Sandboxie Plus 1.14.10 / Classic 5.69.10 – Free

Sandboxie is a proprietary sandbox-based isolation software for Windows operating systems. It creates a sandbox-like isolated operating environment.

You can run or install all applications without perpetually modifying the local or mapped drive. An isolated virtual environment allows for control testing of untrusted software and web surfing.

Sandboxie runs your software in an isolated space. It prevents them from permanently changing other software and data in your computer.

When you run software on your computer, data flows from the hard disk to the software via read operations. The data is then processed and displayed, and finally flows back from the software to the hard disk via write operations.

Sandboxie changes the rules so that write operations do not affect your hard disk.

Intercepts changes to your files and registry settings, preventing any software from reaching outside the sandbox. It traps cached browser items in the sandbox as a by-product of normal operation. Therefore, when you delete the sandbox, all your browsing history and other side effects are removed.

Benefits of the Isolated Sandbox:

• Secure Web Browsing. If you run a web browser under the protection of Sandboxie, all malicious applications downloaded by the browser are trapped within the sandbox and can be easily discarded.
• Enhanced Privacy. Browsing historical past, cookies, and cached temporary files collected while Web browsing stays within the sandbox and doesn’t leak into Windows.
• Secure E-mail. Viruses and malicious applications hiding in your email can’t break out of the sandbox and might infect your system.
• Windows Stays Lean. Prevent wear-and-tear in Windows by installing the application into a remote sandbox.

Sandboxie Plus Features:

Sandboxie Plus offers a variety of new features that enhance security, compatibility, and the overall sandboxing experience.

Rule Specificity

• With this option, rules are prioritized based on their specificity (see changelog/docs for details) this way sub paths can be readable/writeable while parent parts are still protected.

Security enhanced sandboxes

• Restrict syscall elevation to approved known safe/filtered sys calls
• Limit access to device endpoints to known safe / filtered endpoints

Privacy enhanced Sandboxes

• By applying a preset rule collection, all locations potentially containing personal data can be protected. Applications running in boxes with personal data protection will encounter an empty PC with no user data available.

Compartment Mode

• This mode prioritizes compatibility over security. As such, Sandboxie’s token-based isolation scheme is not employed. Isolation is restricted to the file system mini filter, registry, and object callbacks. This approach may significantly enhance compatibility with various applications.

Virtual Disk Integration

• RamDisk support, available since the latest insider build, allows you to create a virtual disk in your system’s memory, using the ImDisk driver, which can speed up file access and increase confidentiality as all box contents will be discarded when the disk is unmounted (manually or automatically on reboot).
• Encrypted Box Image support is currently in development and allows you to create encrypted sandboxed environments for even greater protection of your confidential data. With this feature, the box file root is mounted from an AES-XTS encrypted box image, with other ciphers also available. Upcoming additions to this root functionality will contain secure box passphrase handling and a driver extension to prevent applications not running in the encrypted sandbox from accessing the sandboxed files.

Enhanced network filtering and redirection

• Proxy injection is yet another feature that has been added in the insider builds, it allows to force any application to use a Socks 5 proxy instead of a direct connection.
• DNS query logging, filtering, and redirection feature allows you to block, or redirect DNS queries made by sandboxed programs for selected domains.

WFP (Windows Filtering Platform) support

• With this feature, Sandboxie functions like an application firewall, applying rules for each box. This allows the same application to access the internet in one box while blocking it in another.

Windows 11 context menu integration

Process/Thread handle filtering (obCallbacks)

• Using this mechanism greatly enhances process isolation and provides improved security.

Win32 syscall hooking

• With this feature win32 sys calls can get the same treatment as NT sys calls which helps with graphics and hw acceleration.

New UI with dark mode and much more

• Sandboxie-Plus brings an entirely new Qt-based UI sandman.exe
• Customizable per box run menu
• Global hotkey to terminate all boxes
• INI section editor for easy configuration of advanced options
• Box event triggers/scripts
• Ability to stop selected applications from running globally, regardless of box presets

Snapshots

• Sandboxie-Plus can create box snapshots, facilitating quick restoration of a box to a specified earlier state.
• Box set to auto-delete will when available auto revert to the last snapshot allowing to benefit from a fresh clean box each time but with some preset configuration

Enhanced debug/trace monitor

Fake admin privileges

• Allows to make all processes in a box think they have admin permissions and act accordingly, without the potential drawbacks of granting them admin permissions

Box size monitor

• Monitor and list box size in their column

Start Menu integration

• Integrate start menu entries from sandboxes into the host start menu

Sandbox SID isolation

• Instead of using an anonymous login SID use per box custom SIDs like Sandboxie/DefaultBox this way processes from separate boxes won’t be able to access each other’s resources.

Breakout Process

• Allows to specify which applications shall run unsandboxed when launched within the sandbox. Combining this mode with ForceProcess creates a straightforward priority system.
• Document BreakOut is an extension of the well-known Breakout mechanism that allows the opening of selected file types saved to an open file path from within the sandbox in an unsandboxed instance of the associated application.

USB drive sandboxing

• This feature automatically sandboxes any USB drive you plug into your computer, adding an extra layer of protection to your system.

EFS Support

• Support for EFS (Encrypted File System) protected files.