Merge branch 'master' into Shell
This commit is contained in:
commit
5a7881b413
|
@ -125,5 +125,5 @@ jobs:
|
|||
echo 'tailing->trailing' >> dictionary_code.txt
|
||||
# Only lowercase letters are allowed in --ignore-words-list
|
||||
codespell --dictionary=dictionary.txt --dictionary=dictionary_rare.txt --dictionary=dictionary_code.txt \
|
||||
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage,woh,tne,typpos,enew,shft,seh,ser,servent,socio-economic,rime,falt,infor" \
|
||||
--skip="./.git,./.github/workflows/codespell.yml,./dictionary*.txt,./Sandboxie/msgs/Text-*-*.txt,./Sandboxie/msgs/report/Report-*.txt,./SandboxiePlus/SandMan/*.ts,./Installer/Languages.iss,./Installer/isl/*.isl,./Sandboxie/common/Detours/Makefile,./Sandboxie/common/Detours/disasm.cpp,./Sandboxie/install/build.bat,./SandboxieTools/ImBox/dc/crypto_fast/xts_fast.c,./Sandboxie/apps/control/TreePropSheet.h,./Sandboxie/apps/control/PropPageFrame.h,./Sandboxie/apps/control/PropPageFrameDefault.h,./SandboxiePlus/SandMan/Troubleshooting/lang_*.json"
|
||||
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage,woh,tne,typpos,enew,shft,seh,ser,servent,socio-economic,rime,falt,infor,vor,lets,od,fo,aas," \
|
||||
--skip="./.git,./.github/workflows/codespell.yml,./dictionary*.txt,./Sandboxie/msgs/Text-*-*.txt,./Sandboxie/msgs/report/Report-*.txt,./SandboxiePlus/SandMan/*.ts,./Installer/Languages.iss,./Installer/isl/*.isl,./SandboxiePlus/SandMan/Troubleshooting/lang_*.json,./Sandboxie/install/build.bat,./SandboxieTools/ImBox/dc/crypto_fast/xts_fast.c"
|
||||
|
|
|
@ -164,7 +164,7 @@ jobs:
|
|||
|
||||
- name: Upload installer assets
|
||||
#if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
|
||||
uses: actions/upload-artifact@v4.3.3
|
||||
uses: actions/upload-artifact@v4.3.4
|
||||
with:
|
||||
name: Assets
|
||||
path: |
|
||||
|
@ -173,7 +173,7 @@ jobs:
|
|||
|
||||
- name: Upload Sandboxie x64
|
||||
#if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
|
||||
uses: actions/upload-artifact@v4.3.3
|
||||
uses: actions/upload-artifact@v4.3.4
|
||||
with:
|
||||
name: Sandboxie_x64
|
||||
path: |
|
||||
|
@ -267,7 +267,7 @@ jobs:
|
|||
|
||||
- name: Upload Sandboxie ARM64
|
||||
#if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
|
||||
uses: actions/upload-artifact@v4.3.3
|
||||
uses: actions/upload-artifact@v4.3.4
|
||||
with:
|
||||
name: Sandboxie_ARM64
|
||||
path: |
|
||||
|
@ -336,7 +336,7 @@ jobs:
|
|||
|
||||
- name: Upload Sandboxie x86
|
||||
#if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
|
||||
uses: actions/upload-artifact@v4.3.3
|
||||
uses: actions/upload-artifact@v4.3.4
|
||||
with:
|
||||
name: Sandboxie_x86
|
||||
path: |
|
||||
|
|
38
CHANGELOG.md
38
CHANGELOG.md
|
@ -9,6 +9,17 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- added an optional context menu option to make folder/file forced quickly
|
||||
- You can also use "Sandman.exe /add_force program_path" to do it
|
||||
|
||||
## [1.14.4 / 5.69.4] - 2024-07-13
|
||||
|
||||
### Changed
|
||||
- improved removal of leftovers [#4050](https://github.com/sandboxie-plus/Sandboxie/pull/4050)
|
||||
|
||||
### Fixed
|
||||
- fixed The Start Restrictions tab's layout is broken [#4045](https://github.com/sandboxie-plus/Sandboxie/issues/4045)
|
||||
- fixed Administrators cannot change the sandbox configuration [#4057](https://github.com/sandboxie-plus/Sandboxie/issues/4057) [#4068](https://github.com/sandboxie-plus/Sandboxie/issues/4068)
|
||||
|
||||
### Added
|
||||
- added hwid display
|
||||
|
||||
|
||||
## [1.14.3 / 5.69.3] - 2024-07-01
|
||||
|
@ -31,33 +42,34 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
### Added
|
||||
- added SbieIni option to modify password-protected configs [#3903](https://github.com/sandboxie-plus/Sandboxie/issues/3903)
|
||||
- usage: set|append|insert|delete [/passwd:********] <section> <setting> <value>
|
||||
- Note: use /passwd without the password to have SbieIni prompot for the password on the console, this hides the password from view and from bing captured with the command line
|
||||
- Note: use /passwd without the password to have SbieIni prompt for the password on the console, this hides the password from view and from being captured with the command line
|
||||
- added checkbox for "PromptForInternetAccess" option to the New Box Wizard
|
||||
- added option "HideNonSystemProcesses" to hide processes not in a sandbox from processes lists for sandboxed processes
|
||||
- added option "HideSbieProcesses" to hide Sandboxie Work Process (SbieSvc, SandboxieRpcSs, etc.)
|
||||
- added option "HideFirmwareInfo"
|
||||
- when it is set, the programs that try getting fireware information will get false data from HKEY_CURRENT_USER\\SOFTWARE\\SandboxieHide\\FalseFirmwareValue
|
||||
- when it is set, the programs that try getting firmware information will get false data from HKEY_CURRENT_USER\\SOFTWARE\\SandboxieHide\\FalseFirmwareValue
|
||||
- added template "BlockAccessWMI" to prevent sandboxed processes from accessing system information through WMI
|
||||
- added template "BlockLocalConnect" to prevent sandboxed processes from sending network packs to localhost to breakout sandbox
|
||||
- added template "BlockLocalConnect" to prevent sandboxed processes from sending network packets to localhost to breakout sandbox
|
||||
- added new option "AllowCoverTaskbar" for [#3975](https://github.com/sandboxie-plus/Sandboxie/issues/3975)
|
||||
- added RPC Port message filter mechanism to block unsafe RDP calls via the driver [#3930](https://github.com/sandboxie-plus/Sandboxie/issues/3930)
|
||||
- Usage: "RpcPortFilter=Port,ID,Label" label is optional
|
||||
- added "Job Object" Options page to colelct all job object related options
|
||||
|
||||
|
||||
### Changed
|
||||
- Extend "Temp Template" to make it could delete local template section
|
||||
- extend "Temp Template" to make it could delete local template section
|
||||
|
||||
### Fixed
|
||||
- fixed security issue with the newly introduced experimental "UseCreateToken=y" mechanism
|
||||
- fixed issue with "UseCreateToken=y" when using a MSFT online account
|
||||
- fixed Export sandbox not containing hidden files [#3980](https://github.com/sandboxie-plus/Sandboxie/issues/3980) (thanks L4cache)
|
||||
- fixed Chrome stopped printing [#3926](https://github.com/sandboxie-plus/Sandboxie/issues/3926)
|
||||
- Sandboxie will add CustomChromiumFlags=--disable-features=PrintCompositorLPAC to chrome based browsers command line
|
||||
- Note: Less Privileged App Container (LPAC) don't work with sandboxie currently
|
||||
- Sandboxie will add CustomChromiumFlags=--disable-features=PrintCompositorLPAC to Chromium-based browsers command line
|
||||
- Note: Less Privileged App Container (LPAC) don't work with Sandboxie currently
|
||||
- fixed Problem accessing a relative symlink with a target that starts with a dot [#3981](https://github.com/sandboxie-plus/Sandboxie/issues/3981)
|
||||
- fixed Can't open a sandbox's properties window via double-click in System Tray context window [#3861](https://github.com/sandboxie-plus/Sandboxie/issues/3861)
|
||||
- fixed Delay in launching forced programs after version 1.12.9 [#3868](https://github.com/sandboxie-plus/Sandboxie/issues/3868)
|
||||
- this issue was introdiced in 1.13.0 and may have broadly affected other usecases and cause variosue problems
|
||||
- this issue was introduced in 1.13.0 and may have broadly affected other use cases and cause various problems
|
||||
- fixed issue with Misc Options list
|
||||
- improved compatibility with steam running sandboxed
|
||||
|
||||
|
@ -68,7 +80,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
### Added
|
||||
- added "Sandboxie\All Sandboxes" SID into token with SandboxieLogon [#3191](https://github.com/sandboxie-plus/Sandboxie/issues/3191)
|
||||
- to use this feature "SandboxieAllGroup=y" must be enabled
|
||||
- Note: this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y"
|
||||
- Note: this fundamentally changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y"
|
||||
- added "EditAdminOnly=y" can now be configured per box
|
||||
- added UI for CoverBoxedWindows in NewBoxWizard
|
||||
- added UI option to start unsandboxed process but force child processes in SelectBoxWindow
|
||||
|
@ -93,21 +105,21 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
## [1.14.0 / 5.69.0] - 2024-05-17
|
||||
|
||||
### Added
|
||||
- added option to limit the memory of sandboxed process and the number of process in single sandbox through job object (thanks Yeyixiao)
|
||||
- added option to limit the memory of sandboxed processes and the number of processes in single sandbox through job object (thanks Yeyixiao)
|
||||
- use "TotalMemoryLimit" (Number, limit whole sandbox, Byte) and "ProcessMemoryLimit" (Number, limit single process, Byte) to set memory limit
|
||||
- use "ProcessNumberLimit" (Number) to set process number limit
|
||||
- added ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao)
|
||||
- use "UseChangeSpeed=y" to open this feature, use "AddTickSpeed" / "AddSleepSpeed" / "AddTimerSpeed" / "LowTickSpeed" / "LowSleepSpeed" / "LowTimerSpeed" (Number) to set
|
||||
- when set to "AddSleepSpeed=0", all sleep function calls will be skipped
|
||||
- added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed
|
||||
- added ability to fore sandboxed processes to use a pre defined socks 5 proxy
|
||||
- added /fcp /force_children command line option to start.exe it allows to start a program unsandboxed but have all its children sandboxed
|
||||
- added ability to force sandboxed processes to use a pre-defined SOCKS5 proxy
|
||||
- added ability to intercept DNS queries so that they can be logged and/or redirected
|
||||
- added support for SOCKS5 proxy authentication based on RFC1928 (thanks Deezzir)
|
||||
- added Test Dialog UI for SOCKS5 proxy (thanks Deezzir)
|
||||
- added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox
|
||||
- added ability to automatically removes template references that begin with "Template_Temp_" in the sandbox
|
||||
|
||||
### Changed
|
||||
- validated compatibility with windows build 26217 and updated dyn data
|
||||
- validated compatibility with Windows build 26217 and updated DynData
|
||||
|
||||
### Fixed
|
||||
- fixed an issue with an early batch of Large Supporter certificates
|
||||
|
|
|
@ -52,7 +52,7 @@ Name: "RefreshBuild"; Description: "{cm:RefreshBuild}"; MinVersion: 0.0,5.0; Che
|
|||
[Files]
|
||||
; Both portable and install.
|
||||
Source: ".\Release\{#MyAppSrc}\*"; DestDir: "{app}"; MinVersion: 0.0,5.0; Flags: recursesubdirs ignoreversion; Excludes: "*.pdb"
|
||||
; include the driver pdb
|
||||
; Include the .pdb files.
|
||||
Source: ".\Release\{#MyAppSrc}\SbieDrv.pdb"; DestDir: "{app}"; MinVersion: 0.0,5.0; Flags: ignoreversion
|
||||
Source: ".\Release\{#MyAppSrc}\SbieDll.pdb"; DestDir: "{app}"; MinVersion: 0.0,5.0; Flags: ignoreversion
|
||||
|
||||
|
@ -79,11 +79,15 @@ Filename: "{app}\{#MyAppName}.ini"; Section: "Options"; Key: "UiLanguage"; Strin
|
|||
|
||||
|
||||
[InstallDelete]
|
||||
; Remove deprecated files at install time.
|
||||
; Delete obsolete files as the first step of installation.
|
||||
Type: filesandordirs; Name: "{app}\translations"
|
||||
Type: files; Name: "{app}\SbieDrv.sys.w10"
|
||||
Type: files; Name: "{app}\SbieDrv.sys.rc4"
|
||||
Type: files; Name: "{app}\SbieIni.exe.sig"
|
||||
Type: files; Name: "{app}\libcrypto-1_1-x64.dll"
|
||||
Type: files; Name: "{app}\libssl-1_1-x64.dll"
|
||||
; Delete existing .pdb files before installing new ones.
|
||||
Type: files; Name: "{app}\*.pdb"
|
||||
|
||||
|
||||
[Registry]
|
||||
|
@ -463,7 +467,7 @@ begin
|
|||
end;
|
||||
|
||||
begin
|
||||
|
||||
|
||||
// Return the path to use for the value of IniPath.
|
||||
if RegQueryStringValue(HKLM, 'SYSTEM\CurrentControlSet\Services\SbieDrv', 'IniPath', IniPath) then
|
||||
begin
|
||||
|
@ -667,7 +671,7 @@ begin
|
|||
exit;
|
||||
end;
|
||||
|
||||
// remove shell integration.
|
||||
// Remove shell integration.
|
||||
ShellUninstall();
|
||||
|
||||
end;
|
||||
|
|
|
@ -45,6 +45,11 @@ Sandboxie Plus has a modern Qt-based UI, which supports all new features that ha
|
|||
* Protections of sandboxes against the host, including the prevention of taking screenshots
|
||||
* A trigger system to perform actions, when a sandbox goes through different stages, like initialization, box start, termination or file recovery
|
||||
* Make a process not sandboxed, but its child processes sandboxed
|
||||
* Sandboxing as a unit of control to force programs to automatically use the SOCKS5 proxy
|
||||
* DNS resolution control with sandboxing as control granularity
|
||||
* Limit the number of processes in the sandbox and the total amount of memory space they can occupy, and You can limit the total number of sandboxed processes per box
|
||||
* A completely different token creation mechanism from Sandboxie's pre-open-source version makes sandboxes more independent in the system
|
||||
* Encrypted Sandbox - an AES-based reliable data storage solution.
|
||||
|
||||
More features can be spotted by finding the sign `=` through the shortcut key Ctrl+F in the [CHANGELOG.md](./CHANGELOG.md) file.
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
#define VERSION_MJR 5
|
||||
#define VERSION_MIN 69
|
||||
#define VERSION_REV 3
|
||||
#define VERSION_REV 4
|
||||
#define VERSION_UPD 0
|
||||
|
||||
#if VERSION_UPD > 0
|
||||
|
|
|
@ -1653,14 +1653,15 @@ _FX BOOL Proc_AlternateCreateProcess(
|
|||
void *lpCurrentDirectory, LPPROCESS_INFORMATION lpProcessInformation,
|
||||
BOOL *ReturnValue)
|
||||
{
|
||||
//if (SbieApi_QueryConfBool(NULL, L"BlockSoftwareUpdaters", TRUE))
|
||||
if (Proc_IsSoftwareUpdateW(lpApplicationName ? lpApplicationName : lpCommandLine)) {
|
||||
if (SbieApi_QueryConfBool(NULL, L"BlockSoftwareUpdaters", TRUE)) {
|
||||
if (Proc_IsSoftwareUpdateW(lpApplicationName ? lpApplicationName : lpCommandLine)) {
|
||||
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
*ReturnValue = FALSE;
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
*ReturnValue = FALSE;
|
||||
|
||||
SbieApi_MonitorPutMsg(MONITOR_OTHER, L"Blocked start of an updater");
|
||||
return TRUE; // exit CreateProcessInternal
|
||||
SbieApi_MonitorPutMsg(MONITOR_OTHER, L"Blocked start of an updater");
|
||||
return TRUE; // exit CreateProcessInternal
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef _WIN64
|
||||
|
|
|
@ -728,7 +728,7 @@ ULONG SbieIniServer::IsCallerAuthorized(HANDLE hToken, const WCHAR *Password, co
|
|||
|
||||
if (SbieApi_QueryConfBool(Section, L"EditAdminOnly", FALSE)) {
|
||||
|
||||
if (! TokenIsAdmin(hToken, true)) {
|
||||
if (! TokenIsAdmin(hToken)) {
|
||||
CloseHandle(hToken);
|
||||
return STATUS_LOGON_NOT_GRANTED;
|
||||
}
|
||||
|
|
|
@ -954,6 +954,10 @@ NoTrendMicro:
|
|||
|
||||
Upgrade:
|
||||
|
||||
; Delete obsolete files
|
||||
Delete "$INSTDIR\${SBIEDRV_SYS}.rc4"
|
||||
Delete "$INSTDIR\${SBIEDRV_SYS}.w10"
|
||||
Delete "$INSTDIR\${SBIEINI_EXE}.sig"
|
||||
Call DeleteProductKey
|
||||
Call DeleteSystemKeys
|
||||
Call DeleteShortCuts
|
||||
|
@ -1141,7 +1145,7 @@ WriteOk:
|
|||
SkipCopyInstaller:
|
||||
|
||||
;
|
||||
; Delete old files
|
||||
; Delete obsolete files
|
||||
;
|
||||
|
||||
Delete "$DESKTOP\${PRODUCT_NAME} Quick Launch.lnk"
|
||||
|
@ -1180,8 +1184,9 @@ Function DeleteProgramFiles
|
|||
Delete "$INSTDIR\${SBIEMSG_DLL}"
|
||||
|
||||
Delete "$INSTDIR\${SBIEDRV_SYS}"
|
||||
Delete "$INSTDIR\${SBIEDRV_SYS}.rc4" ; leftover
|
||||
Delete "$INSTDIR\${SBIEDRV_SYS}.w10" ; leftover
|
||||
; Delete obsolete files
|
||||
Delete "$INSTDIR\${SBIEDRV_SYS}.rc4"
|
||||
Delete "$INSTDIR\${SBIEDRV_SYS}.w10"
|
||||
|
||||
Delete "$INSTDIR\KmdUtil.exe"
|
||||
Delete "$INSTDIR\UpdUtil.exe"
|
||||
|
@ -1210,7 +1215,8 @@ Function DeleteProgramFiles
|
|||
Delete "$INSTDIR\Manifest2.txt"
|
||||
|
||||
Delete "$INSTDIR\${SBIEINI_EXE}"
|
||||
Delete "$INSTDIR\${SBIEINI_EXE}.sig" ; leftover
|
||||
; Delete obsolete file
|
||||
Delete "$INSTDIR\${SBIEINI_EXE}.sig"
|
||||
|
||||
Delete "$INSTDIR\whatsnew.html"
|
||||
|
||||
|
|
|
@ -6,8 +6,8 @@
|
|||
<rect>
|
||||
<x>0</x>
|
||||
<y>0</y>
|
||||
<width>835</width>
|
||||
<height>575</height>
|
||||
<width>674</width>
|
||||
<height>475</height>
|
||||
</rect>
|
||||
</property>
|
||||
<property name="sizePolicy">
|
||||
|
@ -1729,121 +1729,46 @@
|
|||
<attribute name="title">
|
||||
<string>Advanced Security</string>
|
||||
</attribute>
|
||||
<layout class="QGridLayout" name="gridLayout_2">
|
||||
<item row="0" column="0">
|
||||
<widget class="QLabel" name="lblPrivilege">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>Protect the sandbox integrity itself</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Privilege isolation</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkProtectSCM">
|
||||
<property name="text">
|
||||
<string>Allow only privileged processes to access the Service Control Manager</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkRestrictServices">
|
||||
<property name="text">
|
||||
<string>Do not start sandboxed services using a system token (recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="3" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkElevateRpcss">
|
||||
<property name="text">
|
||||
<string>Start the sandboxed RpcSs as a SYSTEM process (not recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkProtectSystem">
|
||||
<property name="text">
|
||||
<string>Protect sandboxed SYSTEM processes from unprivileged processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="3">
|
||||
<widget class="QLabel" name="label_65">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>(Security Critical)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkDropPrivileges">
|
||||
<property name="text">
|
||||
<string>Drop critical privileges from processes running with a SYSTEM token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="3">
|
||||
<widget class="QLabel" name="label_64">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>(Security Critical)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="0">
|
||||
<widget class="QLabel" name="lblToken">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>Protect the sandbox integrity itself</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Sandboxie token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkSbieLogon">
|
||||
<property name="text">
|
||||
<string>Use a Sandboxie login instead of an anonymous token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="2">
|
||||
<widget class="QLabel" name="label_74">
|
||||
<property name="text">
|
||||
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
|
||||
</property>
|
||||
<property name="wordWrap">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<layout class="QGridLayout" name="gridLayout_26">
|
||||
<item row="0" column="1">
|
||||
<layout class="QGridLayout" name="gridLayout_2">
|
||||
<item row="5" column="1" colspan="3">
|
||||
<widget class="QCheckBox" name="chkDropPrivileges">
|
||||
<property name="text">
|
||||
<string>Drop critical privileges from processes running with a SYSTEM token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="10" column="2">
|
||||
<spacer name="horizontalSpacer_13">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>40</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="1" column="1" colspan="3">
|
||||
<widget class="QCheckBox" name="chkProtectSCM">
|
||||
<property name="text">
|
||||
<string>Allow only privileged processes to access the Service Control Manager</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="2" colspan="2">
|
||||
<widget class="QLabel" name="label_74">
|
||||
<property name="text">
|
||||
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
|
||||
</property>
|
||||
<property name="wordWrap">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="9" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkCreateToken">
|
||||
<property name="text">
|
||||
|
@ -1851,31 +1776,110 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="10" column="1">
|
||||
<spacer name="verticalSpacer">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>185</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="10" column="2">
|
||||
<spacer name="horizontalSpacer_13">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>457</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
<item row="4" column="4">
|
||||
<widget class="QLabel" name="label_65">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>(Security Critical)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="0">
|
||||
<widget class="QLabel" name="lblPrivilege">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>Protect the sandbox integrity itself</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Privilege isolation</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1" colspan="3">
|
||||
<widget class="QCheckBox" name="chkRestrictServices">
|
||||
<property name="text">
|
||||
<string>Do not start sandboxed services using a system token (recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="1" colspan="4">
|
||||
<widget class="QCheckBox" name="chkSbieLogon">
|
||||
<property name="text">
|
||||
<string>Use a Sandboxie login instead of an anonymous token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="9" column="1">
|
||||
<spacer name="verticalSpacer">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>5</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="3" column="1" colspan="3">
|
||||
<widget class="QCheckBox" name="chkElevateRpcss">
|
||||
<property name="text">
|
||||
<string>Start the sandboxed RpcSs as a SYSTEM process (not recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1" colspan="3">
|
||||
<widget class="QCheckBox" name="chkProtectSystem">
|
||||
<property name="text">
|
||||
<string>Protect sandboxed SYSTEM processes from unprivileged processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="4">
|
||||
<widget class="QLabel" name="label_64">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>(Security Critical)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="0" colspan="2">
|
||||
<widget class="QLabel" name="lblToken">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>Protect the sandbox integrity itself</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Sandboxie token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
</layout>
|
||||
</widget>
|
||||
|
@ -2477,119 +2481,113 @@
|
|||
<attribute name="title">
|
||||
<string>Start Restrictions</string>
|
||||
</attribute>
|
||||
<widget class="QWidget" name="layoutWidget">
|
||||
<property name="geometry">
|
||||
<rect>
|
||||
<x>9</x>
|
||||
<y>9</y>
|
||||
<width>751</width>
|
||||
<height>493</height>
|
||||
</rect>
|
||||
</property>
|
||||
<layout class="QGridLayout" name="gridLayout_19">
|
||||
<item row="0" column="0">
|
||||
<layout class="QGridLayout" name="gridLayout_23">
|
||||
<property name="verticalSpacing">
|
||||
<number>0</number>
|
||||
</property>
|
||||
<item row="3" column="0">
|
||||
<widget class="QLabel" name="label_4">
|
||||
<property name="text">
|
||||
<string>* Note: Programs installed to this sandbox won't be able to start at all.</string>
|
||||
</property>
|
||||
<property name="wordWrap">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="0">
|
||||
<widget class="QRadioButton" name="radStartAll">
|
||||
<property name="text">
|
||||
<string>Allow all programs to start in this sandbox.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="0">
|
||||
<widget class="QRadioButton" name="radStartSelected">
|
||||
<property name="text">
|
||||
<string>Allow only selected programs to start in this sandbox. *</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="0">
|
||||
<widget class="QRadioButton" name="radStartExcept">
|
||||
<property name="text">
|
||||
<string>Prevent selected programs from starting in this sandbox.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
<item row="1" column="0" rowspan="2">
|
||||
<widget class="QTreeWidget" name="treeStart">
|
||||
<property name="sortingEnabled">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
<column>
|
||||
<property name="text">
|
||||
<string>Name</string>
|
||||
<layout class="QGridLayout" name="gridLayout_85">
|
||||
<item row="0" column="0">
|
||||
<layout class="QGridLayout" name="gridLayout_19">
|
||||
<item row="0" column="0">
|
||||
<layout class="QGridLayout" name="gridLayout_23">
|
||||
<property name="verticalSpacing">
|
||||
<number>0</number>
|
||||
</property>
|
||||
</column>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="1">
|
||||
<widget class="QPushButton" name="btnAddStartProg">
|
||||
<property name="text">
|
||||
<string>Add Program</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1">
|
||||
<spacer name="verticalSpacer_8">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>299</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="3" column="1">
|
||||
<widget class="QCheckBox" name="chkShowStartTmpl">
|
||||
<property name="text">
|
||||
<string>Show Templates</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1">
|
||||
<widget class="QPushButton" name="btnDelStartProg">
|
||||
<property name="text">
|
||||
<string>Remove</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="0">
|
||||
<widget class="QCheckBox" name="chkStartBlockMsg">
|
||||
<property name="text">
|
||||
<string>Issue message 1308 when a program fails to start</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="0">
|
||||
<widget class="QCheckBox" name="chkAlertBeforeStart">
|
||||
<property name="toolTip">
|
||||
<string>This setting can be used to prevent programs from running in the sandbox without the user's knowledge or consent.</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Display a pop-up warning before starting a process in the sandbox from an external source</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</widget>
|
||||
<item row="3" column="0">
|
||||
<widget class="QLabel" name="label_4">
|
||||
<property name="text">
|
||||
<string>* Note: Programs installed to this sandbox won't be able to start at all.</string>
|
||||
</property>
|
||||
<property name="wordWrap">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="0">
|
||||
<widget class="QRadioButton" name="radStartAll">
|
||||
<property name="text">
|
||||
<string>Allow all programs to start in this sandbox.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="0">
|
||||
<widget class="QRadioButton" name="radStartSelected">
|
||||
<property name="text">
|
||||
<string>Allow only selected programs to start in this sandbox. *</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="0">
|
||||
<widget class="QRadioButton" name="radStartExcept">
|
||||
<property name="text">
|
||||
<string>Prevent selected programs from starting in this sandbox.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
<item row="1" column="1">
|
||||
<widget class="QPushButton" name="btnAddStartProg">
|
||||
<property name="text">
|
||||
<string>Add Program</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1">
|
||||
<spacer name="verticalSpacer_8">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>299</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="3" column="1">
|
||||
<widget class="QCheckBox" name="chkShowStartTmpl">
|
||||
<property name="text">
|
||||
<string>Show Templates</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1">
|
||||
<widget class="QPushButton" name="btnDelStartProg">
|
||||
<property name="text">
|
||||
<string>Remove</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="0">
|
||||
<widget class="QCheckBox" name="chkStartBlockMsg">
|
||||
<property name="text">
|
||||
<string>Issue message 1308 when a program fails to start</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="0">
|
||||
<widget class="QCheckBox" name="chkAlertBeforeStart">
|
||||
<property name="toolTip">
|
||||
<string>This setting can be used to prevent programs from running in the sandbox without the user's knowledge or consent.</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Display a pop-up warning before starting a process in the sandbox from an external source</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="0" rowspan="4">
|
||||
<widget class="QTreeWidget" name="treeStart">
|
||||
<property name="sortingEnabled">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
<column>
|
||||
<property name="text">
|
||||
<string>Name</string>
|
||||
</property>
|
||||
</column>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
</layout>
|
||||
</widget>
|
||||
<widget class="QWidget" name="tabAccess">
|
||||
<attribute name="title">
|
||||
|
@ -4064,98 +4062,102 @@ The process match level has a higher priority than the specificity and describes
|
|||
<attribute name="title">
|
||||
<string>Compatibility</string>
|
||||
</attribute>
|
||||
<layout class="QGridLayout" name="gridLayout_26">
|
||||
<item row="0" column="1">
|
||||
<widget class="QCheckBox" name="chkNoPanic">
|
||||
<property name="toolTip">
|
||||
<string>When the global hotkey is pressed 3 times in short succession this exception will be ignored.</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Exclude this sandbox from being terminated when "Terminate All Processes" is invoked.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="0">
|
||||
<widget class="QLabel" name="lblCompatibility">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Compatibility</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1">
|
||||
<widget class="QCheckBox" name="chkPreferExternalManifest">
|
||||
<property name="text">
|
||||
<string>Force usage of custom dummy Manifest files (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="3" column="1">
|
||||
<widget class="QCheckBox" name="chkElevateCreateProcessFix">
|
||||
<property name="text">
|
||||
<string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieDeskHack">
|
||||
<property name="text">
|
||||
<string>Use desktop object workaround for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieWndStation">
|
||||
<property name="text">
|
||||
<string>Emulate sandboxed window station for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="1">
|
||||
<widget class="QCheckBox" name="chkComTimeout">
|
||||
<property name="text">
|
||||
<string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="1">
|
||||
<layout class="QGridLayout" name="gridLayout_63">
|
||||
<item row="0" column="0">
|
||||
<layout class="QGridLayout" name="gridLayout_62">
|
||||
<item row="3" column="1">
|
||||
<widget class="QCheckBox" name="chkElevateCreateProcessFix">
|
||||
<property name="text">
|
||||
<string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="1">
|
||||
<widget class="QCheckBox" name="chkNoPanic">
|
||||
<property name="toolTip">
|
||||
<string>When the global hotkey is pressed 3 times in short succession this exception will be ignored.</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Exclude this sandbox from being terminated when "Terminate All Processes" is invoked.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="1">
|
||||
<widget class="QCheckBox" name="chkComTimeout">
|
||||
<property name="text">
|
||||
<string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieDeskHack">
|
||||
<property name="text">
|
||||
<string>Use desktop object workaround for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="1">
|
||||
<widget class="QCheckBox" name="chkForceRestart">
|
||||
<property name="text">
|
||||
<string>Restart force process before they begin to execute</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="0">
|
||||
<spacer name="verticalSpacer_28">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>263</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="8" column="1">
|
||||
<spacer name="horizontalSpacer_12">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>667</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
<item row="8" column="0">
|
||||
<spacer name="verticalSpacer_28">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>40</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="1" column="0">
|
||||
<widget class="QLabel" name="lblCompatibility">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Compatibility</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1">
|
||||
<widget class="QCheckBox" name="chkPreferExternalManifest">
|
||||
<property name="text">
|
||||
<string>Force usage of custom dummy Manifest files (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieWndStation">
|
||||
<property name="text">
|
||||
<string>Emulate sandboxed window station for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="1">
|
||||
<spacer name="horizontalSpacer_12">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>40</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
</layout>
|
||||
</widget>
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -2,7 +2,7 @@
|
|||
|
||||
#define VERSION_MJR 1
|
||||
#define VERSION_MIN 14
|
||||
#define VERSION_REV 3
|
||||
#define VERSION_REV 4
|
||||
#define VERSION_UPD 0
|
||||
|
||||
#ifndef STR
|
||||
|
|
Loading…
Reference in New Issue