Sandboxie Plus 1.17.8 / Sandboxie 5.72.8 is now available with a collection of compatibility improvements, stability fixes, and quality-of-life enhancements.

This release introduces a new configuration option, DisableCustomTitleOpt, which gives users finer control over Sandboxie’s window title marking behavior. In the past, Sandboxie intentionally avoided adding its sandbox indicators to certain applications that use heavily customized title bars, such as those built with Delphi VCL, Qt, or Electron, because doing so could trigger excessive Desktop Window Manager repaints and high CPU usage. With the new option, advanced users can selectively re-enable title markers for these applications when desired.

The bundled ImDisk driver has also been updated to version 3.0.2, bringing the latest improvements and fixes from the upstream project.

Several issues reported by the community have been addressed in this build. Logging has been refined to suppress entries related to expected non-user security identifiers, helping reduce unnecessary noise in the trace logs. A problem affecting the "Run as Administrator" functionality, which could result in SBIE2218 and SBIE2219 service errors, has been corrected. In addition, a compatibility issue that could cause Windows Explorer to crash inside an Application Compartment environment when Huorong Security software was installed has been resolved.

For a full list of changes please review the change log.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.8

Over the last months I've been working on what will eventually become DiskCryptor 2.0, and I wanted to share some of the larger changes currently under development and gather feedback before the release.

The biggest addition is undoubtedly TPM support. The goal is to allow volumes to be protected using hardware-backed secrets while still preserving DiskCryptor's traditional flexibility. TPM-backed unlocking will be available through the EFI boot components and can be combined with other authentication methods depending on the deployment scenario.

Another major area of work is a completely new Volume Header format. One of the long-standing limitations of the current format is that a volume can only be associated with a single set of credentials. The new design introduces key slots, allowing multiple independent passwords and keyfiles to unlock the same volume. This enables recovery passwords, multiple users, staged credential migration, and many other workflows that were previously difficult or impossible to implement cleanly.

To improve password-based security, the new format also introduces support for Argon2id. While strong passwords remain the best defense, Argon2id significantly increases the cost of brute-force attacks by requiring substantial memory in addition to CPU resources. This provides much stronger protection against modern GPU-accelerated cracking attacks than the legacy approaches used by many older disk encryption products.

Keyfiles are also receiving a substantial overhaul. The current implementation works, but there is considerable room for improvement. DiskCryptor 2.0 introduces a new mechanism for combining key material from multiple sources and adds support for Virtual Keyfiles, making it easier to use secrets stored in password managers or other external tools without having to manage physical key files on disk.

Reliability and recoverability have also been a major focus. One noteworthy addition is an optional header backup stored at the end of the partition, providing a built-in recovery mechanism in case the primary header becomes damaged or corrupted.

Beyond the security-related changes, there is a long list of improvements throughout the project:

• SSD-aware encryption and decryption that can skip unused sectors.

• Optional protection against accidental writes to RAW volumes.

• Faster boot-time mounting by avoiding redundant key derivation operations.

• Better support for touch-screen devices in the EFI boot environment.

• Improvements to in-place volume encryption.

• Numerous fixes for volume resizing, relocation handling, 4K-sector disks, race conditions, deadlocks, and general stability issues.

• Various UI improvements and quality-of-life features.

While there is still work left before DiskCryptor 2.0 is ready for release, the core architecture is taking shape and many of the major features are already implemented.

I'd be interested in hearing what existing DiskCryptor users think about these changes. In particular:

• Are there any TPM-related workflows you would like to see supported?

• Do you have use cases for multiple passwords or recovery credentials on the same volume?

• Are there shortcomings in the current keyfile system that you would like addressed?

• Are there other long-standing DiskCryptor limitations that should be tackled as part of the 2.0 cycle?

As always, feedback is welcome and may help shape the final release.

This release focuses on stability and usability improvements. A new global option for ForceBoxDocs has been added under Program Control > Force Process Options, making it easier to configure forced document handling without editing the INI file manually.

The INI editor and completion system have received several improvements, including better context-aware suggestions, improved key resolution, more accurate matching, and better tooltip behavior. Rich text input has also been disabled in the "Edit INI Section" dialog to prevent formatting issues.

Several bugs have been fixed in this release. Most notably, a compatibility issue that could cause VMware guests running inside a sandbox to crash has been resolved. Problems affecting addon installation, encrypted sandbox imports, Data Protection sandboxes causing PowerShell to hang, folder enumeration and deletion, and black box import/export when SandMan is not running elevated have also been addressed. Additionally, improvements to short-name path handling and completion matching further enhance reliability and overall user experience.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.7

MajorPrivacy continues to evolve with a strong focus on usability, security, and system integration. This update introduces a new secure desktop password prompt option, allowing password dialogs to be displayed on the isolated secure desktop for improved protection against spoofing and input interception. Protection for the application's own installation folder has also been added, helping prevent tampering with MajorPrivacy files and components. Password handling throughout the application has been reworked and improved to ensure more secure processing and storage of sensitive credentials. In addition, a new option has been added to display the computer name directly in the main window and notification window title bars, which is particularly useful when managing multiple systems or remote sessions.

This release also includes several important fixes and reliability improvements. Minor UI glitches have been resolved, improving overall visual consistency and responsiveness. An issue that could cause previously removed programs to reappear after a restart due to outdated records has been fixed, ensuring cleaner and more reliable configuration handling. The installer has also received fixes to address several setup-related issues and improve the installation experience overall.

Download: https://github.com/xanasoft/MajorPrivacy/releases/tag/v0.99.10

Sandboxie-Plus version 1.17.6 / 5.72.6 introduces a number of usability improvements, compatibility fixes, and refinements to box portability and management. The main application window will now clearly indicate when Sandboxie-Plus is running with elevated privileges by appending “(Administrator)” to the window title, helping users more easily distinguish between elevated and non-elevated sessions.

This release further improves the sandbox import and export workflow. The archive format has been revised to store sandbox configurations directly as BoxName.ini files using a [BoxName] section header, replacing the previous BoxName/BoxConfig.ini layout. The new format remains fully backward compatible, with imports supporting both the legacy and updated structures. In addition, the updated format is now fully aligned with the portable sandbox layout, allowing users to simply unpack an exported archive and immediately add the contained sandboxes as portable boxes without any additional conversion steps.

Several issues have also been addressed in this build. A problem affecting hook registration has been fixed, improving overall reliability and compatibility. Another important fix resolves excessive CPU usage caused by Desktop Window Manager (DWM) when running applications that use custom title bars, such as applications built with Delphi VCL, significantly reducing unnecessary system load in affected scenarios.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.6

Major Privacy version 0.99.9 introduces a range of reliability and usability improvements, with a particular focus on rule handling, configuration robustness, and protected process operation. This release adds a new user column to the access log, making it easier to identify which account initiated a given operation and improving visibility when analyzing system activity across multiple users or services.

Several important issues have been resolved in this build. The driver/UI interaction has been improved to fix a problem where the UI process was sometimes not recognized as a protected process by the driver, which could lead to inconsistent behavior in certain situations. An issue causing user names in rules to not be properly saved and applied has also been fixed, ensuring user-specific policies now persist and function correctly. Additional work has been done to improve configuration recovery after failed boots, reducing the risk of corrupted or partially restored settings after abnormal shutdown scenarios. Furthermore, issues related to installed application path changes have been addressed, improving rule consistency and reducing maintenance when software is updated or relocated.

This release also updates the bundled ImDisk driver to the latest 3.0.1 version and includes further refinements to the volume view for a cleaner and more polished user experience.

Download: https://github.com/xanasoft/MajorPrivacy/releases/tag/v0.99.9

Sandboxie-Plus version 1.17.5 (and the corresponding classic build 5.72.5) resolves several regressions introduced in recent releases and improves compatibility with certain desktop and shell interactions.
This update adds a workaround for applications that request the default desktop object and previously triggered the SBIE2205 OpenDesktop warning, improving compatibility with software that expects direct access to the default desktop environment.
A regression since version 1.17.3 that prevented sandboxes from being renamed has been fixed. The issue, which produced a “The parameter is incorrect” error, was caused by multi-line configuration values being rejected by the new ContainsCRLF validation in CIniFile::AddValue. The user interface has also been corrected to automatically reselect the sandbox after a successful rename.
Tray icons from sandboxed applications are now displayed correctly when OpenWinClass=* is used. This is achieved by proxying Shell_NotifyIcon calls so the icons are properly registered with the host shell. The behavior is enabled by default and can be controlled with the UseShellNotifyIconProxy option, which supports process and !process selectors.
Finally, window border handling has been improved when applications toggle the WS_EX_TOPMOST style. Sandboxie now tracks topmost state changes and adjusts window ordering accordingly to maintain correct border visibility and z-order.

For a full list of changes please review the change log.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.5

TaskExplorer 1.8.0 introduces several maintenance updates and fixes aimed at improving stability and compatibility across systems. The integrated PHlib library has been updated to version 4.0.26115, bringing the project in line with the latest improvements from the underlying System Informer components and ensuring better reliability when interacting with modern Windows builds.

This release also resolves a startup crash that affected some systems, improving overall application stability during initialization. In addition, an issue where job object names were not displayed correctly has been corrected, restoring proper visibility of job object information in the interface. Another crash condition triggered when clicking the SYSTEM_IDLE_PROCESS_ID entry has been fixed as well (issue #116).

A notable change in this release concerns the software signing pipeline. Not only is the kernel driver now signed by Microsoft as before, but all executable and dynamic library files, as well as the installer itself, are now additionally signed using our EV code signing certificate. This ensures stronger authenticity guarantees and improves trust signals in Windows security mechanisms such as SmartScreen.

Overall, version 1.8.0 focuses on improving robustness and strengthening the security and distribution integrity of TaskExplorer.

Download: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v1.8.0

MajorPrivacy version 0.99.8 introduces several improvements to volume management, cryptography, and scripting capabilities, while also aligning the platform more closely with the upcoming DiskCryptor 2.0 architecture.

The volume creation workflow has been enhanced with a password strength estimation feature, helping users choose more robust passwords when creating encrypted volumes. In addition, the interface now displays detailed cryptographic information for volumes, making it easier to understand the algorithms and parameters in use. Support for Argon2id has been extended so that User Key Passwords can now use Argon2id as their key derivation function, and the password protecting a user key can now be changed independently without replacing the user key itself. This allows credentials to be rotated without disrupting existing key material.

The scripting subsystem has also been improved so that scripts can persist state across invocations. This enables more complex automation scenarios where decisions can depend on information gathered during earlier executions.

Internally, the Argon2id implementation has been reworked to match the design used in DiskCryptor 2.0, ensuring long-term consistency between the two projects. As part of this change, older volumes that were created using the previous Argon2id implementation can still be mounted for the time being, but this compatibility path will be removed in the future. Users with such volumes are advised to use the password change functionality to migrate them to the updated KDF scheme.

MajorPrivacy now also adopts the DiskCryptor 2.0 volume header format. Volumes using the older 1.x header format remain fully compatible and can continue to be mounted without modification.

This release also resolves an issue affecting the application of serial keys and fixes a problem that could occur when clearing a user key.

Download: https://github.com/xanasoft/MajorPrivacy/releases/tag/v0.99.8

Sandboxie-Plus 1.17.4 / 5.72.4 introduces several improvements focused on compatibility, security, and overall stability. This update adds new controls for handling local loopback communication with the introduction of the BlockLocalLoop=y option, allowing users to explicitly block applications running inside a sandbox from connecting to services on the host through the local loopback interface.

To improve compatibility with modern desktop frameworks, Sandboxie-Plus now includes automatic detection of Electron-based applications. The primary heuristic runs early and is enabled by default, automatically applying the appropriate handling for Electron programs; it can be disabled with UseElectronDetection=n if required. In cases where this early heuristic fails or has been disabled, a secondary detection mechanism may later determine that the application is Electron-based after startup. Because this happens too late to apply the automatic workaround, Sandboxie-Plus will display the new SBIE2189 message to inform the user and provide troubleshooting guidance, suggesting the configuration option SpecialImage=chrome,program.exe for the affected application.

Hardware information protection has also been refined and can now be configured on a per-process basis, providing more granular control for users who need to selectively expose or restrict hardware identifiers to specific applications. Additionally, the driver now performs certificate verification using UTC time instead of local system time, preventing issues caused by incorrect local clock settings and ensuring consistent validation behavior.

A number of reliability problems have been resolved in this release. An issue affecting volatile configuration updates has been corrected, and a missing WaitServiceState call has been added to address cases where LINE failed to launch with a NO_SIGNATURE error. Stability improvements include fixing a race condition that could lead to a system crash during driver unload, correcting the verification logic used by Key_MergeSubkeys, and resolving a problem in Application Compartment mode related to File_WaitNamedPipe. Additional fixes address an IPC synchronization issue where Ipc_Handles_CritSec was not properly released when NtQueryDirectoryObject failed, as well as a bug that caused user interfaces of WebView2 applications built with Tauri to become unresponsive inside the sandbox.

As part of ongoing cleanup, the deprecated configuration option UseElectronWorkaround=y has been removed, as the new Electron detection mechanism supersedes the previous workaround. Overall, this release improves compatibility with modern application frameworks, strengthens certificate validation behavior, and resolves several stability issues, making it a recommended update for all Sandboxie-Plus users.

For a full list of changes please review the change log.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.4