Sandboxie-Plus 1.15.0, 1.15.1

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Oct 19, 2024.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    This build of Sandboxie Plus version 1.15.0 introduces several impactful enhancements, focusing on user-specific operations and security improvements. A notable addition is the new user proxy mechanism, which enables user-specific operations, as well as support for Encrypting File System (EFS) through the user proxy. By adding the configuration 'EnableEFS=y' to the sandbox, users can now leverage EFS within the sandbox environment. Furthermore, a breakout document feature has been implemented, allowing users to specify certain file paths and extensions that can escape the sandbox. However, users are warned to avoid paths terminated with wildcards as they may open up security vulnerabilities, enabling the execution of malicious scripts outside of the sandbox.

    In terms of security, a new mechanism has been added to restrict access to box folders, allowing only the user who created the folder to access it by setting 'LockBoxToUser=y'. Additionally, users now have the option to retain the original Access Control Lists (ACLs) on sandboxed files or modify them, providing more flexibility in access management, this may introduce compatibility issues though. Another new feature is the 'OpenWPADEndpoint=y' option, which allows to open system proxy configuration access. On the technical side, improvements have been made to the startup processes for SandboxieCrypto and Sandboxed RPCSS, as well as refinements to the user interface controls.

    These updates mark a significant step forward in both the security and functionality of Sandboxie Plus.

    Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.15.1
    Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.15.0


    [1.15.1 / 5.70.1] - 2024-10-29

    Fixed
    • fixed Sandboxie crypto fails to start in red boxes
    • fixed issue with breakout process when using explorer.exe
    Changed
    • validated compatibility with Windows build 27729 and updated DynData
    [1.15.0 / 5.70.0] - 2024-10-19

    Added

    • added new user proxy mechanism to enable user specific operations
    • added Support for EFS using the user proxy #1980
      • to enable add 'EnableEFS=y' to the sandbox config
    • added break out document functionality #2741
      • use a syntax like this 'BreakoutDocument=C:\path*.txt' to specify path and extension
      • Security Warning: do not use paths terminated with a wild card like 'BreakoutDocument=C:\path*' as thay will allow for executeion ot maliciouse scripts outside teh sandbox!!!
    • added mechanism to set set box folder ACLs to allow only the creating user access 'LockBoxToUser=y'
    • added option to keep original ACLs on sandboxed files 'UseOriginalACLs=y'
    • added option 'OpenWPADEndpoint=y' #4292
    Fixed
    • fixed ImDiskApp uninstall key is always written to the registry #4282
    Changed
    • improved SandboxieCrypto startup
    • improved Sandboxed RPCSS startup
    • Set tab orders and buddies of UI controls #4300 (thanks gexgd0419)
     
    Last edited: Oct 29, 2024
  2. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    Here is where to find the new options.

    It would be great if you could test then thoroughly


    upload_2024-10-19_12-24-13.png

    upload_2024-10-19_12-23-22.png

    upload_2024-10-19_12-23-49.png
     
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    25,688
    Location:
    UK
    No issues so far using 1.50 on Win 10 with Vivaldi and Edge (have not tested new options)
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    talking about the new options thay really only work when you first clear the sandbox, as they only apply to newely created files and folders
     
  5. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    580
    Compared to v1.14.x, there are nine .dll files missing in v1.15.0 (upon extraction of x64). Is this intentional?
    concrt140.dll
    msvcp140.dll
    msvcp140_1.dll
    msvcp140_2.dll
    msvcp140_atomic_wait.dll
    msvcp140_codecvt_ids.dll
    vccorlib140.dll
    vcruntime140.dll
    vcruntime140_1.dll
     
    Last edited: Oct 19, 2024
  6. DjKilla

    DjKilla Registered Member

    Joined:
    Oct 4, 2021
    Posts:
    237
    Location:
    Tampa, FL
    The first setting dealing with EFS, I'm trying to find a good use case for it. If I'm using a red box in Sandboxie, paths are closed off unless I open the paths within the 'Resource Access' tab. So why would I need access to an EFS folder/file when I already have the extra protection a red box gives? To be more specific, I have MS Edge, Firefox and Thunderbird sandboxed without EFS. I don't see a need to have these folders or files encrypted. Am I missing something? What benefit would I gain from using EFS with the three apps I have sandboxed? Perhaps using EFS would be more useful for a folder with pics so If someone was able to somehow download the pics, they would be encrypted. Then I can see why this setting would be useful, so you can access your encrypted pics using EFS. That's the only use case I can think of. Is this correct?

    The third setting, I'm assuming is better security but it would/could come at the price of compatibility. Am I correct on this?
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,065
    Location:
    .
    Installed v1.15.0 on top of v1.14.10

    Now sbie is popping lots of
    Code:
    PID 2388: SBIE2214 Request to start service 'cryptsvc' was denied due to dropped rights
    PID 2388: SBIE2219 Request was issued by program PROGRAM.exe [PROGRAM]
    
     
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    whats your box config for the afected box?
     
  9. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    EFS support is ment to allow sandboxed programs to work with unsandboxed EFS encrypted files.

    Booth ACLs related settings are intended to protect user data in multi user scenarios,
    as it was in the past any user could access any sandbox of any other user what was not good.
     
  10. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    No github broke something in their CI setup such that a path to the VS redistributable is no longer set in the environment, in the next build this will be fixed by generating the path for the missing dll's manually.
    The files not being there should be only a problem for new installations on systems which don't have the vs redist installed already.
    The files will be present in 1.15.1 again
     
  11. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    580
    I do not have vs redist (only vc redist).
    Should I copy the nine dll files from v1.14.10 to the v1.15.0 folder? I run Sbie (on Win 7x64) in portable mode.
     
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,065
    Location:
    .
    Red box
     
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    Yes just take the old once
     
  14. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    I found the issue, will be fixed in 1.15.1
     
  15. g17

    g17 Registered Member

    Joined:
    Sep 30, 2017
    Posts:
    105
    Location:
    MI
    Hi David, I still use the classic version of sandboxie and this latest release has caused me some issues, but I think they are on my end. Lots of errors pop up when I try to run programs that have run in the past but I've been tweaking some things so I think it's me. Chrome in particular is an issue but it may lie with a chrome update.

    How does the classic version change (if at all) with all the updates to the other version? Thanks.
     
  16. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
  17. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,358
    Location:
    sweden
    It, still, as with .0, auto delete the box when closing the browser.
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,065
    Location:
    .
  19. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    424
    Location:
    uk
    David,
    FYI 1.15.1 is blocked by AVG on my pc so I had to turn it off to install.

    Also my sub is due for renewal in 25 days, but where do I get the serial number to upgrade? My update key is clearly not it. If I follow the link from SB+ I get to a standard purchase page, but I thought there was a discount for renewal; maybe I'm wrong.
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,429
    Location:
    Viena
    There is no discount for renewal yet, but you can email me to get a discount code.
     
  21. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,606
    Location:
    Location Unknown
    Is it possible to functionally sandbox MS Office? If so, how?
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,065
    Location:
    .
    The billion dollar question.
    But there's a cheap/quick answer: no it's not possible.
     
  23. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,358
    Location:
    sweden
    @DavidXanatos

    With full 24H2 SB-Plus caused my pc to have problems with boot. The problem has been for a while and got more of an issue over time. I am not 100% sure that SB-P is the cause but, when i uninstalled it, the problem disappeared.

    The pc sometimes just stuck on boot, sometimes as long as 20-25 to 45-50 minutes. But mostly just a delay.
    This with the 2 latest versions.
     
  24. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    25,688
    Location:
    UK
    Just in case it is relevant, do you have Fast Boot off or on?
     
  25. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    424
    Location:
    uk
    :thumb: I've messaged you here
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.