Sandboxie-Plus v1.3.1, v1.3.2

This build adds 2 new isolation mechanisms to increase security of hardened boxes, hence boxes previously designated hardened will now be downgraded in the UI to normal, and the hardened icons will be used to the new box type.
The first isolation mechanism "SysCallLockDown=y" limits the amount of ntdll syscalls which are executed with the original process token to a list of known approved syscalls
The second isolation mechanism "RestrictDevices=y" leverages rule specificity to limit the accessible driver/device endpoints to a list of known required endpoints plus whatever the user opens using the resource access rules.



Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.3.1
Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.3.2

Changelog v1.3.2
Added

• added icons to sub tabs in the box options dialog
• recovery and message pop-up menu options are not persisting across UI restarts any more
• added new box color, a white box indicates that its not really a sandbox and is displayed when the user specified OpenFilePath=* or alike

Changed

• Sandboxie no longer issues message 1301 when forced processes are temporarily disabled
  -- the message can be re-enabled with "NotifyForceProcessDisabled=y"
• reworked the "Open COM" checkbox mechanism in the plus UI
  -- Now it uses a template and it can also keep COM closed while OpenIpcPath=* is set

Fixed

• fixed compatibility issue with Proxifier #2163
• fixed encoding issue with Korean translation #2173
• fixed issues with update available message

Changelog v1.3.1
Added

• added ability to switch fusion theme independently of the dark theme
• added ability to download updates from the support page
• added missing system calls to the hardened box type 88bc06a b775264 04b2377 (thanks Mr.X)
• added search box to the Plus UI Settings and box option dialogs #2134
• added Korean translation to the Plus UI #2133 (thanks VenusGirl)
• added grouping to sandman tray menu #2148

Changed

• improved info label
• the look of vintage mode is even more vintage
• reloading the configuration with the Sandman command "Options -> Reload ini file" now updates the list of approved syscalls
• made rule specificity more specific, now a rule with less wildcards overrules a rule with more wildcards
  -- Note: tailing wildcards are evaluated separately

Fixed

• fixed issue with displaying sandbox configuration #2111
• fixed flashing issue when switching views #2050
• fixed inconsistencies with various checkboxes in the Plus UI ef4ac1b 06c89e3
• fixed a certificate validation issue 238cb44
• fixed issue with "UseRuleSpecificity" setting #2124 file.c#L965-L966

 

Everything works smoothly so far in v1.3.1 (portable)

(1) Thank you for making rule specificity more specific.
Now, privacy-box(blue) and security+privacy-box(red) can use identical added NormalFilePath lines.

(2) I kept the following ApprovedNtSyscalls in GlobalSettings from v1.3.0 sandboxie.ini.

Spoiler: ApprovedWinNtSyscalls in my GlobalSettings

Code:

[GlobalSettings]
.
.
ApproveWinNtSysCall=OpenKey
ApproveWinNtSysCall=OpenKeyEx
ApproveWinNtSysCall=CreateKey
ApproveWinNtSysCall=DeleteFile
ApproveWin32SysCall=GdiDdDDI*
ApproveWinNtSysCall=SetInformationFile
ApproveWinNtSysCall=TraceControl
ApproveWinNtSysCall=NtTraceEvent
ApproveWinNtSysCall=OpenDirectoryObject
ApproveWinNtSysCall=OpenSymbolicLinkObject
ApproveWinNtSysCall=CreatePrivateNamespace
ApproveWinNtSysCall=AlpcCreateSecurityContext
ApproveWinNtSysCall=AlpcConnectPort
ApproveWinNtSysCall=AlpcConnectPortEx
ApproveWinNtSysCall=AlpcAcceptConnectPort

Are they now included in v1.3.1 and, if so, can these lines be deleted from my ini?

 

"this" is not new, its content of used folder. turn the view off.

 

BTW, I think it's so funny. Seems like yet another company has come up with the sandboxed browser concept, just like Invincea and Bromium did, they already secured $100 million in funding. Seems like Sandboxie is a much cheaper solution to me, perhaps you can build a Sandboxie Pro version for companies?

https://talon-sec.com/product/

 

i had it by default when trialing the plus, maybe default for new boxes or you upgraded from a much older build where it was not available.

 

Um, what does Use Fusion Theme do?
I'm not seeing difference w/wo Use Fusion Theme?

 

its the generic Qt desktop theme that is used as base of the dark mode, so you only see a difference when not in dark mode.






see the difference


the normal windows theme on windows 11 RTM not 11 22H2 suxxx big times





the fustion theme looks much better

and windows 11 22H2 for good measure:

 

I'm not in "Dark Mode". I'm Vintage View - Qt/100 - W10

Spoiler: w/wo Fusion

 

vintage view in 1.3.1 uses the old windows style thats yet an other one

 

Okay. Thanks

 

2 brief observations:
1. Don't know exactly when this started, probably since v.1.3.0 - but when loading Sbie at bootup there will now be a short period when the tray-icon intermittently changes to full-status as if a sandbox had already been started whereas at that point my system doesn't (shouldn't) willfully open any sandboxed process.

2. Unfortunately I see new problems with Opera coming up the horizon. Whereas "production-version" v.90 will operate flawlessly - upcoming Developer-version v.91 all of a sudden will produce "hundreds" of "immediate-recovery"-popup-messages, mostly aimed at "data"- and "cache"-subDir of Opera itself, without having intentionally downloaded one single actual file and thereby completely overwhelming the user with popups making it practically impossible to discriminate between those unintended "artefact-downloads" and real downloads by the user waiting for intentional recovery.

 

Using Sandboxie Plus 1.3.1 and still getting a 'There is a new build of Sandboxie-Plus available'.

 

see if Sandboxie update (1.2.8b) was downloaded to your AppData\Local\Temp folder.

Also for improved reliability you can check the downloads on the project homepage: Downloads | Sandboxie-Plus where only known good builds are posted about a week or two after the GitHub release.

 

AppData\Local\Temp is empty. Downloaded v1.3.1 today from Github.

 

try machine Restart or SandMan restart. Exit SandMan -> call SandMan.
I reproduced There is a new build of Sandboxie-Plus available by calling 1.2.8b download.




Maybe, There is a new build of Sandboxie-Plus available is new feature?

 

Same here: v1.2.8b downloaded with v1.3.1 installed.The Copy link location (right click on link) does not work (see picture).

 

Yeah, maybe... There is a new build of Sandboxie-Plus available is new feature?
I've deleted temp files. There is a new build.... remains. ¯\_(ツ)_/¯

 

hmm... seams the message is not getting cleared properly, just clock on it an then chosoe cansel than it goes away

 

Yep. Thanks

 

the QtSingleApp library uses such a temp file to make there be only one instance of sandman per user, the file is locked and in use as long as there is a sandman active, it gets delted when sandman closes

 

my process is SandMan systray icon > Exit ... to delete temp file.