Sandboxie Plus 1.0.1

The new build 1.0.1 is no longer marked a pre release, as all in all only few issues appeared new in the last build and should be fixed in this one, there are still a few minor bugs but many of those are not new

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.1
Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.2
Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.3

1.0.x new feature summary:

The first major feature is Privacy Mode, here most of the PC is set to be treated like a Write[File/Key]Path meaning the sandbox locations are writable but the unsandboxed locations are not readable. The Hard disk appears empty except for C:\Windows and C:\Program Files and the registry only allows reading of the machine but not user root keys. This way sandboxed processes can work but can not access private user data.

To make this mode useful an other feature has been implemented called “Rule Specificity” it can be enabled independently but is always enabled in Privacy enhanced boxes. It allows to specify rules to override other rules, this is not based on specifying an order or priority, but instead by measuring how specific a rule is and always attributing the highest priority to the most specific rule.
Here the specificity is measures by the path length that matches the rule, except the last wildcard.

So for example the built in privacy rules plus a custom one
OpenFilePath=%AppData%\Mozilla\Firefox\Profiles*
NormalFilePath=C:\Program Files*
NormalFilePath=C:\Windows*
WriteFilePath=C:*
Here the rules are ordered by their specificity.
Also there is a new type Normal[File/Key/Ipc]Path which defines a default sandbox behavior for a path.

The next major feature is "App Compartment" mode "NoSecurityIsolation=y", this is a new mode of operation which disables the token based security isolation, which brings the security down to the level of other sand boxing solutions, but by doing so greatly improves compatibility. For all use cases where the goal is only compartmentalization, running multiple instances, etc, but not hard core security this mode is preferable as it should avoid many typical sandboxie issues caused by processes running with a heavily restricted token.
In this mode file system and registry accesses are still being filtered to enforce the access rules, this filtering can be disabled with "NoSecurityFiltering=y"

To ensure this “unsecure” mode is at least as secure as the sandboxing offered by other sandboxing products, a new object access filter was added that can be enabled with "EnableObjectFiltering=y" in the global settings.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.



Changelog

[1.0.3 / 5.55.3] - 2021-12-12

Added

• added mechanism to hook Win32 system calls on windows 10 and later, this should resolve the issue with Chromium HW acceleration
  -- Note: this mechanism does not, yet, work for 32 bit applications running under WoW64
  -- to enable it, add "EnableWin32kHooks=y" to the global ini section, this feature is highly experimental (!)
  -- the hooks will be automatically applied to Chromium GPU processes
  -- to force Win32k hooks for all processes in a selected box add "AlwaysUseWin32kHooks=program.exe,y" #1261 #1395

Fixed

• fixed bug in GetVersionExW making "OverrideOsBuild=..." not working #605 #1426
• fixed issue with some UTF-8 characters when used in the ini file
• fixed isolation issue with Virtual Network Editor #1102

[1.0.2 / 5.55.2] - 2021-12-08
Fixed

• fixed recovery window not refreshing count on reload #1402
• fixed printing issue introdudec in 1.0.1 #1397
• fixed issues with create process #1408

[1.0.1 / 5.55.1] - 2021-12-06
Added

• added checkboxes to most major box options lists
• added SumatraPDF templates (by Dyras) #1391

Changed

• rolled back change to "OpenClsid=..." handling
• made all major lists in the box options editable

Fixed

• fixed issue with read only paths introduced in 1.0.0
• fixed BSOD issue introduced in the 1.0.0 build #1389
• fixed multiple BITS notifications while running sandboxed Chromium browsers (by isaak654) ca320ec #1081
• fixed executables selection for "Run Menu" entries (by isaak654) #1379
• fixed SetCursorPos and ClipCursor ignoring DPI awareness (by alvinhochun) #1394

Removed

• removed Virtual Desktop Manager template (by isaak654) d775807 #1326

 

YEESSSS!

This seems to be a really worthy v.1.0.(x) version - at least after some preliminary assessment.

And a special "Thank You" goes to our "Sandboxie-Wizard" for undertaking the effort to finally implement those checkboxes in the GUI-options to temporarily switch on/off certain settings/options.

To make this late Santa-gift complete somehow the issue reported about Chromium-browsers >v.94 not launching any more, at least with "HW-acceleration"=ON, seems to be gone for good, too.

@DavidXanatos could you please elaborate on what has finally turned out to be the culprit for this issue or what had to be changed/fixed respectively to avoid this issue as the changelog doesn't indicate any fixes in this regard.

 

I did not fix anythign chrome specific, so possibly one of the other fixes fixed that accidently, i would guess the clsid thign most likely

 

Doe to the printing issue I have marked the release as pre release

 

Good to hear Chrome HW-acceleration issue has disappeared for @algol1, however it still remains on my 11th gen

Many thanks for your continued effort

 

With Classic 5.55.1, the Firefox problem is still there. Cannot open in sandboxie using Force. Cannot open in sandboxie in non-force mode either.

 

Just downloaded 1.0.1 on my Win 11 machine and all is well on my browsers: Edge, FF, Chrome, Brave & Vivaldi. Thanks David!

Only problem is one that I've previously reported, that is "Find on page" in Edge is not working and producing an invisible/see through, yellow outlined box. This seems to only affect my Win 11 machine, and only Edge is affected. Other Chromium browsers bring up a search box as expected.

EDIT: Just to clarify, when I say my Win 11 machine I'm referring to the OS, not the CPU. My Win 11 machine has an Intel 8th gen & a Quadro P600 GPU.

 

and on the last 9.x.x version it worked fine

 

Sad to hear that and it makes the phenomenon even more strange as my system is 11th-gen-Intel, too.

Although I may have been a little premature in my enthusiasm. True, current Chrome and Opera will launch again here but I've encountered some very strange behavior regarding playback of Instagram-videos yesterday. The video suddenly froze - as then did the browser - and after killing it and performing a restart in a new empty default-box the browser all of a sudden came up completely fullscreen without any menu or bookmarks- or even settings-bar. Neither <Esc> nor <F11> could remedy the situation. This was all the more strange as the box had been empty and only a re-boot finally brought back the browser to normal.

No clue yet if that had to do with the HW-acceleration-setting. Currently I'm back to OFF. So the jury is still out on the verdict if that issue has truly been fixed. But something must have changed as Chrome and Opera at least will launch now and will perform basic browsing without any hassle, even with HWAcc=ON..

 

do you have HW acceleration enabled on that machine? if yes than try disabling it

 

Here's an interesting thing. Yes I did have hardware acceleration enabled, so I turned it off. With HW acceleration switched off, Edge will not even launch under Sandboxie 1.0.1 on the affected machine! It loads a white window only. I did ensure thre sandbox was fully emptied first too. On re-enabling HW acceleration, Edge launches under Sandboxie as normal.

 

Update: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.2

 

Just tried 1.0.2. on this Win 11 Pro machine with Edge. Same as above. With HW acceleration OFF, the browser fails to even launch in the default sandbox. I get just a white window in a yellow border, which hangs there until I delete the contents of the sandbox (I gave it 15mins to see if it would come right). With HW acceleration ON, the browser will launch and work as expected, except for the invisible "find on page" search box. HW acceleration is enabled in all my Chromium browsers, and Edge is the only one with the "find on page" issue. EDIT can confirm that all my other chromium browsers (Chrome, Brave & Vivaldi) all launch under Sandboxie with HW both on and off on Windows 11.

Just tried launching Edge with HW acceleration OFF on a Win 10 Home machine, and it launches under Sandboxie. (EDIT as do all 6 Win 10 machines here). So this failure to launch with HW acceleration OFF in Edge seems confined to Windows 11, just like the "find on page" issue. Monica here on Wilders was able to reproduce the find on page issue in Edge on a Windows 11 machine too. She has rolled back to 10 though. Not sure how many other Win 11 users there are here to test the launching with HW acceleration off.

 

Yes thay should, realyl strange did you unpack plus only as a portable install?

Anyhow the order is this if a ini file is found in the folder with the driver it is used, alse an ini under c:\windows is used, if non is present one is created in the windows folder

 

https://github.com/sandboxie-plus/Sandboxie/issues/1424

 

And here. Good to know it's known now.

https://www.wilderssecurity.com/threads/sandboxie-plus-1-0-0.442171/page-9#post-3055281

Right now, Plus is on hiatus until things get ironed out.

 

well its always looking if new boxed processes were started t be able to change the icon on demand but when its minimized it should not use much spu

 

Well...in my case, it was while the system was otherwise idle. No browser, boxed or otherwise, was open. So in theory there should be no activity from Sandman.

Also, the issue was not apparent in previous versions, like below 1.0.0. Would any changes in the changelog have justified an increase in cpu user, albeit minimal? This is a rhetorical question, of course, but something I questioned in my above linked post.

 

Well it needs to check if something is running so there will always be some usage
and no the changes to 1.0.x should not have caused an increase in cpu usage, that6s quite strange

 

I had high CPU usage some builds ago: https://www.wilderssecurity.com/thr...ith-signed-driver.434924/page-22#post-2980983

Average CPU usage is 0,3% now. A little bit high, considering i have a strong CPU, but i can live with it.