Sandboxie-Plus 1.17.3 / 5.72.3 introduces a range of improvements to the user interface, tray integration, and sandbox usability, while also addressing several important security issues that make this update particularly important to install promptly.

A major focus of this release is security hardening. Several vulnerabilities reported by external researchers have been resolved, including a local denial-of-service issue that could be triggered by a sandboxed process (CVE-2026-32603) as well as a bypass of the EditAdminOnly configuration protection through INI CRLF injection. Additional fixes address weaknesses in ProcessServer name validation and NamedPipeServer parameter validation, further strengthening the robustness of Sandboxie-Plus’ service-side interfaces. An issue affecting the integrity verification of the built-in updater has also been corrected, ensuring that update files are validated reliably.

Another security-relevant correction concerns the EditPassword mechanism. Previously, password hashes suffered from reduced entropy, potentially weakening protection. Newly set passwords are now stored as salted SHA-256 hashes encoded in Base64. Users should note that this improvement only applies when the password is set or changed; existing stored hashes remain in the older weaker format until the password is updated.

Beyond these security fixes, the release also resolves a number of stability and correctness issues across the codebase. These include improvements to registry handling under WOW64 that ensure the correct inheritance of 32-bit and 64-bit registry views, fixes for handle leaks in the Start Menu scanning code, and corrections to several validation and parsing routines that could previously lead to inconsistent behavior. Additional bug fixes address crashes, configuration persistence problems, and various edge cases reported by users and contributors.

On the usability side, the release introduces configurable window placement controls that allow users to specify on which monitor Sandboxie interface windows open, including main, recovery, and notification dialogs, with a configurable fallback mode. A new “Label only” border mode has been added that hides the colored frame and displays only the sandbox name label, providing a cleaner visual indicator for boxed applications. The border rendering system also gained options for controlling label width and preventing labels from being clipped by the taskbar, as well as a capture-exclusion feature that prevents sandbox borders and labels from appearing in screenshots or screen recordings.

System tray behavior has been significantly enhanced with new customization options. Users can now control whether sandbox icons appear in tray menus, display sandbox aliases instead of internal box names, and configure when sandbox status tooltips are shown. Overlay icons indicating sandbox state—such as mounted disk images, RAM disks, or auto-delete status—can also be displayed directly in the tray list. Tray and submenu performance has been improved through more efficient icon caching and reduced repeated icon extraction.

Performance improvements extend to the SandMan GUI itself. Several internal caching changes reduce unnecessary icon loading and repeated system queries, lowering constant CPU usage in the interface. Network connectivity checks used by the updater have been throttled and cached to avoid unnecessary system registry queries and network attempts when the system is offline.

Additional improvements include a Windows 11 MIDI compatibility template contributed by the community, improved sandbox duplication behavior that preserves aliases and group assignments correctly, and refinements to sandbox border rendering and tray list scaling at high DPI.

Because this release fixes multiple security issues affecting both the service interface and configuration protection mechanisms, all users are strongly advised to update to Sandboxie-Plus 1.17.3 / 5.72.3 as soon as possible.

For a full list of changes please review the change log.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.3

For years Android had one major advantage over iOS: freedom.

Users could install apps from anywhere — the Play Store, alternative stores, open-source repositories like F-Droid, or simply by downloading an APK and installing it.

That freedom is now under threat.

Google is introducing a Developer Verification program that could require developers to register with Google in order for their apps to install on Android devices — even if those apps are not distributed through Google Play.

Many developers and open-source organizations see this as a serious problem. If Google can decide which developers are “verified”, then sideloading and independent app distribution could effectively disappear.

Projects like F-Droid warn that this could fundamentally change Android from an open platform into something much closer to a walled garden.

A coalition of developers and digital rights organizations has published an open letter asking Google to stop this change and keep Android open.

You can read it here:

https://keepandroidopen.org/open-letter/

F-Droid also explains the issue here:

https://f-droid.org/en/2026/02/24/open-letter-opposing-developer-verification.html

Even though my own software currently targets Windows, platform openness matters for the entire software ecosystem. Once companies gain full control over what software can run on a device, that control tends to expand rather than shrink.

If you care about keeping Android open, consider reading the open letter and signing the petition.

👉 https://c.org/vx6wWBC8tL

MajorPrivacy version 0.99.7 focuses on stability improvements, architectural refinements, and significant progress toward a more complete volume management workflow. This release resolves several issues affecting reliability and configuration handling, while also introducing major new functionality for encrypted volume management and modernizing internal communication between the graphical interface and the system service.

A number of stability problems have been addressed in this update. A restart loop condition that could occur under certain circumstances has been fixed, improving overall service robustness. Configuration handling has been corrected so that discarding configuration changes now properly restores and applies service option states as expected. Program entries associated with currently running processes are now protected from deletion to prevent inconsistent states, and issues encountered when unmounting volumes have been resolved to ensure clean and predictable operation.

Internally, communication between the GUI and the service has been redesigned to use ALPC ports instead of named pipes. This change improves reliability and aligns the architecture more closely with native Windows interprocess communication mechanisms, reducing overhead while providing a more secure and structured messaging model.

This release also introduces several major functional additions centered around volume management. The previous quick volume creation dialog has been replaced with a full-featured volume creation wizard, providing a clearer workflow and better guidance through the setup process. Support for backing up and restoring volume headers has been added, allowing users to safeguard critical metadata and recover volumes more easily in case of corruption or configuration mistakes. Volume password processing now supports the Argon2id key derivation function, offering stronger resistance against modern password-guessing attacks. Additionally, the GUI now includes an option to expand existing volumes, enabling more flexible storage management directly from the interface.

Overall, version 0.99.7 represents an important step toward feature completeness and improved operational reliability, while laying architectural groundwork for future enhancements.

Download: https://github.com/xanasoft/MajorPrivacy/releases/download/v0.99.7/MajorPrivacy-v0.99.7.exe

Sandboxie-Plus 1.17.0 delivers significantly improved compatibility for UWP applications and App Compartment boxes, alongside usability enhancements and important stability fixes.

This version substantially improves the experimental UWP support across multiple layers of the architecture. A failure to mount the registry when launching UWP applications inside a sandbox has been resolved, restoring reliable startup behavior for modern Windows apps. Token handling has been refined to eliminate incompatibilities with the UWP security model, CopyTokenAttributes=y is now automatically applied to ensure correct attribute propagation required by UWP processes. To provide consistent behavior, SandboxieAllGroup=y is now the default, effectively standardizing the UseCreateToken=y code path, reducing dependency on undocumented kernel functions.

IPC handling in App Compartment type boxes has been further improved to increase reliability and compatibility with App Container based isolation. This fixes Microsoft Edge 144 crashes in Application Compartment Boxes. Furthermore, a new UseAlternateIpcNaming=y mode replaces the use of a separate NT object namespace by appending a suffix to sandboxed object names, instead of using an entirely separated object directory structure. This mode is restricted to App Compartment boxes, as for regular box types the object paths would otherwise be blocked by the driver.

User-facing transparency and workflow have been enhanced. Sandboxed windows now display the sandbox name directly in the border, and a new border mode ensures that the border is shown for every window belonging to sandboxed processes, not only the one currently in focus. Sandboxie service applications now include dedicated icons for clearer identification.

Isolation control has been extended, a new global option, ForceBoxDocs=y, allows administrators to force any program opening a file from a boxed path to start inside the corresponding sandbox, strengthening document-origin enforcement.

The SandMan UI can now export and import multiple sandboxes in a single operation, simplifying migration and backup procedures. Configuration handling has been improved as well, RenameSection processing now preserves original comments and section order, ensuring configuration files remain structurally clean and maintainable after modifications.

Several additional stability issues have been addressed. The CryptUnprotectData hook no longer returns an incorrect data description string. A handle leak in SbieDll.dll has been eliminated. Switching sandbox sorting in the user interface now behaves correctly. A crash in the file search bar triggered by performing multiple searches within a sandbox has also been resolved.

Overall, this release delivers materially improved UWP and App Compartment reliability, refined token handling semantics, updated Windows compatibility data, and a range of quality-of-life and stability enhancements.

Hotfix 1.17.1 fiexes a Windows 10 incompatybility

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.1

DiskCryptor version 1.4.1 (build 850.118.206) introduces a number of significant improvements to the EFI bootloader, Secure Boot integration, and command-line tooling. This release continues the ongoing effort to modernize DiskCryptor’s pre-boot environment and to improve compatibility with current firmware, storage, and platform configurations.

The command-line tool dccon has been extended with new functionality for EFI-based deployments. Two new commands, -mkefipxe and -mkefiiso, allow the creation of EFI-bootable PXE images and ISO files directly from DiskCryptor tooling, simplifying network boot and installation workflows. In addition, a new -efi menu has been introduced, providing the ability to list, query, and modify EFI variables from within DiskCryptor, consolidating EFI-related functionality in a single, consistent interface. As part of this reorganization, the existing -sb_info functionality has been moved from the -boot menu to the new -efi menu, where it more logically belongs.

Secure Boot support has been further expanded. A new -mok menu has been added to manage the Machine Owner Key (MOK) list used by the Secure Boot shim, closely mirroring the behavior and feature set of the Linux mokutil tool. This enables direct inspection and management of MOK entries without leaving the DiskCryptor environment. In parallel, an ARM64 shim loader has been added, extending Secure Boot support to ARM64 systems and improving DiskCryptor’s viability on modern non-x86 platforms.

On the storage side, the EFI bootloader now includes native support for 4K sector disks. This improves compatibility with modern storage devices that expose 4Kn sector layouts and avoids reliance on 512-byte sector emulation. Several boot- and Secure-Boot-related issues have also been addressed. A spurious Secure Boot warning that could appear when encrypting non-boot volumes has been fixed, and the bootloader has been corrected to properly handle encrypted partitions that were created using a format operation rather than the encrypt workflow.

Overall, this release focuses on strengthening DiskCryptor’s EFI and Secure Boot capabilities, improving hardware compatibility, and providing more powerful and coherent tooling for advanced deployment scenarios.

Download: https://github.com/DiskCryptor/DiskCryptor/releases/tag/v1.4.1

DiskCryptor 1.4.0 is a major release focused on modern platform support, boot infrastructure improvements, and long-term maintainability. This version updates the core driver toolchain to Visual Studio 2022 and aligns the EFI bootloader with the current edk2-stable202511 baseline, ensuring compatibility with modern Windows, UEFI firmware, and contemporary build environments. Legacy 32-bit operating system support has been removed, while ARM64 support has been added to the driver and introduced experimentally for the DCS EFI bootloader, significantly broadening the range of supported hardware.

A key architectural change in this release is the separation of the EFI bootloader files from the main binary. EFI components are now distributed as architecture-specific DcsPkg_[ARCH] packages, either provided as ZIP archives or consumed directly from an existing folder. This makes the boot chain more transparent, easier to audit, and simpler to integrate into custom deployment workflows. Boot data handoff between the EFI bootloader and the driver has also been improved, increasing robustness during early boot.

Secure Boot is now explicitly supported as an optional configuration. DiskCryptor can be used in Secure Boot environments via a separate Secure Boot package that leverages a Debian shim and MOK Key. The software actively verifies whether the bootloader is properly signed and will prevent setup if Secure Boot is enabled but an unsigned loader is detected. This design keeps the default installation path straightforward while offering a standards-compliant Secure Boot solution for users and environments that require it. Additional tooling has been added to inspect Secure Boot state and configuration, and bootloader management from the GUI has been refined, including reliable EFI installation behavior and safer handling of boot manager replacement and restoration.

This release also substantially expands deployment and recovery options. The EFI bootloader can now generate fully bootable EFI ISO images, enabling optical media or virtual media boot without external tooling. PXE boot support has been added, allowing DiskCryptor to be used in network-booted scenarios such as data centers, labs, and automated recovery environments. Offline installation and removal support has been extended to mounted WinPE and install images, making it possible to integrate DiskCryptor directly into deployment pipelines.

Several long-standing issues have been resolved, including a regression affecting MBR encryption in earlier versions. New maintenance commands have been added for managing Microsoft bootloader replacement states, and unused first-boot EFI behavior has been removed to streamline startup.

Overall, DiskCryptor 1.4.0 represents a significant step forward, modernizing the codebase, improving boot and deployment flexibility, and introducing optional Secure Boot support without compromising transparency or control.

Download: https://github.com/DiskCryptor/DiskCryptor/releases/tag/v1.4.0

This release of Sandboxie Plus focuses on stability, compatibility, and overall robustness across a wide range of real-world use cases. Several long-standing and high-impact issues have been resolved, particularly affecting popular applications such as web browsers, email clients, and Microsoft Office, resulting in a smoother and more reliable sandboxing experience.

Application compatibility has been significantly improved. Issues affecting recent versions of Thunderbird have been fixed, Firefox no longer triggers AppModel-Runtime errors in the Windows Event Viewer when run inside a sandbox, and Tor Browser is now stable even when operated at the highest security level. Problems specific to portable and sandboxed browser scenarios were also addressed, including a long-standing issue where Chrome Portable tooltips could become stuck.

System-level stability has been strengthened as well. A critical blue-screen crash in the Sandboxie driver under high GPU process creation load on Windows Server 2022 has been resolved, and crashes that prevented Microsoft Word from functioning correctly due to failures in OfficeClickToRun.exe have been fixed. In addition, Sandboxie now handles software lifecycle operations more efficiently, eliminating prolonged delays when uninstalling or removing applications that were installed exclusively within a sandbox.

Overall, this release prioritizes reliability and correctness in high-security and high-load environments, making Sandboxie Plus safer and more dependable for everyday use as well as professional and server-side deployments.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.9

MajorPrivacy 0.99.6 focuses on usability refinements, visibility improvements, and further hardening of core protection mechanisms, alongside several important fixes across all supported architectures.

This release introduces a significantly improved traffic view that now groups entries by primary domain, making network activity easier to interpret at a glance. The program view now persists the primary filter across sessions, reducing repetitive setup during daily use. The access view gains a new status filter, and the global view can optionally display private entries, giving advanced users finer control over what is visible. An extended program information panel has also been added, providing more contextual details without requiring navigation to separate views.

Internally, process map handling has been improved for greater robustness and accuracy, and overall process protection has been further strengthened. The online updater has been reworked to improve reliability and maintainability. In the program view, the cleanup button has been merged with the refresh action to simplify the interface and reduce redundancy.

Several issues have been resolved in this version. A critical crash affecting driver-based process protection on ARM64 systems when interacting with non-native binaries has been fixed. Audio handling for protected processes has been corrected, addressing a long-standing issue. Additionally, file search functionality in the access view window now works as intended.

As part of ongoing UI cleanup, the socket filter button has been removed from the program view. Its functionality is now covered by the Recent Traffic Filter, which includes an “or has sockets” option, providing the same capability in a more consistent way.

Overall, version 0.99.6 continues to polish MajorPrivacy ahead of a stable release, with clearer views, more persistent workflows, and improved stability across platforms.

Download: https://github.com/xanasoft/MajorPrivacy/releases/tag/v0.99.6

TaskExplorer 1.7.1 is a focused maintenance and refinement release that further improves update handling, stability, and process protection. This version introduces a new Sandboxie-style online updater, allowing TaskExplorer to check for and apply updates directly, simplifying maintenance and keeping installations current with minimal user effort.

Several internal behaviors have been refined. The “Reset all Panels” function has been improved to behave more consistently and predictably across complex layouts. Process protection in the KSI driver has also been tightened further; in this release it is intentionally more strict than the protection model used by KSystemInformer. If this increased strictness prevents you from reaching a high security level in your environment, feedback is explicitly requested so the behavior can be evaluated and adjusted if necessary.

An issue where newly downloaded DynData was not applied until after a restart has been resolved, ensuring that updated dynamic data takes effect immediately. Overall, 1.7.1 builds on the 1.7.0 foundation with practical improvements aimed at robustness, security, and smoother day-to-day use.

Download: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v1.7.1

TaskExplorer 1.7.0 introduces one of the most substantial upgrades the application has received in years, modernizing the UI stack, improving driver robustness, expanding cross-architecture compatibility, and adding many new capabilities.
This version replaces the previous helper-process architecture with the newly introduced TaskHelper.exe, which now acts as the dedicated worker and service component. By offloading these responsibilities from TaskExplorer.exe itself, overall stability and responsiveness during privileged operations are significantly improved.

A major focus of this release is the KernelIsolator (KSI) driver. The process-protection logic has been thoroughly redesigned and no longer depends on DynData. This architectural improvement allows a large portion of the driver’s security features to operate even without up-to-date symbol information, increasing reliability across different Windows builds. Additionally, ARM64 compatibility issues that previously caused crashes in the protection layer have been resolved.

The user interface has undergone a notable modernization. TaskExplorer now uses Qt 6.8.3 together with Windows 7 compatibility patches, and the settings interface has been redesigned with sidebar-based navigation and icons instead of simple tabs. DPI scaling options have been added so the application renders correctly on displays of any density. The QWT graphing library has been upgraded to version 6.3, bringing smoother and more reliable charting.

Many new data columns and inspection tools have been added throughout the application. Memory view now includes an “original pages” column. Thread inspection provides the actual base priority, RPC usage, COM flags, and LXSS thread ID. Processes can now display CPU affinity and LXSS PID. Module view shows enclave information such as base address, size, and enclave type. A new window-finder tool allows users to drag a target onto any window to immediately locate its owning process, and the service view now provides a direct “open process” action.

Several behavioral improvements streamline navigation: the handle, module, and memory search windows now allow you to open the corresponding owning process simply by double-clicking a result. Additional security-related metadata has been added to the handle viewer, which has also been moved into its own dedicated section. The “run as” subsystem has been updated for better reliability.

Multiple bugs have been corrected, including a long-standing crash in the handle view, incorrect coloring of token privileges, ARM64 driver protection failures, and a corruption issue in the internal socket-list structures that was causing a memory leak.

With this release, support for 32-bit Windows has been removed, allowing development to focus on modern 64-bit platforms and ensuring the long-term maintainability of the driver and UI codebase.

TaskExplorer 1.7.0 is a major milestone that improves stability, security, performance, and usability across all supported systems, while laying the groundwork for future enhancements.

Download: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v1.7.0