_Sync_DirectAccess]
Tmpl.Title=Allow direct access to Helium sync data
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Sync Data\*
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Sync Extension Settings\*
[Template_Local_Helium_Preferences_DirectAccess]
Tmpl.Title=Allow direct access to Helium preferences
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Preferences*
[Template_Local_Helium_Passwords_DirectAccess]
Tmpl.Title=Allow direct access to Helium passwords
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Login Data*
[Template_Local_Helium_Cookies_DirectAccess]
Tmpl.Title=Allow direct access to Helium cookies
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Network\Cookies*
[Template_Local_Helium_Bookmarks_DirectAccess]
Tmpl.Title=Allow direct access to Helium bookmarks
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Bookmarks*
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Favicons*
[Template_Local_Helium_History_DirectAccess]
Tmpl.Title=Allow direct access to Helium bookmark and history database
Tmpl.Class=Local
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Bookmarks*
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Favicons*
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\*History*
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Current *
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Last *
OpenFilePath=chrome.exe,%Local AppData%\imput\Helium\User Data*\Visited Links*
[Default]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#00FFFF,ttl
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
ConfigLevel=10

btw ~ I used to be able to call SbieCtrl (from Taskbar) alongside Sandman. And now SbieCtrl does not open from Taskbar? I can call SbieCtrl from systray icon.

--

Edit: fwiw ~ on my dust collector machine.
I clean uninstalled 1.16.7. I installed 5.71.7. Run Sandboxed -> DefaultBox.
Chrome Home button missing and corruptted extensions.