In this release, we have introduced several new features and improvements that significantly enhance the user experience and provide greater flexibility in system operations. Most notably, users can now effortlessly obtain free 10-day evaluation certificates directly from the support settings page within the UI. These certificates are hardware-locked to the user's machine and allow for up to three requests per hardware ID, making it easier to test and evaluate the system with minimal setup. Furthermore, new options have been added to increase privacy and security, such as the ability to modify the Windows Product ID in the registry to a random value and to return random values for disk serial numbers and network adapter MAC addresses when queried by applications. These features add an extra layer of obfuscation to protect against unwanted system identification. Other enhancements include the ability to terminate all processes when Sandman exits, a new option for configuring DropConHostIntegrity directly from the UI, and an improved shared template feature in the New Box Wizard. The number of available shared templates has increased to 10, and the template names can now be easily updated by adjusting the corresponding settings. In terms of fixes, we have addressed several key issues, including improving the "HideDiskSerialNumber" functionality to prevent application crashes, correcting the format of encrypted proxy passwords, and resolving an issue related to the "NtQueryDirectoryObject" function to avoid easy sandbox detection. These updates contribute to a more stable and secure environment for users. Release note by ChatGPT Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.14.8 Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.14.7 Added added "RandomRegUID"(bool) which could modify Windows Product Id in the registry to a rand value added "HideDiskSerialNumber"(bool) return random value when applications tries to get disk serial number added option to get free 10 days evaluation certificates from the support settings page. The evaluation certificates are node lcoked to the HwID and for each HwID up to 3 certs can be requested. added "TerminateWhenExit"(bool,in Sandboxie-Plus.ini) to terminate all processes when Sandman exits for #4171 added a question box to ask for Sandbox Import Location for #4169 added UI option to configure DropConHostIntegrity added "HideNetworkAdapterMAC"(bool) return random value when applications tries to get network adapter mac address added shared template selection to the Shared Template feature in the advanced options of the New Box Wizard #4199 The number of available shared templates has been increased to 10 To update the names displayed in the list, simply adjust the "Tmpl.Title" setting within each template Fixed fixed and improved HideDiskSerialNumber option causes applications to crash #4185 fixed encrypted proxy password was improperly formatted #4197 fixed NtQueryDirectoryObject (should not return "STATUS_MORE_ENTRIES") as this is a EASY Sandbox Detection #4201 The release is set in the preview updater channel today and will be set in the stable channel in a few days.
How do you use "RandomRegUID", "HideDiskSerialNumber" and "HideNetworkAdapterMAC"? What does 'Drop ConHost.exe Process Integirity Level' do when enabled?
> How do you use "RandomRegUID", "HideDiskSerialNumber" and "HideNetworkAdapterMAC"? here: > What does 'Drop ConHost.exe Process Integirity Level' do when enabled? Sandboxie messes with the console window creation as it happens the console window host itself runs unsandboxed, which is fine it just passes input/output text forth and back. Sometimes howeever this does not work as it should as it normally has default i.e. medium integrity, dropping that to low helps like when the sandboxed console process tries to close its own window and alike.
Thank you! I should have taken the time to slowly go through the settings but as usual, I was to quick to set it up and missed the new settings.
As it happens my Personal Advanced Security Certificate has just expired 3 days ago. However the newly introduced method for temporarily retrieving a free 10-days-test-certificate doesn't seem to work. Once I try to press "Get" at the appropriate/described location the button is greyed out. It will ask for a SB-serial and SBIE_- is dimly readable in the background of the input mask. Also there is a "hardware -ID" readable in tiny font-letters below the input mask. In order to "un-grey" the Get-button some SBIE_-Serial-Nr. seemingly has to be entered in there. Unfortunately I'm not aware of such a SBIE_-Serial-Nr. and have no idea as to where I should get it from. So far I've tried any number from my expired license-file, that Hardware-ID mentioned below or just "SBIEU". In all of those cases, once the "Get"-button (now un-greyed) gets pressed a window with blue progress-bar will pop up saying that no certificate could be retrieved as all those entries tried are seemingly unknown to the certificate-database. So which "SBIE_"-serial is expected there and where to get it from? For now I'm back to v1.14.6. Although the options-page mentions (on top in red letters) the availability of a mysterious interim-version "v1.14.6a" for which my expired certificate might still be valid - but again I've no idea where to get "v1.14.6a" from either.
The mechanism is meant for people whom don't have yet any certificate, hence its only shown when no cert is saved. if you have a cert entered, erase it and press apply then you should see the "Get a free evaluation certificate" link in the bottom label, once pressed on the blue text it will ask you for an email address, once you enter it and press ok, it will download a cert from the server and insert it. For the cert it will automatically use the windows user name. PS: where do you see 1.14.6a, there is no such version?
Yes, I do have a certificate entered - but the line "Retrieve/Upgrade/Renew ..." is shown in spite of that. And when pressed that input-mask asking for a SBIE-license is shown as well. As for "v1.14.6a" that has only been some interim display while still running on "1.14.6". In the meantime this display has changed to "1.14.7" - for which the license is not valid any longer. But to be honest - "1.14.6" has shown to run remarkably stable on my system and other than out of curiosity - and when the main change seems to be about those trial-update-certificates - I'm considering to stay put for now and switch from constant testing to kind of a "production phase" without further upgrading. Addendum: Ok, after removing the expired certificate altogether I've been able to retrieve a 10-day-test-certificate as described. But the question remains: out of curiosity - what for then is that strange link given above "Retrieve/Upgrade/Renew certificate using Serial Number" leading to that "SBIE_"-input-mask below - if no such SBIE-Serial-Number does exist or can be retrieved in the first place?
David, I would like to know if the two functions "Drop ConHost.exe Process Integirity Level" and "Create a new sandboxed token instead of stripping down the original token" are enabled, will the overall security be enhanced or reduced? If there is no special need, do you recommend enabling them or not?
In the 'Privacy' tab, I have everything enabled and Sandboxie is running smoothly without issues. I do have a quick question. There's a button on the top right that says 'Dump FW Tables'. What does this do? I'm not sure if I need to use this or not.
bugfix 1.14.8 / 5.69.8 Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.14.8 Changed allowed users to import/export boxes with .zip files. Fixed fixed a cert issue
You can use this field to upgrade a standard certificate to add the encryption and proxy functionality. Also I'm looking into adding separate discounted purches options for renewing. "Drop ConHost.exe Process Integirity Level" can help with compatibility but will reduce the isolation as the sandboxed console app will be able to do a bti more with its associated console host. "Create a new sandboxed token instead of stripping down the original token" this should have no effect on the security 'Dump FW Tables' makes a copy of your current FW table then you can edit it to show a different mainboard guid to sandboxed processes.
Thanks for the explanation. Since these two options are located in the "Advanced Security" tab, just like the other options listed under "Privilege isolations", I suggest you mark "Recommended" or "Not Recommended" next to them, or add some explanation, this way the user can clearly know whether the option is to increase security or to increase compatibility. There is a bug that will display incorrect status in the main console (SandMan). If the sandbox once prohibited network access but also allowed certain exception programs, even if the exceptions are later removed and all programs are prohibited from accessing the network, the main console will still display "No INet(with Exceptions)".
David, Regarding browsers, you mentioned in another post: "Using a yellow/blue or red/orange type box indeed disables some features used by Chrome and Firefox built in sandbox but by far not all. Using a green/cyan type box does not do that and there the Chrome and Firefox built in sandbox runs with all its capabilities." Does this disabled feature mean that the privacy and data protection functions of the browser will become weaker? I've encountered a situation where when Chrome was sandboxed, its password manager seemed unable to use Windows Hello (unable to use pin codes). However, I think the most important task of a Sandbox is to prevent damage to the operating system, especially privilege escalation caused by zero-day vulnerabilities, so I can accept this trade-off. Sandboxie seems to frequently suffer from various compatibility issues. I'm curious if it's possible for Sandboxie to use Hyper V (API or something) to achieve isolation? Windows Sandbox, a temporary sandbox that uses the hardware virtualization function of Hyper V, is not only highly defensive but also highly compatible. However, its disadvantage is that it has very poor customization capabilities and cannot be moved to a Ram disk. While I don't know at all if it would be possible to do this and it would become like a virtual machine, the defense would be stronger with hardware virtualization.
Using 1.14.8 on Win 10 should I be able to delete a partial download ? If I decide to download for example LibreOffice, and then decide not to because the download at this time is too slow, I click on the partial download and select delete. I am asked if I want to delete the 1 selected item and I say yes. It won't delete until the download is complete. Is this how it should be?
The file cannot be deleted while it is in use by the browser. However, if you cancel the download from the browser, the file will be removed.
There's an issue in SBIE Plus 1.14.8 and back that's been bugging me for a long time. From time to time, while vivaldi is sandboxed, the Bitwarden extension is not usable. The only remnants of it is the generic blue extension icon icon. However, if Vivaldi is not sandboxed the extension works just fine. This is not always the case; about 20% of the time bitwarden works fine sandboxed, the rest is as described. I'm not sure what exactly is causing this, but I have constantly get rid of and re-add the extension. Any ideas?
@DavidXanatos BSOD when closing Chrome while browsing Gmail account on Windows 10 x64. It has happened two times since yesterday. https://pixeldrain.com/u/LpUe1H7i
try going back to an older version to check if its something in the build or something changed in your system.
