Search the Community

Why should I download DoNotSpy11? DoNotSpy11 empowers you to protect your privacy on Windows 10 and Windows 11. Supports Windows 10 up to Windows 10 21H2 (19044) Supports Windows 11 up to Windows 11 22H2 (22621) Available in English, French (translated by Deadbox1) and German Lets you manage settings regarding: Advertising, Apps, Defender, Edge, Office, Privacy, Search, Start, Updates Clean and simple user interface DoNotSpy11 Changelog Version 1.0.0.0 (24/05/2022) initial release based on DoNotSpy10 5.3.0.0 General: Added Support for Windows 11 22H2 (22621) General: Added Support for Windows 11 21H2 (22000) General: Added Support for Windows 10 21H2 (19044) General: Added Support for Microsoft Office General: Urls in tweak descriptions can be clicked Bugfix: Tweaks were not saved if user chose to enable system restore Tweak added: Advertising: Disable “Meet Now” (from build 19043) Tweak added: Advertising: Disable News and Interests (from build 19044) Tweak added: Apps: Prevent Apps From Taking Screenshots (from build 19044) Tweak added: Apps: Disable App Access to Downloads Folder (Windows 11) Tweak added: Apps: Disable App Access to Music Library (Windows 11) Tweak added: Apps: Disable Screenshot Border Settings (Windows 11) Tweak added: Privacy: Disable Cloud Consumer Account State Content (Windows 11) Tweak added: Privacy: Disable OneSettings Downloads (Windows 11) Tweak added: Privacy: Disable Widgets (Windows 11) Tweak added: Privacy: Limit Diagnostic Log Collection (Windows 11) Tweak added: Privacy: Limit Dump Collection (Windows 11) Tweak added: Privacy: Turn off Microsoft Consumer Experiences (Windows 10) Tweak added: Office: Disable First Run Movie Tweak added: Office: Disable Customer Experience Improvement Program Tweak added: Office: Disable Feedback Tweak added: Office: Disable Sending Personal Information Tweak added: Office: Disable Telemetry Tweak added: Office: Disable Connected Experiences That Analyze Content Tweak added: Office: Disable Connected Experiences That Download Online Content Tweak added: Office: Disable Additional Optional Connected Experiences Tweak added: Office: Disable In-Product Surveys Tweak added: Office: Block Signing Into Office Tweak added: Office: Disable LinkedIn Features Tweak added: Search: Disable Highlights (from build 22572) Tweak added: Apps: Disable Location Override (from build 22572) Tweak added: Privacy: Disable Windows Spotlight on Desktop Tweak added: Privacy: Disable Display of office.com Files in Explorer (from build 22572) Tweak updated: Privacy: Disable Facts, Tips, Ticks and More on your Lock Screen [hide][Hidden Content]]

Version 1.0.0 is here and brings a lot of new major features, hence its a pre release, test it and expect new bugs as well, at least in the new features. I expect the final being 1.1.0 or so The first major feature is Privacy Mode, here most of the PC is set to be treated like a Write[File/Key]Path meaning the sandbox locations are writable but the unsandboxed locations are not readable. The Hard disk appears empty except for C:\Windows and C:\Program Files and the registry only allows reading of the machine but not user root keys. This way sandboxed processes can work but can not access private user data. To make this mode useful an other feature has been implemented called “Rule Specificity” it can be enabled independently but is always enabled in Privacy enhanced boxes. It allows to specify rules to override other rules, this is not based on specifying an order or priority, but instead by measuring how specific a rule is and always attributing the highest priority to the most specific rule. Here the specificity is measures by the path length that matches the rule, except the last wildcard. So for example the built in privacy rules plus a custom one OpenFilePath=%AppData%\Mozilla\Firefox\Profiles* NormalFilePath=C:\Program Files* NormalFilePath=C:\Windows* WriteFilePath=C:* Here the rules are ordered by their specificity. Also there is a new type Normal[File/Key/Ipc]Path which defines a default sandbox behavior for a path. The next major feature is "App Compartment" mode "NoSecurityIsolation=y", this is a new mode of operation which disables the token based security isolation, which brings the security down to the level of other sand boxing solutions, but by doing so greatly improves compatibility. For all use cases where the goal is only compartmentalization, running multiple instances, etc, but not hard core security this mode is preferable as it should avoid many typical sandboxie issues caused by processes running with a heavily restricted token. In this mode file system and registry accesses are still being filtered to enforce the access rules, this filtering can be disabled with "NoSecurityFiltering=y" To ensure this “unsecure” mode is at least as secure as the sandboxing offered by other sandboxing products, a new object access filter was added that can be enabled with "EnableObjectFiltering=y" in the global settings. Added added Privacy enhanced mode, sandboxes with "UsePrivacyMode=y" will not allow read access to locations containing user data -- all locations except generic Windows system paths will need to be opened explicitly for read and/or write access -- using "NormalFilePath=...", "NormalKeyPath=...", "NormalIpcPath=..." allows to open locations to be readable and sandboxed added new "App Compartment" mode of operation, it's enabled by adding "NoSecurityIsolation=y" to the box configuration -- in this mode, security is traded in for compatibility, it should not be used for untrusted applications -- note: in this mode, file and registry filtering are still in place, hence processes run without administrative privileges -- it is reasonably safe, all filtering can be disabled with "NoSecurityFiltering=y" added experimental use of ObRegisterCallbacks to filter object creation and duplication -- this filtering is independent from the regular SbieDrv's syscall-based filtering, hence it also applies to App Compartments -- with it enabled, an application running in a compartment will not be able to manipulate processes running outside the sandbox -- Note: this feature improves the security of unisolated App Compartment boxes -- to enable this feature, set "EnableObjectFiltering=y" in the global section and reload the driver -- when globally activated, the filtering can be disabled for individual boxes with "DisableObjectFilter=y" added "DontOpenForBoxed=n", this option disables the discrimination of boxed processes for open file and open key directives -- this behaviour does not really improve security anyways, but may be annoying, also app compartments always disable this added setting to entirely open access to the COM infrastructure Changed reworked the resource access path matching mechanism to optionally apply more specific rules over less specific ones -- for example "OpenFilePath=C:\User\Me\AppData\Firefox takes precedence over "WriteFilePath=C:\User\Me" -- to enable this new behaviour, add "UseRuleSpecificity=y" to your Sandboxie.ini, this behaviour is always enabled in Privacy enhanced mode -- added "NormalFilePath=..." to restore default Sandboxie behaviour on a given path -- added "OpenConfPath=...", which similarly to "OpenPipePath=..." is a "OpenKeyPath=..." variant which applies to executables located in the sandbox removed option to copy a box during creation, instead the box context menu offers a duplication option reworked the box creation dialog to offer new box types Fixed fixed SBIE1401 notification during Sandboxie Plus uninstall (by mpheath) 68fa37d fixed memory leak in driver handling FLT_FILE_NAME_INFORMATION (by Therzok) #1371 [hide][Hidden Content]]