CCertificatePage Install your Sandboxie-Plus support certificate If you have a supporter certificate, please fill it into the field below. Start evaluation without a certificate for a limited period of time. To use Sandboxie-Plus in a business setting, an appropriate <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">support certificate</a> for business use is required. If you do not yet have the required certificate(s), you can get those from the <a href="https://xanasoft.com/shop/">xanasoft.com web shop</a>. Sandboxie-Plus provides additional features and box types exclusively to project supporters. Boxes like the Privacy Enhanced boxes protect user data from illicit access by the sandboxed programs. If you are not yet a supporter, then please consider <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">supporting the project</a> to ensure further development of Sandboxie and to receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a>. CCleanUpJob Deleting Content CFileBrowserWindow %1 - Files Create Shortcut Recover to Any Folder Recover to Same Folder Select Directory Create Shortcut to sandbox %1 CFinishPage Complete your configuration Almost complete, click Finish to apply all selected options and conclude the wizard. Keep Sandboxie-Plus up to date. CIntroPage Introduction Welcome to the Setup Wizard. This wizard will help you to configure your copy of Sandboxie-Plus. You can start this wizard at any time from the Sandbox->Maintenance menu if you do not wish to complete it now. Select how you would like to use Sandboxie-Plus &Personally, for private non-commercial use &Commercially, for business or enterprise use Note: this option is immutable CMonitorModel Type Status Value Count CMultiErrorDialog Sandboxie-Plus - Error Message CNewBoxWindow Sandboxie-Plus - Create New Box New Box Hardened Sandbox with Data Protection Security Hardened Sandbox Sandbox with Data Protection Standard Isolation Sandbox (Default) Application Compartment with Data Protection Application Compartment (NO Isolation) COnDeleteJob OnDelete: %1 COptionsWindow Sandboxie Plus - '%1' Options Browse for File This sandbox has been deleted hence configuration can not be saved. Some changes haven't been saved yet, do you really want to close this options window? Group: %1 Enter program: Browse for Folder Normal Open Open for All Closed Closed RT Read Only Box Only (Write Only) Unknown File/Folder Registry IPC Path Wnd Class COM Object Select File All Files (*.*) Select Directory All Programs COM objects must be specified by their GUID, like: {00000000-0000-0000-0000-000000000000} RT interfaces must be specified by their name. Template values can not be edited. Template values can not be removed. On Start Run Command Start Service On Init On Delete Please enter the command line to be executed Please enter a service identifier Please enter a program file name %1 (%2) Process Folder Select Executable File Executable Files (*.exe) Don't alter the window title Display [#] indicator only Display box name in title Border disabled Show only when title is in focus Always show Hardened Sandbox with Data Protection Security Hardened Sandbox Sandbox with Data Protection Standard Isolation Sandbox (Default) Application Compartment with Data Protection Application Compartment (NO Isolation) Browse for Program Open Box Options Browse Content Start File Recovery Show Run Dialog kilobytes (%1) Select color Select Program Executables (*.exe *.cmd) Please enter a menu title Please enter a command Please enter a name for the new group Please select group first. Any TCP UDP ICMP Allow access Block using Windows Filtering Platform Block by denying access to Network devices Allow Block (WFP) Block (NDev) Block Exclusion Please enter a file extension to be excluded Lingerer Leader All Categories Custom Templates Email Reader PDF/Print Security/Privacy Desktop Utilities Download Managers Miscellaneous Web Browser Media Player Torrent Client This template is enabled globally. To configure it, use the global options. Please enter the template identifier Error: %1 Only local templates can be removed! Do you really want to delete the selected local template? CPopUpMessage ? Visit %1 for a detailed explanation. Dismiss Remove this message from the list Hide all such messages CPopUpProgress Dismiss Remove this progress indicator from the list CPopUpPrompt Remember for this process Yes No Terminate Yes and add to allowed programs Requesting process terminated Request will time out in %1 sec Request timed out CPopUpRecovery Recover to: Browse Clear folder list Recover Recover the file to original location Recover && Explore Recover && Open/Run Open file recovery for this box Dismiss Don't recover this file right now Dismiss all from this box Disable quick recovery until the box restarts Select Directory CPopUpWindow Sandboxie-Plus Notifications Do you want to allow the print spooler to write outside the sandbox for %1 (%2)? Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2? File name: %3 Do you want to allow %1 (%2) access to the internet? Full path: %3 %1 is eligible for quick recovery from %2. The file was written by: %3 an UNKNOWN process. %1 (%2) UNKNOWN Migrating a large file %1 into the sandbox %2, %3 left. Full path: %4 CRecoveryWindow %1 - File Recovery File Name File Size Full Path Remember target selection Delete everything, including all snapshots Original location Browse for location Clear folder list Select Directory Close until all programs stop in this box Close and Disable Immediate Recovery for this box There are %1 new files available to recover. There are %1 files and %2 folders in the sandbox, occupying %3 of disk space. CSandBox Waiting for folder: %1 Deleting folder: %1 Merging folders: %1 >> %2 Finishing Snapshot Merge... CSandBoxPlus Disabled Application Compartment NOT SECURE Reduced Isolation Enhanced Isolation Privacy Enhanced API Log No INet Net Share No Admin Normal CSandMan Sandboxie Manager can not be run sandboxed! WARNING: Sandboxie-Plus.ini in %1 cannot be written to, settings will not be saved. Sandboxie-Plus v%1 Reset Columns Copy Cell Copy Row Copy Panel &Sandbox Create New Box Create Box Group Terminate All Processes Window Finder Pause Forcing Programs Disable File Recovery Disable Message PopUp &Maintenance Connect Disconnect Stop All &Advanced Install Driver Start Driver Stop Driver Uninstall Driver Install Service Start Service Stop Service Uninstall Service Setup Wizard Uninstall All Exit &View Simple View Advanced View Always on Top Show Hidden Boxes Show All Sessions Refresh View Clean Up Cleanup Processes Cleanup Message Log Cleanup Trace Log Cleanup Recovery Log Keep terminated &Options Global Settings Reset all hidden messages Reset all GUI options Edit ini file Reload ini file Trace Logging &Help Support Sandboxie-Plus with a Donation Visit Support Forum Online Documentation Check for Updates About the Qt Framework About Sandboxie-Plus Cleanup <a href="sbie://update/package" style="color: red;">There is a new build of Sandboxie-Plus available</a> Click to install update <a href="https://sandboxie-plus.com/go.php?to=patreon">Support Sandboxie-Plus on Patreon</a> Click to open web browser Time|Message Sbie Messages Trace Log Time|Box Name|File Path Recovery Log Show/Hide Do you want to close Sandboxie Manager? Sandboxie-Plus was running in portable mode, now it has to clean up the created services. This will prompt for administrative privileges. Do you want to do the clean up? Don't show this message again. This box provides enhanced security isolation, it is suitable to test untrusted software. This box provides standard isolation, it is suitable to run your software to enhance security. This box does not enforce isolation, it is intended to be used as an application compartment for software virtualization only. This box prevents access to all user data locations, except explicitly granted in the Resource Access options. Unknown operation '%1' requested via command line - Driver/Service NOT Running! - Deleting Sandbox Content Do you want to check if there is a new version of Sandboxie-Plus? Some compatibility templates (%1) are missing, probably deleted, do you want to remove them from all boxes? Cleaned up removed templates... Executing OnBoxDelete: %1 Auto Deleting %1 Content Removed Shortcut: %1 Added Shortcut to: %1 Auto deleting content of %1 Installation Directory: %1 Sandboxie-Plus Version: %1 (%2) Current Config: %1 Data Directory: %1 - Portable Sandboxie-Plus was started in portable mode, do you want to put the Sandbox folder into its parent directory? Yes will choose: %1 No will choose: %2 Default sandbox not found; creating: %1 - NOT connected The program %1 started in box %2 will be terminated in 5 minutes because the box was configured to use features exclusively available to project supporters. The box %1 is configured to use features exclusively available to project supporters, these presets will be ignored. <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">Become a project supporter</a>, and receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a> PID %1: %1 (%2): The selected feature set is only available to project supporters. Processes started in a box with this feature set enabled without a supporter certificate will be terminated after 5 minutes. <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">Become a project supporter</a>, and receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a> The evaluation periode has expired!!! The supporter certificate is not valid for this build, please get an updated certificate The supporter certificate has expired%1, please get an updated certificate , but it remains valid for the current build The supporter certificate will expire in %1 days, please get an updated certificate Recovering file %1 to %2 The file %1 already exists, do you want to overwrite it? Do this for all files! Failed to recover some files: Only Administrators can change the config. Please enter the configuration password. Login Failed: %1 Do you want to terminate all processes in all sandboxes? Terminate all without asking Please enter the duration, in seconds, for disabling Forced Programs rules. Sandboxie-Plus was started in portable mode and it needs to create necessary services. This will prompt for administrative privileges. CAUTION: Another agent (probably SbieCtrl.exe) is already managing this Sandboxie session, please close it first and reconnect to take over. Sandboxie-Plus - Error Failed to stop all Sandboxie components Failed to start required Sandboxie components Maintenance operation failed (%1) Maintenance operation Successful Executing maintenance operation, please wait... Do you also want to reset hidden message boxes (yes), or only all log messages (no)? The changes will be applied automatically whenever the file gets saved. The changes will be applied automatically as soon as the editor is closed. Sandboxie config has been reloaded Error Status: 0x%1 (%2) Unknown Administrator rights are required for this operation. Failed to execute: %1 Failed to connect to the driver Failed to communicate with Sandboxie Service: %1 An incompatible Sandboxie %1 was found. Compatible versions: %2 Can't find Sandboxie installation path. Failed to copy configuration from sandbox %1: %2 A sandbox of the name %1 already exists Failed to delete sandbox %1: %2 The sandbox name can not be longer than 32 characters. The sandbox name can not be a device name. The sandbox name can contain only letters, digits and underscores which are displayed as spaces. Failed to terminate all processes Delete protection is enabled for the sandbox All sandbox processes must be stopped before the box content can be deleted Error deleting sandbox folder: %1 A sandbox must be emptied before it can be deleted. Failed to move directory '%1' to '%2' This Snapshot operation can not be performed while processes are still running in the box. Failed to create directory for new snapshot Failed to copy box data files Snapshot not found Error merging snapshot directories '%1' with '%2', the snapshot has not been fully merged. Failed to remove old snapshot directory '%1' Can't remove a snapshot that is shared by multiple later snapshots Failed to remove old box data files You are not authorized to update configuration in section '%1' Failed to set configuration setting %1 in section %2: %3 Can not create snapshot of an empty sandbox A sandbox with that name already exists The config password must not be longer than 64 characters The operation was canceled by the user Unknown Error Status: 0x%1 Operation failed for %1 item(s). Do you want to open %1 in a sandboxed (yes) or unsandboxed (no) Web browser? Remember choice for later. Checking for updates... server not reachable Failed to check for updates, error: %1 Do you want to go to the <a href="%1">info page</a>? Don't show this announcement in the future. There is a new version of Sandboxie-Plus available. New version: %1 Do you want to download the latest version? Do you want to go to the <a href="%1">download page</a>? Don't show this message anymore. No new updates found, your Sandboxie-Plus is up-to-date. Note: The update check is often behind the latest GitHub release to ensure that only tested updates are offered. Downloading new version... Failed to download update from: %1 A Sandboxie-Plus update has been downloaded to the following location:<a href="%2">%1</a>Do you want to begin the installation? If any programs are running sandboxed, they will be terminated. <h3>About Sandboxie-Plus</h3>Version %1Copyright (c) 2020-2022 by DavidXanatos This copy of Sandboxie+ is certified for: %1 Sandboxie+ is free for personal and non-commercial use. Sandboxie-Plus is an open source continuation of Sandboxie. Visit <a href="https://sandboxie-plus.com">sandboxie-plus.com</a> for more information. %3 Driver version: %1 Features: %2 Icons from <a href="https://icons8.com">icons8.com</a> Checking for certificate... No certificate found on server! There is no updated certificate available. The selected window is running as part of program %1 in sandbox %2 The selected window is not running as part of any sandboxed program. Drag the Finder Tool over a window to select it, then release the mouse to check if the window is sandboxed. Sandboxie-Plus - Window Finder CSbieModel Box Group Empty Name Process ID Status Title Info Path / Command Line CSbieProcess Sbie RpcSs Sbie DcomLaunch Sbie Crypto Sbie WuauServ Sbie BITS Sbie Svc MSI Installer Trusted Installer Windows Update Windows Explorer Internet Explorer Firefox Windows Media Player Winamp KMPlayer Windows Live Mail Service Model Reg RunDll32 DllHost Windows Ink Services Chromium Based Google Updater Acrobat Reader MS Outlook MS Excel Flash Player Firefox Plugin Container Generic Web Browser Generic Mail Client Thunderbird Terminated Running Forced in session %1 (%1) CSbieView Create New Box Create Box Group Rename Group Remove Group Stop Operations Run Run Program Start Menu Run from Start Menu Default Web Browser Default eMail Client Command Prompt Boxed Tools Command Prompt (as Admin) Command Prompt (32-bit) Windows Explorer Registry Editor Programs and Features Execute Autorun Entries Terminate All Programs Browse Content Box Content Create Shortcut Explore Content Open Registry Refresh Info Snapshots Manager Recover Files Delete Content Sandbox Options Sandbox Presets Ask for UAC Elevation Drop Admin Rights Emulate Admin Rights Block Internet Access Allow Network Shares Immediate Recovery Duplicate Sandbox Rename Sandbox Move Box/Group Move Up Move Down Remove Sandbox Terminate Preset Pin to Run Menu Block and Terminate Allow internet access Force into this sandbox Set Linger Process Set Leader Process File root: %1 Registry root: %1 IPC root: %1 Options: [None] Please enter a new name for the Group. Do you really want to remove the selected group(s)? Move entries by (negative values move up, positive values move down): A group can not be its own parent. Please enter a new group name This name is already used for a Box Group. This name is already used for a Sandbox. Don't show this message again. This Sandbox is empty. WARNING: The opened registry editor is not sandboxed, please be careful and only do changes to the pre-selected sandbox locations. Don't show this warning in future Please enter a new name for the duplicated Sandbox. %1 Copy Please enter a new name for the Sandbox. Do you really want to remove the selected sandbox(es)? Warning: The box content will also be deleted! This Sandbox is already empty. Do you want to delete the content of the selected sandbox? Also delete all Snapshots Do you really want to delete the content of all selected sandboxes? Do you want to terminate all processes in the selected sandbox(es)? Terminate without asking Create Shortcut to sandbox %1 Do you want to %1 %2? the selected processes This box does not have Internet restrictions in place, do you want to enable them? This sandbox is disabled, do you want to enable it? (Host) Start Menu CSelectBoxWindow Sandboxie-Plus - Run Sandboxed Are you sure you want to run the program outside the sandbox? Please select a sandbox. CSettingsWindow Sandboxie Plus - Settings Auto Detection No Translation Don't integrate links As sub group Fully integrate Don't show any icon Show Plus icon Show Classic icon All Boxes Active + Pinned Pinned Only Close to Tray Prompt before Close Close Run &Sandboxed Sandboxed Web Browser This supporter certificate has expired, please <a href="sbie://update/cert">get an updated certificate</a>. This supporter certificate will expire in %1 days, please <a href="sbie://update/cert">get an updated certificate</a>. Run &Un-Sandboxed This does not look like a certificate. Please enter the entire certificate, not just a portion of it. This certificate is unfortunately expired. This certificate is unfortunately outdated. Thank you for supporting the development of Sandboxie-Plus. This support certificate is not valid. Select Directory Please enter the new configuration password. Please re-enter the new configuration password. Passwords did not match, please retry. Process Folder Please enter a program file name CSetupWizard Setup Wizard The decision you make here will affect which page you get to see next. This help is likely not to be of any help. Sorry, I already gave all the help I could. Setup Wizard Help CShellPage Configure Sandboxie-Plus shell integration Configure how Sandboxie-Plus should integrate with your system. Start UI with Windows Add 'Run Sandboxed' to the explorer context menu Add desktop shortcut for starting Web browser under Sandboxie CSnapshotsWindow %1 - Snapshots Snapshot Revert to empty box (default) Please enter a name for the new Snapshot. New Snapshot Do you really want to switch the active snapshot? Doing so will delete the current state! Do you really want to delete the selected snapshot? CTraceModel Process %1 %1 (%2) Unknown Process Type Status Value CTraceView Monitor mode Show as task tree PID: [All] TID: Type: Status: Open Closed Trace Other Show All Boxes Save to file %1 (%2) %1 Save trace log to file Failed to open log file for writing Unknown CUIPage Configure Sandboxie-Plus UI Select the user interface style you prefer. &Advanced UI for experts &Simple UI for beginners Use Bright Mode Use Dark Mode CWFPPage Configure Sandboxie-Plus network filtering Sandboxie can use the Windows Filtering Platform (WFP) to restrict network access. Using WFP allows Sandboxie to reliably enforce IP/Port based rules for network access. Unlike system level application firewalls, Sandboxie can use different rules in each box for the same application. If you already have a good and reliable application firewall and do not need per box rules, you can leave this option unchecked. Without WFP enabled, Sandboxie will still be able to reliably and entirely block processes from accessing the network. However, this can cause the process to crash, as the driver blocks the required network device endpoints. Even with WFP disabled, Sandboxie offers to set IP/Port based rules, however these will be applied in user mode only and not be enforced by the driver. Hence, without WFP enabled, an intentionally malicious process could bypass those rules, but not the entire network block. Enable Windows Filtering Platform (WFP) support FileBrowserWindow SandboxiePlus - Snapshots NewBoxWindow SandboxiePlus new box Sandbox Name: Box Type Preset: A sandbox isolates your host system from processes running within the box, it prevents them from making permanent changes to other programs and data in your computer. The level of isolation impacts your security as well as the compatibility with applications, hence there will be a different level of isolation depending on the selected Box Type. Sandboxie can also protect your personal data from being accessed by processes running under its supervision. Box info OptionsWindow SandboxiePlus Options General Options Box Options Always show this sandbox in the systray list (Pinned) Sandbox Indicator in title: Sandboxed window border: More Box Types are exclusively available to project supporters, the Privacy Enhanced boxes protect user data from illicit access by the sandboxed programs. If you are not yet a supporter, then please consider <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">supporting the project</a>, to receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a>. You can test the other box types by creating new sandboxes of those types, however processes in these will be auto terminated after 5 minutes. Show this box in the 'run in box' selection prompt Box info Box Type Preset: px Width General Configuration Appearance Double click action: File Options Auto delete content when last sandboxed process terminates Copy file size limit: Box Delete options Protect this sandbox from deletion or emptying Raw Disk access File Migration Allow elevated sandboxed applications to read the harddrive Warn when an application opens a harddrive handle kilobytes Issue message 2102 when a file is too large Prompt user for large file migration Security Drop rights from Administrators and Power Users groups (Recommended) Protect the system from sandboxed processes Elevation restrictions Security note: Elevated applications running under the supervision of Sandboxie, with an admin or system token, have more opportunities to bypass isolation and modify the system outside the sandbox. Security Enhancements Use the original Token only for approved NT System Calls Note: Msi Installer Exemptions should not be required, but if you encounter issues installing a msi package which you trust, this option may help the installation complete successfully. You can also try disabling drop admin rights. CAUTION: When running under the built in administrator, processes can not drop administrative privileges. Make applications think they are running elevated (allows to run installers safely) Allow MSIServer to run with a sandboxed system token and apply other exceptions if required Restrict access driver/device access to approved once only Enable all Security Enhancements (make security hardened box) Access Restrictions Open Windows Credentials Store (user mode) Other restrictions Block read access to the clipboard Printing restrictions Prevent change to network and firewall parameters (user mode) Allow to read memory of unsandboxed processes (not recommended) Network restrictions Block access to the printer spooler Allow the print spooler to print to files outside the sandbox Block network files and folders, unless specifically opened. Remove spooler restriction, printers can be installed outside the sandbox Open System Protected Storage Issue message 2111 when a process access is denided Run Menu You can configure custom entries for the sandbox run menu. Name Command Line Add program Remove Program Groups Add Group Add Program You can group programs together and give them a group name. Program groups can be used with some of the settings instead of program names. Groups defined for the box overwrite groups defined in templates. Show Templates Program Control Force Programs Force Program Force Folder Type Path Programs entered here, or programs started from entered locations, will be put in this sandbox automatically, unless they are explicitly started in another sandbox. Breakout Programs Programs entered here will be allowed to break out of this box when thay start, you can capture them into an other box. For example to have your web browser always open in a dedicated box. This feature requires a valid supporter certificate to be installed. Stop Behaviour Remove Program Add Leader Program Add Lingering Program Lingering programs will be automatically terminated if they are still running after all other processes have been terminated. If leader processes are defined, all others are treated as lingering processes. Start Restrictions Issue message 1308 when a program fails to start Allow only selected programs to start in this sandbox. * Prevent selected programs from starting in this sandbox. Allow all programs to start in this sandbox. * Note: Programs installed to this sandbox won't be able to start at all. Internet Restrictions Process Restrictions Issue message 1307 when a program is denied internet access Prompt user whether to allow an exemption from the blockade. Note: Programs installed to this sandbox won't be able to access the internet at all. Access Set network/internet access for unlisted processes: Network Firewall Rules Test Rules, Program: Port: IP: Protocol: X Remove Rule Add Rule Program Action Port IP Protocol CAUTION: Windows Filtering Platform is not enabled with the driver, therefore these rules will be applied only in user mode and can not be enforced!!! This means that malicious applications may bypass them. Resource Access Resource Access Rules Add Wnd Class Configure which processes can access what resources. Double click on an entry to edit it. 'Open' File and Key access only applies to program binaries located outside the sandbox. You can use 'Open for All' instead to make it apply to all programs, or change this behaviour in the Policies tab. Add COM Object Add Reg Key Add IPC Path Add File/Folder Resource Access Policies The rule specificity is a measure to how well a given rule matches a particular path, simply put the specificity is the length of characters from the begin of the path up to and including the last matching non-wildcard substring. A rule which matches only file types like "*.tmp" would have the highest specificity as it would always match the entire file path. The process match level has a higher priority than the specificity and describes how a rule applies to a given process. Rules applying by process name or group have the strongest match level, followed by the match by negation (i.e. rules applying to all processes but the given one), while the lowest match levels have global matches, i.e. rules that apply to any process. Prioritize rules based on their Specificity and Process Match Level Privacy Mode, block file and registry access to all locations except the generic system ones Access Mode When the Privacy Mode is enabled, sandboxed processes will be only able to read C:\Windows\*, C:\Program Files\*, and parts of the HKLM registry, all other locations will need explicit access to be readable and/or writable. In this mode, Rule Specificity is always enabled. Rule Policies Apply Close...=!<program>,... rules also to all binaries located in the sandboxed. Apply File and Key Open directives only to binaries located outside the sandbox. File Recovery Add Folder Ignore Extension Ignore Folder Enable Immediate Recovery prompt to be able to recover files as soon as they are created. You can exclude folders and file types (or file extensions) from Immediate Recovery. When the Quick Recovery function is invoked, the following folders will be checked for sandboxed content. Advanced Options Miscellaneous Emulate sandboxed window station for all processes Drop critical privileges from processes running with a SYSTEM token Add sandboxed processes to job objects (recommended) Do not start sandboxed services using a system token (recommended) Protect sandboxed SYSTEM processes from unprivileged processes Open access to COM infrastructure (not recommended) Allow only privileged processes to access the Service Control Manager Force usage of custom dummy Manifest files (legacy behaviour) (Security Critical) Start the sandboxed RpcSs as a SYSTEM process (not recommended) Don't alter window class names created by sandboxed programs Compatibility Protect the sandbox integrity itself Sandbox isolation COM/RPC Allow use of nested job objects (experimental, works on Windows 8 and later) Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues) Isolation Security Isolation through the usage of a heavily restricted process token is Sandboxie's primary means of enforcing sandbox restrictions, when this is disabled the box is operated in the application compartment mode, i.e. it’s no longer providing reliable security, just simple application compartmentalization. Open access to Windows Local Security Authority Allow sandboxed programs to manage Hardware/Devices Disable Security Isolation (experimental) Various advanced isolation features can break compatibility with some applications. If you are using this sandbox NOT for Security but for simple application portability, by changing these options you can restore compatibility by sacrificing some security. Open access to Windows Security Account Manager Security Isolation & Filtering Disable Security Filtering (not recommended) Security Filtering used by Sandboxie to enforce filesystem and registry access restrictions, as well as to restrict process access. The below options can be used safely when you don't grant admin rights. Access isolation Triggers Event Run Command Start Service These events are executed each time a box is started On Box Start These commands are run UNBOXED just before the box content is deleted On Box Delete These commands are executed only when a box is initialized. To make them run again, the box content must be deleted. On Box Init Here you can specify actions to be executed automatically on various box events. Hide Processes Add Process Hide host processes from processes running in the sandbox. Don't allow sandboxed processes to see processes running in other boxes Users Restrict Resource Access monitor to administrators only Add User Remove User Add user accounts and user groups to the list below to limit use of the sandbox to only those accounts. If the list is empty, the sandbox can be used by all user accounts. Note: Forced Programs and Force Folders settings for a sandbox do not apply to user accounts which cannot use the sandbox. Tracing API call trace (requirers logapi to be installed in the sbie dir) Pipe Trace Log all SetError's to Trace log (creates a lot of output) Log Debug Output to the Trace Log Log all access events as seen by the driver to the resource access log. This options set the event mask to "*" - All access events You can customize the logging using the ini by specifying "A" - Allowed accesses "D" - Denied accesses "I" - Ignore access requests instead of "*". Ntdll syscall Trace (creates a lot of output) File Trace Disable Resource Access Monitor IPC Trace GUI Trace Resource Access Monitor Access Tracing COM Class Trace Key Trace Network Firewall Debug WARNING, these options can disable core security guarantees and break sandbox security!!! These options are intended for debugging compatibility issues, please do not use them in production use. App Templates Compatibility Templates Filter Categories Text Filter Add Template This list contains a large amount of sandbox compatibility enhancing templates Remove Template Category Template Folders Configure the folder locations used by your other applications. Please note that this values are currently user specific and saved globally for all boxes. Value Accessibility To compensate for the lost protection, please consult the Drop Rights settings page in the Restrictions settings group. Screen Readers: JAWS, NVDA, Window-Eyes, System Access The following settings enable the use of Sandboxie in combination with accessibility software. Please note that some measure of Sandboxie protection is necessarily lost when these settings are in effect. Edit ini Section Edit ini Cancel Save PopUpWindow SandboxiePlus Notifications ProgramsDelegate Group: %1 QObject Drive %1 QPlatformTheme OK Apply Cancel &Yes &No RecoveryWindow SandboxiePlus - Recovery Close TextLabel Show All Files Recover target: Recover Add Folder Refresh Delete Content SelectBoxWindow SandboxiePlus select box Select the sandbox in which to start the program, installer or document. Sandbox Run As UAC Administrator Run Sandboxed Run Outside the Sandbox SettingsWindow SandboxiePlus Settings General Config Show Notifications for relevant log Messages Hotkey for terminating all boxed processes: UI Language: Run box operations asynchronously whenever possible (like content deletion) Open urls from this ui sandboxed Show first recovery window when emptying sandboxes General Options Use Dark Theme (fully applied after a restart) Watch Sandboxie.ini for changes Show recoverable files as notifications Count and display the disk space ocupied by each sandbox Shell Integration Show Icon in Systray: Always use DefaultBox Add 'Run Un-Sandboxed' to the context menu Add 'Run Sandboxed' to the explorer context menu Start UI when a sandboxed process is started Start Menu Integration Show a tray notification when automatic box operations are started Run Sandboxed - Actions Scan shell folders and offer links in run menu On main window close: Systray options Start UI with Windows Show boxes in tray list: Start Sandbox Manager Integrate boxes with Host Start Menu Advanced Config Separate user folders Hook selected Win32k system calls to enable GPU acceleration (experimental) Portable root folder Sandbox <a href="sbie://docs/keyrootpath">registry root</a>: Sandboxing features ... Sandbox default Sandbox <a href="sbie://docs/filerootpath">file system root</a>: Activate Kernel Mode Object Filtering Use Windows Filtering Platform to restrict network access Sandbox <a href="sbie://docs/ipcrootpath">ipc root</a>: Use a Sandboxie login instead of an anonymous token (experimental) Program Control Name Path Remove Program Add Program When any of the following programs is launched outside any sandbox, Sandboxie will issue message SBIE1301. Add Folder Prevent the listed programs from starting on this system Issue message 1308 when a program fails to start Config Protection Config protection Clear password when main window becomes hidden Only Administrator user accounts can make changes Only Administrator user accounts can use Pause Forcing Programs command Password must be entered in order to make changes Change Password Compatibility In the future, don't check software compatibility Enable Disable Sandboxie has detected the following software applications in your system. Click OK to apply configuration settings, which will improve compatibility with these applications. These configuration settings will have effect in all existing sandboxes and in any new sandboxes. Edit ini Section Save Edit ini Cancel Support Enter the support certificate here Install updates automatically Supporters of the Sandboxie-Plus project receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a>. It's like a license key but for awesome people using open source software. :-) Keeping Sandboxie up to date with the rolling releases of Windows and compatible with all web browsers is a never-ending endeavor. Please consider supporting this work with a donation. You can support the development with a <a href="https://sandboxie-plus.com/go.php?to=donate">PayPal donation</a>, working also with credit cards. Or you can provide continuous support with a <a href="https://sandboxie-plus.com/go.php?to=patreon">Patreon subscription</a>. This supporter certificate has expired, please <a href="sbie://update/cert">get an updated certificate</a>. Support Settings In the future, don't notify about certificate expiration Check periodically for updates of Sandboxie-Plus Download Updates automatically SnapshotsWindow SandboxiePlus - Snapshots Selected Snapshot Details Description: Name: When deleting a snapshot content, it will be returned to this snapshot instead of none. Default snapshot Snapshot Actions Take Snapshot Remove Snapshot Go to Snapshot