Sandboxie-Plus v1.3.3

This build fixes various issues and adds various minor improvements.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.3.3

Changelog
Added

• added domain\user notation when the LogFile registry setting is applied as workaround for #2207
  -- usage: in "HKLM\SYSTEM\CurrentControlSet\Services\SbieSvc" add REG_SZ "LogFile" with "3;[path]\Sandboxie.log"
• added option to block host processes from accessing sandboxed ones #2132
  -- usage: DenyHostAccess=Program.exe,y
  -- note: by default, this protection only applies for write access, that is, unsandboxed processes will still be able to obtain read-only access
  -- to prevent host processes from obtaining read access, ConfidentialBox=y must also be set, which require a supporter certificate
• added compatibility template for ReHIPS
• added create all default folders in privacy style box 2218

Changed

• improved SandMan settings behaviour for non admin users #2123

Fixed

• fixed issues with group moving via drag and drop
• approved more required syscalls #2190
• fixed issues when deleting box content and the file panel view is open
• fixed issue with config protection #2206
• fixed issue with default box #2195
• fixed issue with keyboard delete shortcut for process termination

Removed

• removed obsolete Online Armor template

 

Title says 1.3.1 not 1.3.3

 

lol fixed

 

I've just installed v1.3.3 along with ReHIPS 2.6.0 and now all affected apps are opening and creating their gui with no issues, and fast.
You're just great @DavidXanatos , godsend

I know this scenario needs more testing but for now all seems good.

 

Where is option for DenyHostAccess=Program.exe,y & ConfidentialBox=y ... located?

 

no UI yet, you need to add it in the ini section by hand

 

Oh...okay. Thanks

 

Minor point, but my hidden DefaultBox has reappeared. Simple ini edit to hide again; or should I have used the GUI?

 

Same bug for me in portable mode v1.3.3 (v1.3.2 portable was ok). [Win7 Home 64bit (b7601)]

 

Same with 1.3.3

 

Looks like the small code change has now "enabled" the DefaultBox bug for all users...

Issue report: https://github.com/sandboxie-plus/Sandboxie/issues/2195

 

well its a minor bug and now happening for all helps to find it,
just means there will be a 1.3.4 before the first 1.4.x

 

@DavidXanatos
How is DenyHostAccess= different than HideHostProcess=
-
My KeePass is not browser integrated (no plugin).
I use KeePass from desktop client.
KeePass client communicates in my browser sbox.
Q: How may I protect KeePass memory while KeePass is unlocked?

 

HideHostProcess=
hides host processes from being seen by sandboxed applications

DenyHostAccess=
blocks selected host processes from accessing programs in the sandbox it is configured for

 

@bjm_
HideHostProcess= is to hide unsandboxed host processes from sandboxed ones.
DenyHostAccess= is to block host processes from writing to memory of sandboxed ones. (to prevent host processes from obtaining read access, ConfidentialBox=y must also be set, which require a supporter certificate)

Following example will block every process, except hardcoded ones, from accessing to memory of sandboxed processes in the box and will allow selected processes to access.

Spoiler

To box config

Code:

ConfidentialBox=y
DenyHostAccess=*,y
DenyHostAccess=explorer.exe,n

If you are using an other file manager

Code:

DenyHostAccess=AnotherFileManager.exe,n

If other programs running unsandboxed but you want to allow them to access

Code:

DenyHostAccess=OtherProgram.exe,n

 

@busy
Running browser sbox.
Am I able to protect KeePass memory while KeePass is unlocked?
Should I try to protect KeePass memory while KeePass is unlocked?
My KeePass is not browser integrated (no plugin).
My KeePass client is not sbox'd.
My KeePass somehow communicates in my browser sbox.
Will my KeePass client be able to communicate in my browser sbox with code added to my browser sbox.
Am I protecting KeePass memory with code added to my browser sbox.

Code:

ConfidentialBox=y
DenyHostAccess=KeePass.exe,y
DenyHostAccess=explorer.exe,n

I'm probably not understanding what I'm asking. Sorry.

 

You need to run KeePass in sandbox to protect it.

 

Hmm. I've never run KeePass sbox'd.
I've been imagining KeePass memory was isolated (from my browser sbox) with KeePass not running in my browser sbox.
Now, I'm imagining since KeePass communicates in my browser sbox. Then KeePass memory is not isolated from my browser sbox.
head scratch
I want KeePass Auto-Type to work for the item I select and at the same time I want to protect KeePass memory.
head scratch

 

I'll chew on this awhile. I'm afraid I'm going to need a lot of chewing.

 

You're not alone I've almost lost one tooth chewing a lot playing with Sandboxie + ReHIPS

 

Sandboxie no longer allows sandboxed applications to access the memory of unsandboxed applications. (Since Release v1.0.18 / 5.55.18 )

 

KeePass client communicates in my browser sbox.
I'll call KeePass Auto-Type from unsandbox'd KeePass client. Login characters populate in my sandbox'd browser window.
KeePass database resides in File Explorer\Documents folder.

 

I tried running browser and KeePass in separate boxes but Auto-Type didn't work.

 

Keepass also does not work if it's in the same sandbox as a browser. It'\ll run, it just won't give you a chance to auto-fill.