Sandboxie is a proprietary sandbox based isolation program for Windows operating systems. It creates a sandbox-like isolated operating environment.
There you can run or install all applications without permanently modifying the local or mapped drive. An isolated virtual environment allows to control testing of untrusted programs and web surfing.
Sandboxie runs your programs in an isolated space. It prevents them from making permanent changes to other programs and data in your computer.
When you run a program on your computer, data flows from the hard disk to the program via read operations. The data is then processed and displayed, and finally flows back from the progam to the hard disk via write operations.
Sandboxie changes the rules such that write operations do not make it back to your hard disk.
- Intercept changes to both your files and registry settings, making it virtually impossible for any software to reach outside the sandbox.
- Traps cached browser items into the sandbox as a by-product of normal operation. So when you throw away the sandbox, all the history records and other side-effects of your browsing disappear as well.
Benefits of the Isolated Sandbox:
- Secure Web Browsing. If you run Web browser under the protection of Sandboxie, all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
- Enhanced Privacy. Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.
- Secure E-mail. Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.
- Windows Stays Lean. Prevent wear-and-tear in Windows by installing software into an isolated sandbox.
Changes in Sandboxie 5.43.6:
- added explore box content menu option
- fixed thread handle leak in SbieSvc and other components
- msedge.exe is now categorized as a chromium derivate
- fixed chrome 86+ compatybility bug with chroms own sandbox
Changes in Sandboxie 5.43.5:
- added core version compatybility check to sandman UI
- added shell integration options to SbiePlus
- SbieCtrl does not longer auto show the tutorian on first start
- when hooking, the to the trampoline migrated section of the original function is not longer noped out — it caused issues with unity games, will be investigated and re enabled later
- fixed color issue with vertical tabs in dark mode
- fixed wrong path separators when adding new forced folders
- fixed directroy listing bug intriduced in 5.43
- fixed issues with settings window when not being connected to driver
- fixed issue when starting sandman ui as admin
- fixed auto content delete not working with sandman ui
Changes in Sandboxie 5.43:
- added a proper custom installer to the the Plus release
- added sandbox snapshot functionality to sbie core
- filesystem is saved incrementally, the snapshots built upon each other
- each snapshot gets a full copy of the box registry for now
- each snapshot can have multiple children snapshots
- added access status to resource monitor
- added setting to change border width
- added snapshot manager UI to SandMan
- added template to enable authentication with an Yubikey or comparable 2FA device
- added ui for program allert
- added software compatybility options to teh UI
- SandMan UI now handles deletion of sandboxe content on its own
- no longer adding redundnat resource accesses as new events
- fixed issues when hooking functions from delay loaded libraries
- fixed issues when hooking an already hooked function
- fixed issues with the new box settings editor
- removes deprecated workaround in the hooking mechanism for an obsolete antimalware product
Changes in Sandboxie 5.42.1:
- Added settings window
- added translationsupport
- added dark theme
- added auto start option
- added sandbox options
- added debug option “NoAddProcessToJob=y”
- improved empty sandbox tray icon
- improved message parsing
- updated homepage links
- fixed ini issue with sandman.exe when renaming sandboxes
- fixed ini auto reload bug introduced in the last build
- fixed issue when hooking delayd loaded libraries
Changes in Sandboxie 5.42:
- API_QUERY_PROCESS_INFO can be now used to get the original process token of sandboxed processes
— Note: this capability is used by TaskExplorer to allow inspecting sandbox internal tokens
- Added option “KeepTokenIntegrity=y” to make the sbie token keep its initial integrity level (debug option)
— Note: Do NOT USE Debug Options if you dont know their security implications (!)
- Added process id to log messages very usefull for debugging
- Added finder to resource log
- Added option to hide host processes “HideHostProcess=[name]”
— Note: Sbie hides by default processes from other boxes, this behavioure can now be controlled with “HideOtherBoxes=n”
- Sandboxed RpcSs and DcomLaunch can now be run as system with the option “ProtectRpcSs=y” howeever that breaks sandboxed explorer and other
- BuiltIn Clsid whitelist can now be disabled with “OpenDefaultClsid=n”
- Processes can be now terminated with the del key, and require a confirmation
- Added sandboxed window border display to SandMan.exe
- Added notification for sbie log messages
- Added Sandbox Presets sub menu allowing to quickly change some settings
— Enable/Disable API logging, logapi_dll’s are now distributed with SbiePlus
— And other: Drop admin rights; Block/Allow internet access; Block/Allow access to files on te network
- Added more info to the sandbox status column
- Added path column to SbieModel
- Added info tooltips in SbieView
- Reworked ApiLog, added pid and pid filter
- Auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes
- Sandbox names now replace “_” witn ” ” for display allowing to use names that are build of separated words
- added mising PreferExternalManifest itialization to portable mode
- fixed permission issues with sandboxed system processes
— Note: you can use “ExposeBoxedSystem=y” for the old behaviour (debug option)
- fixed missing SCM access check for sandboxed services
— Note: to disable the access check use “UnrestrictedSCM=y” (debug option)
- fixed missing initialization in serviceserver that caused sandboxed programs to crash when querying service status
- fixed many bugs that caused the SbieDrv.sys to BSOD when run with MSFT Driver Verifier active
— 0xF6 in GetThreadTokenOwnerPid and File_Api_Rename
— missing non optional parameter for FltGetFileNameInformation in File_PreOperation
— 0xE3 in Key_StoreValue and Key_PreDataInject
Changes in Sandboxie 5.41.2:
- improved debugging around process creation errors in the driver
- added option SeparateUserFolders=n to no longer have the user profile files stored separately in the sandbox
- added SandboxieLogon=y it makes processes run under the SID of the “Sandboxie” user instead of the Anonymous user
Note: the global option AllowSandboxieLogon=y must be enabled, the “Sandboxie” user account must be manually created first and the driver reloaded, else process start will fail
- fixed some log messages going lost after driver reload
- found a workable fix for the MSI installer issue, see Proc_CreateProcessInternalW_RS5
Changes in Sandboxie 5.41.1:
- added different sandbox icons for different types — Red LogAPI/BSA enabled — More to come 😀
- Added progress window for async operations that take time
- added DPI awareness
- the driver file is now obfuscated to avoid false positives
- additional debug options to sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y — Note: using these options weekens the sandboxing, they are intended for debugging and may be used for better application virtualization later
- SbieDll.dll when processinh InjectDll now looks in the SbieHome folder for the Dll’s if the entered path starts with a backslash — i.e. “InjectDll=\LogAPI\i386\logapi32v.dll” or “InjectDll64=\LogAPI\amd64\logapi64v.dll”
- IniWatcher did not work in portable mode
- service path fix broke other services, now properly fixed, may be
- found workaround for the msi installer issue
Changes in Sandboxie 5.33.3:
- Fixes issues related to browser downloads failing in Sandboxie 5.33.2 when Windows Search is disabled.
Changes in Sandboxie 5.33.2:
- Fixes crash on Windows 10 Slow/Fast Ring builds.
- Note: IE downloads fails on the Windows 10 Slow/Fast Ring builds if “Windows Search” is turned OFF from the task bar.
Changes in Sandboxie 5.33.1:
- [FIXED] Microsoft Accounts
Changes in Sandboxie 5.31.6:
- Added support for running Sandboxie in Windows 10 19H2 (b18363)
- Fix issues with running Sandboxie in Windows 10 FR (not guaranteed to work due to upcoming kernel changes)
Changes in Sandboxie 5.31.4:
- Removed license check and activation requirements.
- Fix IE download issues on Windows 7 and 10
- Fix IE download issues (and some file rename failures) on Windows 10 Spring 2019
Homepage – https://www.sandboxie.com
Supported Operating Systems: Windows XP – Windows 10 (32-bit, 64-bit).
Translations: English, Albanian, Chinese (Simplified and Traditional), Czech, Finnish, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brasil), Russian and Turkish.
Size: 2.34 MB