Sandboxie-Plus v1.12.0

Release Notes

This build brings a lot of usability improvements most notably the ability to auto force all removable media (Requires a supporter certificate).


In the settings exceptions can be specified, based on the volume serial number to exclude selected devices form forced sandboxing.

This build also enhances on the global hot keys, two new hot keys have been added "Alt + Break" to bring the sandman window in front with the top most flag set, and "Ctrl + Alt + F" to toggle disabling of forced processes, furthermore the terminate all (panic hotkey) hot key "Shift + Break" has been improved, individual sandboxes can be configured to be excluded from a blanket global terminate all command, however when the panic hotkey is invoked 3 times with < 1 sec between presses it will terminate all boxed processes, no exceptions.

Also worth mentioning is an improvement to the service handling which allows to install and run the GOG launcher sand boxed in a reduced isolation box with the following configuration:

Code:

UnrestrictedSCM=y
RunServicesAsSystem=y
NoSecurityIsolation=y
Template=RpcPortBindingsExt

Further work is ongoing to make the GOG work in a standard sandbox.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.12.0

Changelog

Added

• added mechanism to automatically set USB drives as forced folders (Requires a supporter certificate)
• added troubleshooting script for issue #3318 with parental controls
• started german translation of the troubleshooting scripts ...\SandboxiePlus\SandMan\Troubleshooting\lang_de.json #3293
• added "get_cert SBIEX-XXXXX-XXXXX-XXXXX-XXXXX" command to UpdUtil.exe allowing to get a cert by serial using command line
• added mechanism to revoke leaked or refunded certificates
• added new global hot key to bring sandman in fron as top most ALT+Break #3320
• added Exclude specific boxes from 'Terminate all processes' #3108
  • Note: press the panic button hot key 3 times with less then 1 second between clicks to Terminate All with NO exceptions
• added Customizable global hotkey that toggles the state of "pause forced programs" #2441
• added Warn or prevent broad "forced folder" settings #650
• added CheckExpectFile function to Plus #768

Changed

• improved suspend process ahndling #3375
• improved handling of issue reports
• updated reminder schedule

Fixed

• fixed issue with auto updater not offering version updates
• fixed issue with new symlink handling code #3340
• fixed issue with Scm_StartServiceCtrlDispatcherX not behaving correctly when not run as service #1246 #3297
• fixed Issue with configuring the original folder of a symbolic link created using mklink to OpenPipePath #3207

Removed

• removed obsolete /nosbiectrl switch #3391

 

It's a Pre-release.

 

Yes as github clearly states, that said, I expect it to be above average stable as the changes were not very braking since the main feature for this build is the new removable media forcing feature which is sandman ui only.

EDIT: I just noticed there is a bug unlike the changelog clearly stayts USB sandboxing fails to check for a certificate this will be fixed in the next build.

 

Technically it is equivalent to setting ForcedFolder=X:\ where X is the drive letter of your drive.
So as long as Macrium Backup runs unsandboxed and does not start any child processes with its Working Directory being located on that drive it should have no effect on it. If it does you would see some Macrium Backup processes being run in the sandbox.

You can tick the "Keep terminated" button to see after the backup if any processes were captured by the sandbox, if non were all is fine.

 

First observations:

Looking good so far, installation/upgrade went without problems although with unchanged behavior (Sandman still not going to SysTray).

Two minor issues were observed, though.

1. While the new hotkey to toggle the "PauseForcingPrograms"-mode works well its "twin-brother" "Alt + Break" seemingly does not. Without a "Break"-key on my keyboard I had to re-define the hotkey anyway but in spite of having tried out a few different key-combinations none of those did produce any effect at all. Btw, is that hotkey also meant to bring up Sandman instantaneously from the SysTray as well? Or is it just meant to bring the full window to the foreground when already running windowed yet pushed to the background by some other overlapping app-windows? I'm asking because here it did neither, in fact there was no reaction to that hotkey at all.

2. Another minor issue still unresolved actually has nothing to with v.1.12.0 at all but has been introduced a few versions ago (v.1.11.3 or so). Until some months ago, when auto-starting Sandman with Windows it would show up as the "empty-tray-icon" as long as no sandboxed process was started. Then suddenly - during startup - the tray-icon would change to full for a few seconds (assuming Sandman must have started some intermediary sandboxed process on its own) only to "go empty" again by itself representing an empty box as normal as long as no process/browser had been started.

But since v.1.11.2 or v.1.11.3 things have changed again and the tray-icon does not only "get filled" intermittently but rather stays that way, even with no sandboxed process actively started. Upon inspection once the Windows-startup-process is complete Sandman shows two processes permanently running within an otherwise empty/inactive box.
These two processes are SandboxieRpcSs.exe and SandboxieDcomLaunch.exe (see upload) and they will stay open permanently until all sandboxed processes get terminated manually or until the next(first) browser-session terminates and the box will shut down again finally terminating the above mentioned processes together with all browser-components. Only then the Sandman-tray-icon will show up empty for the first time. So the question arises as to why those 2 processes mentioned above are getting auto-started sandboxed in the first place?

 

@algol1 please post your sandman.ini file here (if you are willing to share).

 

found a bug the settign name for the top most key shoul dbe "Options/TopMostKeySequence" but was Options/TopMostSequence" to when evaluating the presets the setting was ignored will be fixe din next build

 

update 1.12.0a should fix this
please check if the updater now works as expected

 

No such settings-file here, only "Sandboxie.ini" which you can find enclosed - devoid any individual names or paths.
https://www.dropbox.com/scl/fi/znng...oxie.ini?rlkey=bdcpzcoadk2lrppye5q7qh20c&dl=0

 

I did mean sandboxie.ini, my apologies. Thanks!

 

Got an invalid signature for sandman.exe v1.12.0.1 (probably for sandman.exe.sig)... Back on v1.12.0

 

Don't know if it does - but I have serious doubts as the updater-page still says "1.12.0 (Current)".
There is however an update indicated "1.12.0a" - but clicking on that link would only take me to the Github-page with official version 1.12.0.

So how would we know if an update has actually been performed successfully?

 

Why don't you post it here in Code </> tags

 

Found a bug! When you setup everything in a red box, including a snapshot, then activate Auto Delete, extensions get completely removed/uninstalled in Microsoft Edge.

1) Open up all apps and paths to folders (Recovery folders, etc.) in an orange box.
2) Switch to a red box and create a snapshot.
3) Turn on Auto Delete.
4) Open up Microsoft Edge and extensions are gone.

My setup:
Sandboxie Plus 1.12.0 64-bit
Windows 10 64-bit
Microsoft Edge 118.0.2088.69 (Official build) (64-bit)
Thunderbird 115.4.1 64-bit
Firefox 119.0 64-bit

I have lots of extensions in Firefox including Bitwardin. Microsoft Edge only has one extension which is Bitwardin. I've done four clean installs and fully tested different scenarios, all with the same result, which is extensions get removed/uninstalled in Microsoft Edge. This ONLY happens when you turn on Auto Delete. Previous versions of Sandboxie work perfectly and didn't have this issue.

 

these links are not intended to be made to get an update, if you want to get an update the check for updates help menu option is intended.

should I change that behavior?

please clarify, what is lost extension within the sandbox, or does this bug affects extensions outside the sandbox?
also please clarify step 1) its not clear to me what you mean by "Open up all apps and paths to folders (Recovery folders, etc.) in an orange box."

 

1.12.0b is out

 

So far so good running in portable mode on Win7SP1x64

 

@DavidXanatos
https://www.wilderssecurity.com/threads/extensions-being-deleted.452618/

 

To set up a red box properly, I do a clean install of Sandboxie, then I switch to the orange box and sandbox all of my apps (Edge, Firefox, Thunderbird). I then open up each sandboxed app one at a time in Sandboxie. Each app for example, like Firefox, I'll also download a file to each folder that I added/use in File Recovery. By doing this, Sandboxie will see all the paths to use. Then I switch to the red box and create a snapshot. I then turn on Auto Delete. Both Firefox and Edge have extensions but after turning on Auto Delete then opening Edge, the extensions disappear. This ONLY happens after turning on Auto Delete.

For example, after switching to a red box and turning on Auto Delete, I'll open up Firefox then Edge. All the extensions are there for both apps. I'll then close Edge and then close Firefox. When you open Edge again, the extensions are gone. I noticed sometimes after switching to a red box with Auto Delete on, then opening Edge, the extensions are gone.

Outside of the sandbox, everything works. In the sandbox, both orange and red boxes, everything works. When you turn on Auto Delete and open up sandboxed Edge, the extensions disappear. I haven't tried the other boxes but it seems Auto Delete is causing this issue. I only use one box and not multiple boxes.

By the way, the extensions were installed outside of the sandbox and not in the sandbox.

Sandboxie.ini:

Spoiler: Sandboxie.ini

Enabled=y
BlockNetworkFiles=y
BorderColor=#0423ee,off,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseSecurityMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
Template=Edge_Force
Template=Firefox_Force
Template=Thunderbird
ForceProcess=thunderbird.exe
NormalFilePath=firefox.exe,D:\Data
NormalFilePath=firefox.exe,D:\Jerry
NormalFilePath=firefox.exe,D:\Sweepstakes
OpenFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Local\Mozilla
OpenFilePath=firefox.exe,C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
OpenFilePath=thunderbird.exe,C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
OpenFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\q95iey25.default-release\storage
OpenFilePath=msedge.exe,C:\Users\Rockin' Jerry\AppData\Local\Microsoft\Edge
NormalFilePath=firefox.exe,C:\Users\Rockin' Jerry\AppData\Roaming\Mozilla
ReadFilePath=firefox.exe,C:\Users\Rockin' Jerry\Desktop
ReadKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
ReadKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\
ProcessGroup=<InternetAccess>,thunderbird.exe,msedge.exe,firefox.exe
ProcessGroup=<StartRunAccess>,thunderbird.exe,plugin-container.exe,msedge.exe,firefox.exe
AllowNetworkAccess=!<InternetAccess>,n
ClosedIpcPath=!<StartRunAccess>,*
NotifyStartRunAccessDenied=n
ProtectHostImages=y
RecoverFolder=D:\Sweepstakes
RecoverFolder=D:\Jerry
RecoverFolder=D:\Data
UsePrivacyMode=y
AutoDelete=y

 

I tried but the preview then did show a giant text-window. I chose to avoid that. Besides I cannot see any disadvantages in posting it as a slim link.

 

Well, it was you after all who told us as of recently that the proper section in settings to deal with auto-updates would be right there in Global_settings/"Support & Update"/"Sandboxie Updater". The emphasis there being on auto-update. But so far nothing has ever happened automatically triggered by those settings. In contrast to that I would call the method now recommended via help-menu/"Check for updates" manual at best.

 

Still no auto-update, I had to fetch this one via Help-Menu again. But I can report now that the new shortcut to open up Sandman (also from SysTray) has now become operational.