In the 1.14.x release line, several significant updates and fixes have been introduced to enhance the functionality and performance of sandboxed processes. These enhancements are aimed at providing users with a more robust and versatile experience, ensuring smoother and more secure operations. One of the major updates is the introduction of the ability to force sandboxed processes to use a predefined SOCKS5 proxy. This feature allows for more controlled and secure network interactions. Additionally, the capability to intercept DNS queries for logging or redirection has been added, providing administrators with greater oversight and flexibility in managing network traffic. Notably, support for SOCKS5 proxy authentication based on RFC1928 has been incorporated, thanks to Deezzir's contributions, who also developed a Test Dialog UI for the SOCKS5 proxy. It is important to note that utilizing the Proxy and DNS features requires an advanced type certificate. The release also introduces a new command line option, /fcp /force_children, to the start.exe utility. This option enables the initiation of a program outside the sandbox while ensuring that all its child processes are sandboxed, enhancing security without compromising flexibility. Additionally, a new feature allows for the limitation of memory usage and the number of processes within a single sandbox through job objects. This was made possible by Yeyixiao's contribution and can be configured using "TotalMemoryLimit" for overall sandbox memory limits and "ProcessMemoryLimit" for individual process limits. Further improvements include the addition of a new "Sandboxie\All Sandboxes" SID to the token creation process, which fundamentally alters the token creation mechanism. This feature can be activated with the "SandboxieAllGroup=y" setting. Users can now also configure the "EditAdminOnly=y" setting on a per-box basis, providing more granular control over administrative permissions. Additionally, a new UI option allows users to start unsandboxed processes while forcing child processes into a sandbox, and the "AlertBeforeStart" option prompts a warning before launching a new program into the sandbox if the initiating program is not a Sandboxie component. Moreover, the update introduces a mechanism to block unsafe calls via RPC Port message filtering and a template to prevent sandboxed processes from accessing system information through WMI. A new "Job Object" Options page has been added, consolidating all job object-related options for easier management. Several critical fixes have been implemented, including resolving Chrome printing problems and various bugs affecting sandbox properties and program launching. Compatibility with Steam running sandboxed has also been improved. Compatibility with Windows build 26217 has been validated, and dynamic data has been updated accordingly. Finally, an issue with an early batch of Large Supporter certificates has been resolved, ensuring smoother operation and fewer disruptions. These updates collectively enhance the security, performance, and usability of sandboxed processes, providing users with a more reliable and efficient environment. Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.14.3 This build is considered final, it will be distributed instantly in the preview update channel, when no issues materialize it will be published in the stable channel in a few days and on the website.
@DavidXanatos Your incremental innovations and improvements with Sandboxie is above and beyond merely impressive. I look forward to the update when it's released in the stable channel. No doubt you should be awarded a Nobel Prize in software development if the award existed. Maybe due to the limited number of hours in a day, a lack of interest on your part, etc; it would way likely pique the interest of a massive sample of your followers if you ever decided to dabble in developing an app identical in every operational respect to "Shadow Defender" and "Faronics Deep Freeze." Of course, it's a niche product for a selective market. Just a thought...
Updated Win 10 via the preview update channel. No issues so far apart from having to restart via sandman after the download.
