Sandboxie-Plus 1.15.0 Released

This build of Sandboxie Plus version 1.15.0 introduces several impactful enhancements, focusing on user-specific operations and security improvements. A notable addition is the new user proxy mechanism, which enables user-specific operations, as well as support for Encrypting File System (EFS) through the user proxy. By adding the configuration ‘EnableEFS=y’ to the sandbox, users can now leverage EFS within the sandbox environment. Furthermore, a breakout document feature has been implemented, allowing users to specify certain file paths and extensions that can escape the sandbox. However, users are warned to avoid paths terminated with wildcards as they may open up security vulnerabilities, enabling the execution of malicious scripts outside of the sandbox.

In terms of security, a new mechanism has been added to restrict access to box folders, allowing only the user who created the folder to access it by setting ‘LockBoxToUser=y’. Additionally, users now have the option to retain the original Access Control Lists (ACLs) on sandboxed files or modify them, providing more flexibility in access management, this may introduce compatibility issues though. Another new feature is the ‘OpenWPADEndpoint=y’ option, which allows to open system proxy configuration access. On the technical side, improvements have been made to the startup processes for SandboxieCrypto and Sandboxed RPCSS, as well as refinements to the user interface controls.

These updates mark a significant step forward in both the security and functionality of Sandboxie Plus.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.15.0

Added

  • added new user proxy mechanism to enable user specific operations

  • added Support for EFS using the user proxy #1980

    • to enable add ‘EnableEFS=y’ to the sandbox config

  • added break out document functionality #2741

    • use a syntax like this ‘BreakoutDocument=C:path*.txt’ to specify path and extension

    • Security Warning: do not use paths terminated with a wild card like ‘BreakoutDocument=C:path*’ as thay will allow for executeion ot maliciouse scripts outside teh sandbox!!!

  • added mechanism to set set box folder ACLs to allow only the creating user access ‘LockBoxToUser=y’

  • added option to keep original ACLs on sandboxed files ‘UseOriginalACLs=y’

  • added option ‘OpenWPADEndpoint=y’ #4292

Fixed

  • fixed ImDiskApp uninstall key is always written to the registry #4282

Changed

  • improved SandboxieCrypto startup

  • improved Sandboxed RPCSS startup

  • Set tab orders and buddies of UI controls #4300 (thanks gexgd0419)