Run programs in a sandbox to prevent malware from making permanent changes to your PC.
Sandboxie allows you to run your browser, or any other program, so that all changes that result from the usage are kept in a sandbox environment, which can then be deleted later.
Sandboxie is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. It is being developed by David Xanatos since it became open source, before that it was developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur). It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.
Sandboxie is available in two flavors Plus and Classic. Both have the same core components, this means they have the same level of security and compatibility. What"s different is the user interface the Plus build has a modern Qt based UI which supports all new features that have been added since the project went open source. The Classic build has the old no longer developed MFC based UI, hence it lacks support for modern features, these features can however still be used when manually configured in the Sandboxie.ini.
Sandboxie 1.14.3 Plus / Classic 5.69.3 release notes:
- One of the major updates is the introduction of the ability to force sandboxed processes to use a predefined SOCKS5 proxy. This feature allows for more controlled and secure network interactions. Additionally, the capability to intercept DNS queries for logging or redirection has been added, providing administrators with greater oversight and flexibility in managing network traffic. Notably, support for SOCKS5 proxy authentication based on RFC1928 has been incorporated, thanks to Deezzir"s contributions, who also developed a Test Dialog UI for the SOCKS5 proxy. It is important to note that utilizing the Proxy and DNS features requires an advanced type certificate.
- The release also introduces a new command line option, /fcp /force_children, to the start.exe utility. This option enables the initiation of a program outside the sandbox while ensuring that all its child processes are sandboxed, enhancing security without compromising flexibility. Additionally, a new feature allows for the limitation of memory usage and the number of processes within a single sandbox through job objects. This was made possible by Yeyixiao"s contribution and can be configured using "TotalMemoryLimit" for overall sandbox memory limits and "ProcessMemoryLimit" for individual process limits.
- Further improvements include the addition of a new "Sandboxie\All Sandboxes" SID to the token creation process, which fundamentally alters the token creation mechanism. This feature can be activated with the "SandboxieAllGroup=y" setting. Users can now also configure the "EditAdminOnly=y" setting on a per-box basis, providing more granular control over administrative permissions. Additionally, a new UI option allows users to start unsandboxed processes while forcing child processes into a sandbox, and the "AlertBeforeStart" option prompts a warning before launching a new program into the sandbox if the initiating program is not a Sandboxie component.
- Moreover, the update introduces a mechanism to block unsafe calls via RPC Port message filtering and a template to prevent sandboxed processes from accessing system information through WMI. A new "Job Object" Options page has been added, consolidating all job object-related options for easier management. Several critical fixes have been implemented, including resolving Chrome printing problems and various bugs affecting sandbox properties and program launching. Compatibility with Steam running sandboxed has also been improved.
- Compatibility with Windows build 26217 has been validated, and dynamic data has been updated accordingly. Finally, an issue with an early batch of Large Supporter certificates has been resolved, ensuring smoother operation and fewer disruptions. These updates collectively enhance the security, performance, and usability of sandboxed processes, providing users with a more reliable and efficient environment.
For a full list of changes and fixes please review the full change log.
Download: Sandboxie Plus (64-bit) | Sandboxie Plus (32-bit) ~20.0 MB (Open Source)
Download: Sandboxie Classic (64-bit) | Sandboxie Classic (32-bit) ~3.0 MB
Links: Sandboxie Website | Sandboxie Plus Home Page | GitHub | ARM64