Sandboxie fork with version 1.0.22 Final – new features in the Plus version

[German]David Xanatos informed me back in June 2022 that he had completed an update for Sandboxie in version v1.0.22 / 5.55.22 and released it on Githib. Thus, this version is so "really final", as he put it. There is also a Sandboxie Plus with some new features. Here is some information about it.


Advertising

The history

Sandboxie was developed by Sophos for application virtualization and later released as open source (see also Sandboxie is now Open Source and this GitHub project page). Sophos acquired Sandboxie from Invincea, which had previously acquired it from the original author, Ronen Tzur. It is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. David Xanatos took the released source code and developed it further as a fork. The project is available on the GitHub Sandboxie page.

Sandboxie v1.0.22 / 5.55.22

David wrote about version 1.0.22: This build brings a few fixes as well as a few small features, most notably support for the new Windows 11 Explorer context menu. To enable it, the setting must be manually switched to Windows 11. A later installation update will automate this for Win 11. Here are the extensions:

  • added auto update download and silent install option to sandman.exe #917
  • trace monitor mode can now also save to file #1851
  • trace log now shows ipc object type information
  • added support for windows 11 context menus

In addition, there are some fixes:

    • fixed sandman crash issue #1846
    • fixed issue with windows server 2022 build 20348
    • fixed translation switching issues #1852

The Classic versions of Sandboxie can be downloaded from the GitHub page.

Other news about Sandboxie Plus

On the Sandboxie-Plus.com homepage, David has also introduced the new Plus features. Here is an overview:


Advertising

Rule Specificity -> data protection *

  • With this option rules are prioritized based on their specificity (see changelog/docs for details) this way sub paths can be readable/writeable while parent parts are still protected. With this applying a preset rule collection all locations potentially containing personal data can be protected. Applications running in boxes with personal data protection will see an empty PC with no user data on it.

Compartment Mode *

  • This mode is intended to optimize compatibility at the cost of security, here sandboxie's token-based isolation scheme is not used. Isolation is limited to the FS minifilter as well as registry and object callbacks. This has the potential to greatly improve compatibility with variouse applications.

WFP (Windows Filtering Platform) support

  • With this feature Sandboxie can be like an application firewall which applies the rules on a per box bases allowing the same application access to the internet in one box while blocking it in another.

Windows 11 context menu integration

Process/Thread handle filtering (obCallbacks)

  • Using this mechanism greatly improves on isolation of processes and provides enhanced security.

Win32 syscall hooking

  • With this feature win32 sys calls can get the same treatment as NT sys calls which helps with graphics and hw acceleration.

    New UI with dark mode and much more
  • Sandboxie-Plus bring an entirely new Qt based UI sandman.exe
  • Customizable per box run menu
  • Global hotkey to terminate all boxes
  • INI section editor for easy configuration of advanced options
  • Box event triggers/scripts
  • Ability to stop selected applications from running globally, regardless of box presets

Snapshots

  • Sandboxie-Plus can create box snapshots, with them it is possible to easily revert a box to a defined previous state.
  • Box set to auto delete will when available auto revert to the last snapshot allowing to benefit from a fresh clean box each time but with some preset configuration

Enhanced debug/trace monitor

Fake admin privileges

  • Allows to make all processes in a box think thay have admin permissions and act accordingly, without the potential draw backs of granting them admin permissions

A lot of security fixes

  • FIXED: memory of unsandboxed processes can no longer be read, exceptions can be configured
  • FIXED: NtCreateSymbolicLinkObject was not filtered (thanks Diversenok)
  • FIXED: in certain cases, a sandboxed process could obtain a handle on an unsandboxed thread with write privileges
  • FIXED: Hard link creation was not properly filtered (thanks Diversenok)
  • FIXED: when starting COMSRV unboxed, the returned process handle had full access
  • FIXED: the HostInjectDll mechanism allowed for local privilege escalation (thanks hg421)
  • FIXED: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
  • FIXED: a race condition in the driver allowed to obtain an elevated rights handle to a process (thanks typpos)
  • FIXED: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
  • FIXED: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
  • FIXED: the registry isolation could be bypassed, present since Windows 10 Creators Update
  • FIXED: a Sandboxed process could start sandboxed as system even with DropAdminRights in place
  • FIXED: Sandboxie now strips particularly problematic privileges from sandboxed system tokens
  • FIXED: added print spooler filter to prevent printers from being set up outside the sandbox
  • FIXED: processes could spawn processes outside the sandbox (thanks Diversenok)
  • FIXED: bug in the dynamic IPC port handling allowed to bypass IPC isolation
  • FIXED: CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
  • FIXED: fixed permission issues with sandboxed system processes
  • FIXED: fixed missing SCM access check for sandboxed services (thanks Diversenok)
  • FIXED: sandboxed processes could obtain a write handle on non-sandboxed processes (thanks Diversenok)

At wilderssecurity.com  there is now a subforum for Sandboxie.

What is Sandboxie?

Sandboxie is an application isolation program that allows you to run other software on Windows in a controlled environment. To do this, Sandboxie takes control when the application is installed and isolates all file and registry accesses and redirects them into separate files. Xanatos writes about this:

It creates a sandbox-like isolated operating environment where applications can be run or installed without permanently changing the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and surfing the Internet.

The isolation technology used by Sandboxie separates the programs installed in this way from the underlying operating system. This prevents unwanted changes from being made to personal data, programs and applications that are safely stored on the hard drive. Sandboxie therefore allows software to be tested and later uninstalled from the system without leaving any residue.

Similar articles:
Sophos releases Sandboxie 5.31.4 for free
Sandboxie is now Open Source
Sandboxie Build 0.3/5.42 released


Advertising

This entry was posted in Software and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).