github sandboxie-plus/Sandboxie v0.5.4
Release v0.5.4 / 5.46.0
on GitHub

latest releases: v1.13.7, v1.13.6, v1.13.5...
pre-release3 years ago

Urgent security fixes (thanks @diversenok)

fix

Build 5.46.0 resolves many box isolation issues some of them critical that could allow rogue applications to escape the sandbox. It is highly advised to upgrade quickly to the new builds. For further details please review the change log below.

If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.

You can support the project through donations, any help will be greatly appreciated.

ChangeLog

Added

  • Sandboxie now strips particularly problematic privileges from sandboxed system tokens
    -- with those a process could atempt to bypass the sandbox isolation (thanks Diversenok)
    -- old legacy behavior can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended)
  • added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
    -- those resources are open by default but for a hardened box its desired to close them
  • added print spooler filter to prevent printers from being set up outside the sandbox
    -- the filter can be disabled with "OpenPrintSpooler=y"
  • added overwrite prompt when recovering an already existing file
  • added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
  • added more compatybility templates (thanks isaak654)

Changed

  • Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system
    -- use "RunServicesAsSystem=y" to enable the old legacy behavior
    -- Note: sandboxed services with a system token are still sandboxed and restricted
    -- However not granting them a system token in the first place removes possible exploit vectors
    -- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence!
  • Reworked dynamic IPC port handling
  • Improved Resource Monitor status strings

Fixed

  • fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
  • fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
  • fixed issue with ipc tracing
  • fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
    -- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y"
  • fixed hooking issues SBIE2303 with chrome, edge and possibly others
  • fixed failed check for running processes when performing snapshot operations
  • fixed some box option checkboxes were not properly initialized
  • fixed unavailable options are not properly disabled when sandman is not connected to the driver
  • fixed MSI instalelr issue, not being able to create "C:\Config.Msi" folder on windows 20H2
  • added missing localization to generic list commands
  • fixed issue with "iconcache_*" when runngin sandboxed explorer
  • fixed more issues with groups
Check out latest releases or
releases around sandboxie-plus/Sandboxie v0.5.4

Don't miss a new Sandboxie release

NewReleases is sending notifications on new releases.

Get notifications