DiskCryptor v2.0.0

DiskCryptor 2.0 is the largest update to the project in many years and marks a major milestone in its development. This release introduces substantial improvements across virtually every part of the software, including modern cryptography, hardware-backed security, storage management, performance, reliability, and usability. As these changes affect core components throughout the project, Version 2.0.0 is being released initially as a pre-release to gather broad real-world testing and feedback before the next stable release.

A major addition is support for the Argon2id key derivation function, providing a modern, memory-hard alternative to the traditional KDFs for significantly improved resistance against password cracking attacks.

DiskCryptor now also supports optional TPM integration in the DCS bootloader, enabling hardware-backed protection and unattended system unlock configurations. Combined with optional Secure Boot support, this allows systems to take advantage of modern platform security features while maintaining DiskCryptor's flexible boot architecture. TPM and Secure Boot functionality require a DiskCryptor Pro Supporter Certificate, available from the [Xanasoft web shop]( https://xanasoft.com/shop/).

The DCS bootloader itself has received extensive improvements. A new pre-boot configuration menu allows changing selected settings directly from the password prompt without booting into Windows. USB keyfiles are now supported, making removable authentication media much easier to use, and touchscreen devices benefit from proper on-screen keyboard support. To simplify boot management, DiskCryptor can now be installed onto its own dedicated EFI System Partition instead of modifying the Windows EFI partition.

One of the most significant architectural changes is the introduction of the new Version 2 volume header format. The new variable-sized header supports independent key slots, allowing multiple passwords and keyfiles to unlock the same volume without sharing key material. A new header editor makes managing these headers straightforward, while an additional volume layout editor allows resizing headers, adding or removing backup headers, and modifying relocation areas after a volume has already been created.

Volume protection has also been enhanced through optional backup headers stored at the end of the partition, providing additional resilience against header corruption.

Performance has received several important improvements. Encryption and decryption can now skip unused sectors, significantly reducing processing time on SSDs and sparsely populated volumes. At the same time, the previous SSD chunking optimization has been removed, as testing has shown that it reduces performance on modern solid-state drives rather than improving it.

The internal volume transcription engine has been completely rearchitected into an asynchronous design. Besides improving responsiveness, this eliminates deadlocks that could occur on low-memory systems and resolves race conditions encountered while re-encrypting volumes.

Boot performance has also improved through a new "mount at boot" shortcut. The EFI bootloader now passes the derived header keys directly to the Windows driver, eliminating an unnecessary second key derivation during startup and noticeably reducing boot times when mounting encrypted system volumes.

Safety has been further strengthened with the addition of optional RAW volume protection. When enabled, DiskCryptor prevents writing to or formatting volumes that do not contain a recognized file system, helping protect encrypted or otherwise unknown storage from accidental modification or destruction. A new mechanism has also been added to automatically force encrypted volumes to dismount before the system enters hibernation.

Several usability improvements have been introduced throughout the application. A new status bar provides additional operational feedback, password caching can now be controlled directly from the menu, secure desktop password entry offers improved protection against desktop-level attacks, and virtual keyfiles simplify transferring high-entropy authentication material from password managers without requiring physical keyfiles.

The graphical interface has also been refined with a reorganized main menu and numerous workflow improvements, making both everyday operation and advanced volume management more intuitive. Dedicated TPM management functionality has been integrated into the GUI, making it easier to configure and maintain hardware-backed authentication.

Numerous reliability improvements and bug fixes are included as well. These include corrected sector calculations in the minifilter driver when resizing volumes on native 4 KB sector disks, fixes for drive list corruption while scrolling horizontally, improved handling of relocation areas, and many smaller fixes throughout the codebase that improve stability under demanding workloads.

With Version 2.0, DiskCryptor takes a significant step forward, combining modern cryptography, flexible key management, hardware-backed security, and a substantially enhanced storage architecture while preserving the lightweight design, flexibility, and compatibility that have always distinguished the project. As this release introduces extensive architectural changes across nearly every component, it is being published as a pre-release to gather broader testing and feedback before the next stable release.

Download: https://github.com/DiskCryptor/DiskCryptor/releases/tag/v2.0.0

MajorPrivacy v0.100.0

MajorPrivacy version 0.100.0 marks a major milestone on the road to the first stable release. With the feature set now largely complete, development is increasingly shifting from adding new capabilities toward refining the user experience, improving performance, and resolving remaining issues.

This release adds a user interface for configuring user-specific Windows Firewall rules, making it easier to manage per-user firewall policies directly from within MajorPrivacy.

The DNS subsystem has been reorganized and expanded. DNS cache monitoring can now be enabled or disabled independently, DNS-related options have been consolidated into the newly renamed DNS Inspector page, and application presets have been moved to their own dedicated configuration page for a cleaner and more intuitive interface.

Resource Access Control has also received several enhancements with additional advanced configuration options. To reduce log size and improve efficiency, when more than 1,000 items are accessed within the same tree level, the event tree now automatically collapses them into a single wildcard ("*") entry while preserving the relevant information.

This release also updates the integrated ImDisk driver to version 3.0.3 and includes a number of important fixes and optimizations. Several issues affecting firewall presets, the Rule Picker search dialog, delayed firewall event attribution, event broadcasting, and the handling of unapproved rule modifications and removals have been resolved. Additionally, driver performance during Code Integrity verification has been significantly improved, resulting in lower overhead and a more responsive system.

Download: https://github.com/xanasoft/MajorPrivacy/releases/tag/v0.100.0

Sandboxie-Plus Summer Sale -25%

Enjoy the summer with a special discount on Sandboxie-Plus supporter certificates!
Home and Personal supporter certificates are now 25% off for the next one and a half week.
Get your Sandboxie-Plus supporter certificate today to unlock advanced functionality and support ongoing development.
Take advantage of the Summer Sale - upgrade your Sandboxie-Plus experience now!
Do you want to visit the web shop: https://xanasoft.com/product-category/sandboxie/

Sandboxie-Plus v1.17.8

Sandboxie Plus 1.17.8 / Sandboxie 5.72.8 is now available with a collection of compatibility improvements, stability fixes, and quality-of-life enhancements.

This release introduces a new configuration option, DisableCustomTitleOpt, which gives users finer control over Sandboxie’s window title marking behavior. In the past, Sandboxie intentionally avoided adding its sandbox indicators to certain applications that use heavily customized title bars, such as those built with Delphi VCL, Qt, or Electron, because doing so could trigger excessive Desktop Window Manager repaints and high CPU usage. With the new option, advanced users can selectively re-enable title markers for these applications when desired.

The bundled ImDisk driver has also been updated to version 3.0.2, bringing the latest improvements and fixes from the upstream project.

Several issues reported by the community have been addressed in this build. Logging has been refined to suppress entries related to expected non-user security identifiers, helping reduce unnecessary noise in the trace logs. A problem affecting the "Run as Administrator" functionality, which could result in SBIE2218 and SBIE2219 service errors, has been corrected. In addition, a compatibility issue that could cause Windows Explorer to crash inside an Application Compartment environment when Huorong Security software was installed has been resolved.

For a full list of changes please review the change log.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.8

A First Look at the upcoming DiskCryptor 2.0

Over the last months I've been working on what will eventually become DiskCryptor 2.0, and I wanted to share some of the larger changes currently under development and gather feedback before the release.

The biggest addition is undoubtedly TPM support. The goal is to allow volumes to be protected using hardware-backed secrets while still preserving DiskCryptor's traditional flexibility. TPM-backed unlocking will be available through the EFI boot components and can be combined with other authentication methods depending on the deployment scenario.

Another major area of work is a completely new Volume Header format. One of the long-standing limitations of the current format is that a volume can only be associated with a single set of credentials. The new design introduces key slots, allowing multiple independent passwords and keyfiles to unlock the same volume. This enables recovery passwords, multiple users, staged credential migration, and many other workflows that were previously difficult or impossible to implement cleanly.

To improve password-based security, the new format also introduces support for Argon2id. While strong passwords remain the best defense, Argon2id significantly increases the cost of brute-force attacks by requiring substantial memory in addition to CPU resources. This provides much stronger protection against modern GPU-accelerated cracking attacks than the legacy approaches used by many older disk encryption products.

Keyfiles are also receiving a substantial overhaul. The current implementation works, but there is considerable room for improvement. DiskCryptor 2.0 introduces a new mechanism for combining key material from multiple sources and adds support for Virtual Keyfiles, making it easier to use secrets stored in password managers or other external tools without having to manage physical key files on disk.

Reliability and recoverability have also been a major focus. One noteworthy addition is an optional header backup stored at the end of the partition, providing a built-in recovery mechanism in case the primary header becomes damaged or corrupted.

Beyond the security-related changes, there is a long list of improvements throughout the project:

  • SSD-aware encryption and decryption that can skip unused sectors.

  • Optional protection against accidental writes to RAW volumes.

  • Faster boot-time mounting by avoiding redundant key derivation operations.

  • Better support for touch-screen devices in the EFI boot environment.

  • Improvements to in-place volume encryption.

  • Numerous fixes for volume resizing, relocation handling, 4K-sector disks, race conditions, deadlocks, and general stability issues.

  • Various UI improvements and quality-of-life features.

While there is still work left before DiskCryptor 2.0 is ready for release, the core architecture is taking shape and many of the major features are already implemented.

I'd be interested in hearing what existing DiskCryptor users think about these changes. In particular:

  • Are there any TPM-related workflows you would like to see supported?

  • Do you have use cases for multiple passwords or recovery credentials on the same volume?

  • Are there shortcomings in the current keyfile system that you would like addressed?

  • Are there other long-standing DiskCryptor limitations that should be tackled as part of the 2.0 cycle?

As always, feedback is welcome and may help shape the final release.

Sandboxie-Plus v1.17.7

This release focuses on stability and usability improvements. A new global option for ForceBoxDocs has been added under Program Control > Force Process Options, making it easier to configure forced document handling without editing the INI file manually.

The INI editor and completion system have received several improvements, including better context-aware suggestions, improved key resolution, more accurate matching, and better tooltip behavior. Rich text input has also been disabled in the "Edit INI Section" dialog to prevent formatting issues.

Several bugs have been fixed in this release. Most notably, a compatibility issue that could cause VMware guests running inside a sandbox to crash has been resolved. Problems affecting addon installation, encrypted sandbox imports, Data Protection sandboxes causing PowerShell to hang, folder enumeration and deletion, and black box import/export when SandMan is not running elevated have also been addressed. Additionally, improvements to short-name path handling and completion matching further enhance reliability and overall user experience.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.7

Major Privacy v0.99.10

MajorPrivacy continues to evolve with a strong focus on usability, security, and system integration. This update introduces a new secure desktop password prompt option, allowing password dialogs to be displayed on the isolated secure desktop for improved protection against spoofing and input interception. Protection for the application's own installation folder has also been added, helping prevent tampering with MajorPrivacy files and components. Password handling throughout the application has been reworked and improved to ensure more secure processing and storage of sensitive credentials. In addition, a new option has been added to display the computer name directly in the main window and notification window title bars, which is particularly useful when managing multiple systems or remote sessions.

This release also includes several important fixes and reliability improvements. Minor UI glitches have been resolved, improving overall visual consistency and responsiveness. An issue that could cause previously removed programs to reappear after a restart due to outdated records has been fixed, ensuring cleaner and more reliable configuration handling. The installer has also received fixes to address several setup-related issues and improve the installation experience overall.

Download: https://github.com/xanasoft/MajorPrivacy/releases/tag/v0.99.10

Sandboxie-Plus v1.17.6

Sandboxie-Plus version 1.17.6 / 5.72.6 introduces a number of usability improvements, compatibility fixes, and refinements to box portability and management. The main application window will now clearly indicate when Sandboxie-Plus is running with elevated privileges by appending “(Administrator)” to the window title, helping users more easily distinguish between elevated and non-elevated sessions.

This release further improves the sandbox import and export workflow. The archive format has been revised to store sandbox configurations directly as BoxName.ini files using a [BoxName] section header, replacing the previous BoxName/BoxConfig.ini layout. The new format remains fully backward compatible, with imports supporting both the legacy and updated structures. In addition, the updated format is now fully aligned with the portable sandbox layout, allowing users to simply unpack an exported archive and immediately add the contained sandboxes as portable boxes without any additional conversion steps.

Several issues have also been addressed in this build. A problem affecting hook registration has been fixed, improving overall reliability and compatibility. Another important fix resolves excessive CPU usage caused by Desktop Window Manager (DWM) when running applications that use custom title bars, such as applications built with Delphi VCL, significantly reducing unnecessary system load in affected scenarios.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.6

Major Privacy v0.99.9

Major Privacy version 0.99.9 introduces a range of reliability and usability improvements, with a particular focus on rule handling, configuration robustness, and protected process operation. This release adds a new user column to the access log, making it easier to identify which account initiated a given operation and improving visibility when analyzing system activity across multiple users or services.

Several important issues have been resolved in this build. The driver/UI interaction has been improved to fix a problem where the UI process was sometimes not recognized as a protected process by the driver, which could lead to inconsistent behavior in certain situations. An issue causing user names in rules to not be properly saved and applied has also been fixed, ensuring user-specific policies now persist and function correctly. Additional work has been done to improve configuration recovery after failed boots, reducing the risk of corrupted or partially restored settings after abnormal shutdown scenarios. Furthermore, issues related to installed application path changes have been addressed, improving rule consistency and reducing maintenance when software is updated or relocated.

This release also updates the bundled ImDisk driver to the latest 3.0.1 version and includes further refinements to the volume view for a cleaner and more polished user experience.

Download: https://github.com/xanasoft/MajorPrivacy/releases/tag/v0.99.9

Sandboxie-Plus v1.17.5

Sandboxie-Plus version 1.17.5 (and the corresponding classic build 5.72.5) resolves several regressions introduced in recent releases and improves compatibility with certain desktop and shell interactions.
This update adds a workaround for applications that request the default desktop object and previously triggered the SBIE2205 OpenDesktop warning, improving compatibility with software that expects direct access to the default desktop environment.
A regression since version 1.17.3 that prevented sandboxes from being renamed has been fixed. The issue, which produced a “The parameter is incorrect” error, was caused by multi-line configuration values being rejected by the new ContainsCRLF validation in CIniFile::AddValue. The user interface has also been corrected to automatically reselect the sandbox after a successful rename.
Tray icons from sandboxed applications are now displayed correctly when OpenWinClass=* is used. This is achieved by proxying Shell_NotifyIcon calls so the icons are properly registered with the host shell. The behavior is enabled by default and can be controlled with the UseShellNotifyIconProxy option, which supports process and !process selectors.
Finally, window border handling has been improved when applications toggle the WS_EX_TOPMOST style. Sandboxie now tracks topmost state changes and adjusts window ordering accordingly to maintain correct border visibility and z-order.

For a full list of changes please review the change log.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.5