Sandboxie-Plus v1.12.3

Release Notes

This build brings a lot of usability improvements most notably the ability to auto force all removable media (Requires a supporter certificate).


In the settings exceptions can be specified, based on the volume serial number to exclude selected devices form forced sandboxing.

This build also enhances on the global hot keys, two new hot keys have been added "Alt + Break" to bring the sandman window in front with the top most flag set, and "Ctrl + Alt + F" to toggle disabling of forced processes, furthermore the terminate all (panic hotkey) hot key "Shift + Break" has been improved, individual sandboxes can be configured to be excluded from a blanket global terminate all command, however when the panic hotkey is invoked 3 times with < 1 sec between presses it will terminate all boxed processes, no exceptions.

Further work is ongoing to make the GOG work in a standard sandbox.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.12.3

[1.12.3 / 5.67.3] - 2023-12-02
Added

• added template to add useful exclusions to confidential boxes

Fixed

• FIXED SECURITY ISSUE ID-23 SeManageVolumePrivilege is now blocked, as it allowed to read MFT data (thanks Diversenok)
• fixed program launch when forcing processes into a confidential box #3173

[1.12.2 / 5.67.2] - 2023-11-28
Added

• added options dialog when exporting a box #3409

Changed

• moved process info retrieval to SbieSvc, resolves some information not being available in compartment type boxes when SandMan does not run as admin
• moved Process Suspend/Resume to SbieSvc #3156

Fixed

• fixed issue with Microsoft Edge when using AutoDelete option #post-3173507
• fixed warning issue Acrobat.exe: SBIE2205 Service not implemented: CredEnumerateA #issuecomment-1826280016
• fixed UNEXPECTED_KERNEL_MODE_TRAP BSOD when opening any web link from sandboxed Microsoft 365 app (e.g. Outlook, Word) #3427
• fixed issue with force process warning message
• fixed online updater does not respect portable mode #3406
• fixed Snapshot feature does not work on encrypted boxes #3439

[1.12.1 / 5.67.1] - 2023-11-23
Changed

• improved open URL dialog #3401
• improved suspended process detection

Fixed

• fixed issue with key to bring SandMan in front as top most
• fixed issue with ThreadSuspendCount failing for already terminated threads 25054d0 #3375
• fixed message text #3408
• fixed warning issue with Firefox 120.0: SBIE2205 Service not implemented: CredWriteA #3441
• fixed outdated Chromium paths #3436

[1.12.0 / 5.67.0] - 2023-10-25
Added

• added mechanism to automatically set USB drives as forced folders (Requires a supporter certificate)
• added troubleshooting script for issue #3318 with parental controls
• started German translation of the troubleshooting scripts ...\SandboxiePlus\SandMan\Troubleshooting\lang_de.json #3293
• added "get_cert SBIEX-XXXXX-XXXXX-XXXXX-XXXXX" command to UpdUtil.exe allowing to get a certificate by serial number using command line
• added mechanism to revoke leaked or refunded certificates
• added new global hotkey to bring SandMan in front as top most ALT+Break #3320
• added option to exclude specific boxes from 'Terminate all processes' #3108
  • Note: press the panic button hotkey 3 times with less than 1 second between clicks to Terminate All with NO exceptions
• added customizable global hotkey that toggles the state of "pause forced programs" #2441
• added warning to prevent broad "forced folder" settings #650
• added CheckExpectFile function to Sandboxie Plus #768

Changed

• improved suspend process handling #3375
• improved handling of issue reports
• updated reminder schedule

Fixed

• fixed issue with auto updater not offering version updates
• fixed issue with new symlink handling code #3340
• fixed issue with Scm_StartServiceCtrlDispatcherX not behaving correctly when not run as service #1246 #3297
• fixed issue with configuring the original folder of a symbolic link created using mklink to OpenPipePath #3207

Removed

• removed obsolete /nosbiectrl switch #3391

 

Uneventful so far with v1.12.3 portable install on my Win7SP1x64.
For those curious, the template to add useful exclusions to confidential boxes
is labeled "[Template_LessConfidentialBox]"

 

PSA: My plans for 1.13.x are a bit revolutionary.

I want to rework the hooking mechanism around SCM related API's to improve windows 10 comparability as well as add an advanced API call tracing mechanism.
Booth changes have the potential to break something, so before I push those changes to github it would be great to thoroughly test the current 1.12.3 build to ensure we can stick to it for a month and can with no hurry test and debug the 1.13.x pre release builds.

So please test the current build and let me know if there is anything urgent that needs fixing before 1.13.x

 

Aren't you afraid you are taking this redesign a bit too far, what if you will introduce new security holes? And I have read a bit of discussion on a Dutch website and they were a bit annoyed that Sandboxie isn't freeware anymore, they get to see nagscreens, is this true? And if you buy SBIE Premium, is this a lifetime license or not? I'm still using an older version so I wouldn't know.

 

@stapp
The USB Sandbox feature automatically sets the drive path of the inserted USB as a ForceFolder to the sandbox defined for the USB Sandboxing.

Yes

You can uncheck it from the USB drive list. (Options > Global Settings > Program Control > USB Drive Sandboxing)

 

No, security wise only the driver and service mater, SbieDll.dll does not implement any hard security boundary.
Some changes are required to fix bugs or enhance functionality.

There is a support reminder window with varying frequency, if you have been using sbie for more than a year it will be displayed once a week.

All regularly priced Premium options are time limited, see https://sandboxie-plus.com/feature-comparison/
To summarize you can buy a 1 year subscription for half the price or the current version with 1 year of updates that works forever at full price.
In the first case you must renew your subscription after 1 year to keep using Premium features.
In the second case you can stick to the last update included in your purchase and use it forever, but if you want/need to use a update release thereafter you need to get a new license.

 

Assuming Macrium is installed on your host system and does not run any of its processes from that USP stick and does not rum them with the stick being set as working directory, sandboxie should not interfere.

 

Are your backups there or the backup tool?
If the tool then you have a problem, you can exclude selected volumes by their serial number from being set as a forced folder.
If you only store the backups on the USB stick that should be fine.

The purpose of the USB sand-boxing is to protect the host from threats on the stick, not to protect the content of the stick from being altered.

 

So, with "Allow useful Windows processes access to protected processes" enabled.
I should not need "audiodg.exe" | Allow?

 

yes thats the idea and in future we may add a few more useful exclusions

 

hi
could be released a sandboxie plus 7-zip or zip version ?
it could be even better seen sandboxie plus is portable

 

Whats the benefit over just choosing the extract option in the installer?

 

hi
just run on some operation systems , on some w11 and w10 they don't let me run the installer
by the way , they are not my laptops

 

Then why do you assume will they allow you to run sandman.exe

 

because I copy mine on an usb pen , and it works

 

Peculiar what error do you get when you try to run the installer?

 

When using the internal updater (Check for updates) and there isnt a new update it would be handy to have a confirmation-screen. Like: No new updates. Press OK.

 

will be added in next build

 

I have not permission to run it , but w10 was not in english , i tried to disable uac , i guess these 2 computers had/have limit user accounts
i can't check it anymore ,or at least for few days

 

So you're saying that you never make any changes to the driver and service? Except for when you need to fix security issues, I assume?

OK I see. Of course I want you to make money, but freeware should not be nagware in my view. And cool that you can continue to use SBIE Personal if you decide not to upgrade, I assume without any nags. I do think the feature comparison maxtrix should be simplified. Also, you forgot to make a favicon for the sandboxie-plus.com website.

 

@Rasheed187
' freeware should not be nagware in my view.'

Rasheed
I agree