Tzuk specifically said: Differences between 64-bit Experimental Protection and 32-bit Protection: 1. There is no kernel mode protection for use of the EndTask API to terminate processes outside the sandbox. 2. There is no kernel mode protection that can prevent malware setting the password for a user account which does not have a password set. 3. There is no kernel mode protection that can prevent a program from writing event messages to the Windows logs. Note that Sandboxie does offer user mode protection for all these things, in this version as well as past versions. However, it must be noted that user mode protection is weaker than kernel mode. All in all, these are trivial differences and I think it is safe to say that with Experimental Protection enabled, 64-bit Sandboxie can now offer 99% of the security of 32-bit Sandboxie. Edit: One more detail I should mention about the differences. Where the 32-bit version is able to completely deny access to a resource, where necessary, the 64-bit version cannot do this. The 64-bit version can still prevent mis-use of the resource, but to be extra sure, the 64-bit version will immediately terminate any program that is misbehaving and issue a message - SBIE2314 Canceling process. http://www.sandboxie.com/phpbb/viewtopic.php?t=10201 So what does this all mean that SBIE cannot protect against kernel level threats anymore?