New Update Sandboxie+ Release v1.0.17 / 5.55.17

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Sandboxie+ Release v1.0.16 / 5.55.16
https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.16
Note: Pre-release

This build fixes a couple of issues, but also introduces a major change in how sandboxie controls access to process memory.


Before this build sandboxie allowed sandboxed programs to read the memory of any unsandboxed program belonging to the current user, this is obviously a bad idea if your goals is not only infection prevention but also data protection. Hence with 1.0.16 onwards sandboxie will not allow for PROCESS_VM_READ on unsandboxed processes or processes belonging to other boxes.
To facilitate compatibility this build introduces a IPC options, with ReadIpcPath=$program.exe any unboxed process can be configured to allow for PROCESS_VM_READ, it is also possible to restore the old behavior entirely by specifying ReadIpcPath=$:*
By default the only process whos memory can be read is explorer.exe many processes want that and explorer should not keep any secrets normally anyways. To block this you can use ClosedIpcPath=$:explorer.exe

To facilitate optimal process isoaltion the EnableObjectFiltering option is now on by default, although this only applies for new installations, hence its recommend for existing installation to go to settings->advanced and enable it explicitly.

Other changes in this build include a simple resource access monitor mode and a change how process paths are resolved for sandboxed processes, this should fix a couple of issues.

Given that this build changes a couple of core mechanics it is possible that in some special cases this can lead to an incompatibility.

If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
You can support the project through donations, any help will be greatly appreciated.

 
Last edited:

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
DavidXanatos quote from Wilders
New build, it hides all process access messges thay are only shown in the UI log in the plus UI, the crash is fixed and the logging improved the errors now tell you what exact process was accessed

Sandboxie+ Release v1.0.17 / 5.55.17
https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.17
Note: Pre-release

Added

  • added checkbox to easeli allow read access to memory of unsandboxed processes (old sbie behavioure, not recommended)
pic from Wilders
1648921388146.png


 
Last edited:

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
FWIW ~ I noticed with Sandboxie Plus -> Uninstall with Remove configuration files.
png_14431.png
My Sandboxie Plus install has two Global Settings boxes checked by default that were not checked with my prior new build over-installs. Maybe, some prior build added the two Global Settings boxes. IDK
png_14434.png
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
RE: Maybe, some prior build added the two Global Settings boxes. IDK
Just noticed with released notes 1.0.16/17

Changed​

  • EnableObjectFiltering is now set enabled by default, and replaces Sbie's old process/thread handle filter
Note: IDK when .... Hook selected Win32k system calls to enable GPU acceleration (experimental) ... was enabled by default.

Edit:
System call hooking for Win32k system calls is now enabled by default, it is still used only for a hand full of calls currently, as required to get chromium Hardware Acceleration acceleration to work properly.
https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.4
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top