Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Sandboxie+ BETA RELEASE v0.9.0a / 5.51.0
Message
<blockquote data-quote="bjm_" data-source="post: 953034" data-attributes="member: 36475"><p>Sandboxie+ <strong>BETA RELEASE</strong> v0.9.0a / 5.51.0</p><p>[plain]https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.9.0a[/plain]</p><p>Note: Pre-release</p><p></p><p><strong>This build is a Test build, a BETA RELEASE, testing the new functionality to use Windows Filtering Platform (WFP) to implement a per sandbox firewall.</strong></p><p>This functionality needs to be enabled in the global Sandboxie settings, and the driver needs to be reloaded (or the PC rebooted) for the feature to be activated. Once this is done the firewall rules which can be configured in the network options of each sandbox, will be enforced by the driver.</p><p>If the WFP support is not enabled the same rules still can be set and are used, but will be applied only by a set of user mode hooks, unlike the WFP implementation they will apply only to outgoing connections and there are no enforcement guarantees as user mode hooks can be bypassed or disabled by a malicious application.</p><p></p><p>The rational behind implementing this functionality in user and kernel mode (driver) instead of driver only is twofold for once it allows for debugging of the rule processing code as booth modes use the same code to make decisions based on the preset rules. Second the WFP callouts are global i.e. they are triggered for any process on the system whether its sandboxed or not, in the lather case they don't do anything and the use of a hash map to identify sandboxed programs that require action should provide optimal performance. That said users who run a 3rd party firewall which they may prefer may not want to many firewalls being active at once, while still wanting to use some per sandbox network rules for compatibility and not security reasons.</p><p></p><p>Also please note that with this build the old "BlockPort=..." functionality is completely dropped, the default port block rules are now implemented by the new user mode firewall component, if you have custom BlockPort entries in your sandboxie ini they will need to be updated by hand to the new format, for example "BlockPort=137,138,139,445" -> "NetworkAccess=Block;Port=137,138,139,445"</p><p></p><p>The rules are applied based on a specific decision priority:</p><ol> <li data-xf-list-type="ol">A rule for a specified program trumps a rule for all programs except a given one, trumps rules for all programs</li> <li data-xf-list-type="ol">A rule with a Port or IP trumps a rule without<br /> 2a. A rule with ip and port trums a rule with ip or port only<br /> 2b. A rule with one ip trumps a rule with an ip range that is besides that on the same level</li> <li data-xf-list-type="ol">Block rules trump allow rules</li> <li data-xf-list-type="ol">A rule without a protocol means all protocols, a rule with a protocol trumps a rule without if its the only difference</li> </ol><p>The rule editing UI allows for testing rules, in the row below the rule list one can enter program name, port, ip and protocol to see which rules are in play and which rule will be applied in the end.</p><p>[ATTACH=full]259918[/ATTACH]</p><p>When configuring per process network access restrictions and WFP is enabled it is possible to choose between a WFP based approach and the old sandboxie way of blocking the network device end points. The later approach is more absolute, but is know for causing some application to crash.</p><p>[ATTACH=full]259919[/ATTACH]</p><p>If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.</p><p>[...]</p><p>[URL unfurl="true"]https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.9.0a[/URL]</p><p>Note: pics r paste from [plain]https://www.wilderssecurity.com/threads/sandboxie-plus-0-9-0.439305/[/plain]</p></blockquote><p></p>
[QUOTE="bjm_, post: 953034, member: 36475"] Sandboxie+ [B]BETA RELEASE[/B] v0.9.0a / 5.51.0 [plain]https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.9.0a[/plain] Note: Pre-release [B]This build is a Test build, a BETA RELEASE, testing the new functionality to use Windows Filtering Platform (WFP) to implement a per sandbox firewall.[/B] This functionality needs to be enabled in the global Sandboxie settings, and the driver needs to be reloaded (or the PC rebooted) for the feature to be activated. Once this is done the firewall rules which can be configured in the network options of each sandbox, will be enforced by the driver. If the WFP support is not enabled the same rules still can be set and are used, but will be applied only by a set of user mode hooks, unlike the WFP implementation they will apply only to outgoing connections and there are no enforcement guarantees as user mode hooks can be bypassed or disabled by a malicious application. The rational behind implementing this functionality in user and kernel mode (driver) instead of driver only is twofold for once it allows for debugging of the rule processing code as booth modes use the same code to make decisions based on the preset rules. Second the WFP callouts are global i.e. they are triggered for any process on the system whether its sandboxed or not, in the lather case they don't do anything and the use of a hash map to identify sandboxed programs that require action should provide optimal performance. That said users who run a 3rd party firewall which they may prefer may not want to many firewalls being active at once, while still wanting to use some per sandbox network rules for compatibility and not security reasons. Also please note that with this build the old "BlockPort=..." functionality is completely dropped, the default port block rules are now implemented by the new user mode firewall component, if you have custom BlockPort entries in your sandboxie ini they will need to be updated by hand to the new format, for example "BlockPort=137,138,139,445" -> "NetworkAccess=Block;Port=137,138,139,445" The rules are applied based on a specific decision priority: [LIST=1] [*]A rule for a specified program trumps a rule for all programs except a given one, trumps rules for all programs [*]A rule with a Port or IP trumps a rule without 2a. A rule with ip and port trums a rule with ip or port only 2b. A rule with one ip trumps a rule with an ip range that is besides that on the same level [*]Block rules trump allow rules [*]A rule without a protocol means all protocols, a rule with a protocol trumps a rule without if its the only difference [/LIST] The rule editing UI allows for testing rules, in the row below the rule list one can enter program name, port, ip and protocol to see which rules are in play and which rule will be applied in the end. [ATTACH type="full" alt="1627585203687.png"]259918[/ATTACH] When configuring per process network access restrictions and WFP is enabled it is possible to choose between a WFP based approach and the old sandboxie way of blocking the network device end points. The later approach is more absolute, but is know for causing some application to crash. [ATTACH type="full" alt="1627585221192.png"]259919[/ATTACH] If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build. [...] [URL unfurl="true"]https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.9.0a[/URL] Note: pics r paste from [plain]https://www.wilderssecurity.com/threads/sandboxie-plus-0-9-0.439305/[/plain] [/QUOTE]
Insert quotes…
Verification
Post reply
Top