Locked Sandboxie 5.46.1 / Sandboxie Plus 0.5.4 - Hotfix

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Sandboxie
Sandboxie is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the windows registry. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.

Hotfix Changelog

Added

    added "RunServiceAsSystem=..." allows specific named services to be ran as system

Changed

    refactored some code around SCM access

Fixed

    fixed a crash issue in SbieSvc.exe introduced with the last build
    fixed issue with sandman ui update check

Removed

    removed "ProtectRpcSs=y" due to incompatybility with new isolation defaults

Release Changelog
Added

    Sandboxie now strips particularly problematic privileges from sandboxed system tokens
    -- with those a process could atempt to bypass the sandbox isolation (thanks Diversenok)
    -- old legacy behavior can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended)
    added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
    -- those resources are open by default but for a hardened box its desired to close them
    added print spooler filter to prevent printers from being set up outside the sandbox
    -- the filter can be disabled with "OpenPrintSpooler=y"
    added overwrite prompt when recovering an already existing file
    added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
    added more compatybility templates (thanks isaak654)

Changed

    Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system
    -- use "RunServicesAsSystem=y" to enable the old legacy behavior
    -- Note: sandboxed services with a system token are still sandboxed and restricted
    -- However not granting them a system token in the first place removes possible exploit vectors
    -- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence!
    Reworked dynamic IPC port handling
    Improved Resource Monitor status strings

Fixed

    fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
    fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
    fixed issue with ipc tracing
    fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
    -- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y"
    fixed hooking issues SBIE2303 with chrome, edge and possibly others
    fixed failed check for running processes when performing snapshot operations
    fixed some box option checkboxes were not properly initialized
    fixed unavailable options are not properly disabled when sandman is not connected to the driver
    fixed MSI instalelr issue, not being able to create "C:\Config.Msi" folder on windows 20H2
    added missing localization to generic list commands
    fixed issue with "iconcache_*" when runngin sandboxed explorer
    fixed more issues with groups

This is the hidden content, please

• Sign In
• or
• Sign Up