CCertificatePage Install your <b>Sandboxie-Plus</b> support certificate If you have a supporter certificate, please fill it into the field below. Start evaluation without a certificate for a limited period of time. To use <b>Sandboxie-Plus</b> in a business setting, an appropriate <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">support certificate</a> for business use is required. If you do not yet have the required certificate(s), you can get those from the <a href="https://xanasoft.com/shop/">xanasoft.com web shop</a>. <b>Sandboxie-Plus</b> provides additional features and box types exclusively to <u>project supporters</u>. Boxes like the Privacy Enhanced boxes <b><font color='red'>protect user data from illicit access</font></b> by the sandboxed programs. If you are not yet a supporter, then please consider <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">supporting the project</a> to ensure further development of Sandboxie and to receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a>. CCleanUpJob Deleting Content CFileBrowserWindow %1 - Files CFileView Create Shortcut Recover to Any Folder Recover to Same Folder Select Directory Create Shortcut to sandbox %1 CFinishPage Complete your configuration Almost complete, click Finish to apply all selected options and conclude the wizard. Keep Sandboxie-Plus up to date. CIntroPage Introduction Welcome to the Setup Wizard. This wizard will help you to configure your copy of <b>Sandboxie-Plus</b>. You can start this wizard at any time from the Sandbox->Maintenance menu if you do not wish to complete it now. Select how you would like to use Sandboxie-Plus &Personally, for private non-commercial use &Commercially, for business or enterprise use Note: this option is persistent CMonitorModel Type Status Value Count CMultiErrorDialog Sandboxie-Plus - Error Message CNewBoxWindow Sandboxie-Plus - Create New Box New Box Hardened Sandbox with Data Protection Security Hardened Sandbox Sandbox with Data Protection Standard Isolation Sandbox (Default) Application Compartment with Data Protection Application Compartment (NO Isolation) COnDeleteJob OnDelete: %1 COnlineUpdater Checking for updates... server not reachable Failed to check for updates, error: %1 <p>Do you want to go to the <a href="%1">info page</a>?</p> Don't show this announcement in the future. <p>There is a new version of Sandboxie-Plus available.<br /><font color='red'><b>New version:</b></font> <b>%1</b></p> <p>Do you want to download the latest version?</p> <p>Do you want to go to the <a href="%1">download page</a>?</p> Don't show this message anymore. No new updates found, your Sandboxie-Plus is up-to-date. Note: The update check is often behind the latest GitHub release to ensure that only tested updates are offered. Downloading new version... Failed to download update from: %1 <p>A Sandboxie-Plus update has been downloaded to the following location:</p><p><a href="%2">%1</a></p><p>Do you want to begin the installation? If any programs are running sandboxed, they will be terminated.</p> Checking for certificate... No certificate found on server! There is no updated certificate available. COptionsWindow Browse for File Browse for Folder Normal Open Open for All No Rename Closed Closed RT Read Only Box Only (Write Only) Ignore UIPI Unknown File/Folder Registry IPC Path Wnd Class COM Object Select File All Files (*.*) Select Directory All Programs Group: %1 COM objects must be specified by their GUID, like: {00000000-0000-0000-0000-000000000000} RT interfaces must be specified by their name. Opening all IPC access also opens COM access, do you still want to restrict COM to the sandbox? Don't ask in future 'OpenWinClass=program.exe,#' is not supported, use 'NoRenameWinClass=program.exe,*' instead Template values can not be edited. Template values can not be removed. Enable the use of win32 hooks for selected processes. Note: You need to enable win32k syscall hook support globally first. Enable crash dump creation in the sandbox folder Always use ElevateCreateProcess fix, as sometimes applied by the Program Compatibility Assistant. Enable special inconsistent PreferExternalManifest behavioure, as neede for some edge fixes Set RpcMgmtSetComTimeout usage for specific processes Makes a write open call to a file that won't be copied fail instead of turning it read-only. Make specified processes think thay have admin permissions. Force specified processes to wait for a debugger to attach. Sandbox file system root Sandbox registry root Sandbox ipc root Add special option: On Start Run Command Start Service On Init On File Recovery On Delete Content Please enter the command line to be executed Please enter a program file name Deny %1 (%2) Process Folder Select Executable File Executable Files (*.exe) This option requires a valid supporter certificate Supporter exclusive option Don't alter the window title Display [#] indicator only Display box name in title Border disabled Show only when title is in focus Always show Hardened Sandbox with Data Protection Security Hardened Sandbox Sandbox with Data Protection Standard Isolation Sandbox (Default) Application Compartment with Data Protection Application Compartment (NO Isolation) Browse for Program Open Box Options Browse Content Start File Recovery Show Run Dialog kilobytes (%1) Select color Select Program Please enter a service identifier Executables (*.exe *.cmd) Please enter a menu title Please enter a command Please enter a name for the new group Please select group first. Any TCP UDP ICMP Allow access Block using Windows Filtering Platform Block by denying access to Network devices Please enter a domain to be filtered Please enter a SOCKS 5 proxy server IP and Port, <br />use format IP:Port for IPv4 and [IP]:Port for IPv6. Allow Block (WFP) Block (NDev) Block Please enter a file extension to be excluded All Categories Custom Templates Email Reader PDF/Print Security/Privacy Desktop Utilities Download Managers Miscellaneous Web Browser Media Player Torrent Client This template is enabled globally. To configure it, use the global options. Please enter the template identifier Error: %1 Only local templates can be removed! Do you really want to delete the selected local template? Sandboxie Plus - '%1' Options Grouping Search for options Box: %1 Template: %1 Global: %1 Default: %1 This sandbox has been deleted hence configuration can not be saved. Some changes haven't been saved yet, do you really want to close this options window? Enter program: CPopUpMessage ? Visit %1 for a detailed explanation. Dismiss Remove this message from the list Hide all such messages CPopUpProgress Dismiss Remove this progress indicator from the list CPopUpPrompt Remember for this process Yes No Terminate Yes and add to allowed programs Requesting process terminated Request will time out in %1 sec Request timed out CPopUpRecovery Recover to: Browse Clear folder list Recover Recover the file to original location Recover && Explore Recover && Open/Run Open file recovery for this box Dismiss Don't recover this file right now Dismiss all from this box Disable quick recovery until the box restarts Select Directory CPopUpWindow Sandboxie-Plus Notifications Do you want to allow the print spooler to write outside the sandbox for %1 (%2)? Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2? File name: %3 Do you want to allow %1 (%2) access to the internet? Full path: %3 %1 is eligible for quick recovery from %2. The file was written by: %3 an UNKNOWN process. %1 (%2) UNKNOWN Migrating a large file %1 into the sandbox %2, %3 left. Full path: %4 CRecoveryLogWnd Sandboxie-Plus - Recovery Log Time|Box Name|File Path Cleanup Recovery Log The following files were recently recovered and moved out of a sandbox. CRecoveryWindow %1 - File Recovery File Name File Size Full Path Remember target selection Delete everything, including all snapshots Original location Browse for location Clear folder list Select Directory Do you really want to delete %1 selected files? Close until all programs stop in this box Close and Disable Immediate Recovery for this box There are %1 new files available to recover. There are %1 files and %2 folders in the sandbox, occupying %3 of disk space. CSandBox Waiting for folder: %1 Deleting folder: %1 Merging folders: %1 &gt;&gt; %2 Finishing Snapshot Merge... CSandBoxPlus Disabled OPEN Root Access Application Compartment NOT SECURE Reduced Isolation Enhanced Isolation Privacy Enhanced API Log No INet Net Share No Admin Normal CSandMan Sandboxie Manager can not be run sandboxed! Sandboxie-Plus v%1 %1 Directory: %2 Application Installation The evaluation period has expired!!! Reset Columns Copy Cell Copy Row Copy Panel Time|Message Sbie Messages Trace Log Show/Hide &Sandbox WARNING: Sandboxie-Plus.ini in %1 cannot be written to, settings will not be saved. Create New Box Create Box Group Terminate All Processes Pause Forcing Programs &Maintenance Connect Disconnect Stop All &Advanced Install Driver Start Driver Stop Driver Uninstall Driver Install Service Start Service Stop Service Uninstall Service Setup Wizard Uninstall All Disable Message Popup Is Window Sandboxed? Exit &View Simple View Advanced View Always on Top Show Hidden Boxes Show All Sessions Show File Panel Refresh View Clean Up Cleanup Processes Cleanup Message Log Cleanup Trace Log Keep terminated &Options Global Settings Reset all hidden messages Reset all GUI options Edit ini file Reload ini file Trace Logging Vintage View (like SbieCtrl) &Help Support Sandboxie-Plus with a Donation Visit Support Forum Online Documentation Check for Updates About the Qt Framework About Sandboxie-Plus Disable File Recovery Cleanup Recovery Log &File Resource Access Monitor Programs Files and Folders Create New Sandbox Create New Group Set Container Folder Set Layout and Groups Reveal Hidden Boxes &Configure Program Alerts Windows Shell Integration Software Compatibility Lock Configuration Sandbox %1 Cleanup Click to install update <a href="https://sandboxie-plus.com/go.php?to=patreon">Support Sandboxie-Plus on Patreon</a> Click to open web browser Time|Box Name|File Path Recovery Log Do you want to close Sandboxie Manager? Sandboxie-Plus was running in portable mode, now it has to clean up the created services. This will prompt for administrative privileges. Do you want to do the clean up? Don't show this message again. This box provides enhanced security isolation, it is suitable to test untrusted software. This box provides standard isolation, it is suitable to run your software to enhance security. This box does not enforce isolation, it is intended to be used as an application compartment for software virtualization only. This box prevents access to all user data locations, except explicitly granted in the Resource Access options. Unknown operation '%1' requested via command line - Driver/Service NOT Running! - Deleting Sandbox Content Executing OnBoxDelete: %1 Auto Deleting %1 Content Auto deleting content of %1 Sandboxie-Plus Version: %1 (%2) Current Config: %1 Data Directory: %1 for Personal use - for Non-Commercial use ONLY Please enter the duration, in seconds, for disabling Forced Programs rules. Sandboxie-Plus - Error Failed to stop all Sandboxie components Failed to start required Sandboxie components Failed to copy box data files Failed to remove old box data files Do you want to check if there is a new version of Sandboxie-Plus? <a href="sbie://update/package" style="color: red;">There is a new build of Sandboxie-Plus ready</a> <a href="sbie://update/check" style="color: red;">There is a new build of Sandboxie-Plus available</a> Click to download update No Force Process Some compatibility templates (%1) are missing, probably deleted, do you want to remove them from all boxes? Cleaned up removed templates... Removed Shortcut: %1 Added Shortcut to: %1 Sandboxie-Plus was started in portable mode, do you want to put the Sandbox folder into its parent directory? Yes will choose: %1 No will choose: %2 Default sandbox not found; creating: %1 - NOT connected The program %1 started in box %2 will be terminated in 5 minutes because the box was configured to use features exclusively available to project supporters. The box %1 is configured to use features exclusively available to project supporters, these presets will be ignored. <br /><a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">Become a project supporter</a>, and receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a> PID %1: %1 (%2): The selected feature set is only available to project supporters. Processes started in a box with this feature set enabled without a supporter certificate will be terminated after 5 minutes.<br /><a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">Become a project supporter</a>, and receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a> Recovering file %1 to %2 The file %1 already exists, do you want to overwrite it? Do this for all files! Failed to recover some files: Only Administrators can change the config. Please enter the configuration password. Login Failed: %1 Do you want to terminate all processes in all sandboxes? Terminate all without asking No Recovery No Messages Sandboxie-Plus was started in portable mode and it needs to create necessary services. This will prompt for administrative privileges. CAUTION: Another agent (probably SbieCtrl.exe) is already managing this Sandboxie session, please close it first and reconnect to take over. Maintenance operation failed (%1) Maintenance operation completed Executing maintenance operation, please wait... In the Plus UI, this functionality has been integrated into the main sandbox list view. Using the box/group context menu, you can move boxes and groups to other groups. You can also use drag and drop to move the items around. Alternatively, you can also use the arrow keys while holding ALT down to move items up and down within their group.<br />You can create new boxes and groups from the Sandbox menu. Do you also want to reset hidden message boxes (yes), or only all log messages (no)? The changes will be applied automatically whenever the file gets saved. The changes will be applied automatically as soon as the editor is closed. Sandboxie config has been reloaded Error Status: 0x%1 (%2) Unknown Administrator rights are required for this operation. Failed to execute: %1 Failed to connect to the driver Failed to communicate with Sandboxie Service: %1 An incompatible Sandboxie %1 was found. Compatible versions: %2 Can't find Sandboxie installation path. Failed to copy configuration from sandbox %1: %2 A sandbox of the name %1 already exists Failed to delete sandbox %1: %2 The sandbox name can not be longer than 32 characters. The sandbox name can not be a device name. The sandbox name can contain only letters, digits and underscores which are displayed as spaces. Failed to terminate all processes Delete protection is enabled for the sandbox All sandbox processes must be stopped before the box content can be deleted Error deleting sandbox folder: %1 A sandbox must be emptied before it can be deleted. Failed to move directory '%1' to '%2' This Snapshot operation can not be performed while processes are still running in the box. Failed to create directory for new snapshot Snapshot not found Error merging snapshot directories '%1' with '%2', the snapshot has not been fully merged. Failed to remove old snapshot directory '%1' Can't remove a snapshot that is shared by multiple later snapshots You are not authorized to update configuration in section '%1' Failed to set configuration setting %1 in section %2: %3 Can not create snapshot of an empty sandbox A sandbox with that name already exists The config password must not be longer than 64 characters The operation was canceled by the user Unknown Error Status: 0x%1 Operation failed for %1 item(s). Do you want to open %1 in a sandboxed (yes) or unsandboxed (no) Web browser? Remember choice for later. <h3>About Sandboxie-Plus</h3><p>Version %1</p><p>Copyright (c) 2020-2022 by DavidXanatos</p> This copy of Sandboxie+ is certified for: %1 Sandboxie+ is free for personal and non-commercial use. Sandboxie-Plus is an open source continuation of Sandboxie.<br />Visit <a href="https://sandboxie-plus.com">sandboxie-plus.com</a> for more information.<br /><br />%3<br /><br />Driver version: %1<br />Features: %2<br /><br />Icons from <a href="https://icons8.com">icons8.com</a> The supporter certificate is not valid for this build, please get an updated certificate The supporter certificate has expired%1, please get an updated certificate , but it remains valid for the current build The supporter certificate will expire in %1 days, please get an updated certificate The selected window is running as part of program %1 in sandbox %2 The selected window is not running as part of any sandboxed program. Drag the Finder Tool over a window to select it, then release the mouse to check if the window is sandboxed. Sandboxie-Plus - Window Finder CSbieModel Box Group Empty Name Process ID Status Title Info Path / Command Line CSbieProcess Sbie RpcSs Sbie DcomLaunch Sbie Crypto Sbie WuauServ Sbie BITS Sbie Svc MSI Installer Trusted Installer Windows Update Windows Explorer Internet Explorer Firefox Windows Media Player Winamp KMPlayer Windows Live Mail Service Model Reg RunDll32 DllHost Windows Ink Services Chromium Based Google Updater Acrobat Reader MS Outlook MS Excel Flash Player Firefox Plugin Container Generic Web Browser Generic Mail Client Thunderbird Terminated Running Forced in session %1 (%1) CSbieView Create New Box Create Box Group Rename Group Remove Group Stop Operations Run Run Program Run from Start Menu Default Web Browser Default eMail Client Command Prompt Boxed Tools Command Prompt (as Admin) Command Prompt (32-bit) Windows Explorer Registry Editor Programs and Features Execute Autorun Entries Terminate All Programs Browse Files Move Sandbox Browse Content Box Content Refresh Info Create Shortcut Explore Content Open Registry Snapshots Manager Recover Files (Host) Start Menu Delete Content Sandbox Options Sandbox Presets Ask for UAC Elevation Drop Admin Rights Emulate Admin Rights Block Internet Access Allow Network Shares Rename Sandbox Move Up Move Down Remove Sandbox Terminate Preset Pin to Run Menu Block and Terminate Allow internet access Force into this sandbox Set Linger Process Set Leader Process Run Sandboxed Run Web Browser Run eMail Reader Run Any Program Run From Start Menu Run Windows Explorer Terminate Programs Quick Recover Sandbox Settings Duplicate Sandbox Config Move Group File root: %1 Registry root: %1 IPC root: %1 Options: [None] Please enter a new name for the Group. Do you really want to remove the selected group(s)? Move entries by (negative values move up, positive values move down): A group can not be its own parent. Please enter a new group name The Sandbox name and Box Group name cannot use the ',()' symbol. This name is already used for a Box Group. This name is already used for a Sandbox. Don't show this message again. This Sandbox is empty. WARNING: The opened registry editor is not sandboxed, please be careful and only do changes to the pre-selected sandbox locations. Don't show this warning in future Please enter a new name for the duplicated Sandbox. %1 Copy The Sandboxie Start Menu will now be displayed. Select an application from the menu, and Sandboxie will create a new shortcut icon on your real desktop, which you can use to invoke the selected application under the supervision of Sandboxie. Please enter a new name for the Sandbox. Do you really want to remove the selected sandbox(es)?<br /><br />Warning: The box content will also be deleted! Also delete all Snapshots Do you really want to delete the content of all selected sandboxes? This Sandbox is already empty. Immediate Recovery Sandbox Tools Duplicate Box Config Do you want to delete the content of the selected sandbox? Do you want to terminate all processes in the selected sandbox(es)? Terminate without asking Create Shortcut to sandbox %1 Do you want to %1 %2? the selected processes This box does not have Internet restrictions in place, do you want to enable them? This sandbox is disabled, do you want to enable it? CSelectBoxWindow Sandboxie-Plus - Run Sandboxed Are you sure you want to run the program outside the sandbox? Please select a sandbox. CSettingsWindow Auto Detection No Translation Sandboxie Plus - Global Settings Advanced Config Sandbox Config Config Protection Don't integrate links As sub group Fully integrate Don't show any icon Show Plus icon Show Classic icon All Boxes Active + Pinned Pinned Only None Native Qt %1 %1 % Search for settings Run &Sandboxed Sandboxed Web Browser This supporter certificate has expired, please <a href="sbie://update/cert">get an updated certificate</a>. This supporter certificate will <font color='red'>expire in %1 days</font>, please <a href="sbie://update/cert">get an updated certificate</a>. Run &Un-Sandboxed This does not look like a certificate. Please enter the entire certificate, not just a portion of it. This certificate is unfortunately expired. This certificate is unfortunately outdated. Thank you for supporting the development of Sandboxie-Plus. This support certificate is not valid. Select Directory <a href="check">Check Now</a> Please enter the new configuration password. Please re-enter the new configuration password. Passwords did not match, please retry. Process Folder Please enter a program file name %1 (Current) <a href="0">%1</a> <a href="1">%1</a> Do you want to download the version %1? CSetupWizard Setup Wizard The decision you make here will affect which page you get to see next. This help is likely not to be of any help. Sorry, I already gave all the help I could. Setup Wizard Help CShellPage Configure <b>Sandboxie-Plus</b> shell integration Configure how Sandboxie-Plus should integrate with your system. Start UI with Windows Add 'Run Sandboxed' to the explorer context menu Add desktop shortcut for starting Web browser under Sandboxie CSnapshotsWindow %1 - Snapshots Snapshot Revert to empty box (default) Please enter a name for the new Snapshot. New Snapshot Do you really want to switch the active snapshot? Doing so will delete the current state! Do you really want to delete the selected snapshot? CSupportDialog The installed supporter certificate <b>has expired %1 days ago</b> and <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">must be renewed</a>.<br /><br /> <b>You have installed Sandboxie-Plus more than %1 days ago.</b><br /><br /> <u>Commercial use of Sandboxie past the evaluation period</u>, requires a valid <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">support certificate</a>. The installed supporter certificate is <b>outdated</b> and it is <u>not valid for<b> this version</b></u> of Sandboxie-Plus.<br /><br /> The installed supporter certificate is <b>expired</b> and <u>should be renewed</u>.<br /><br /> <b>You have been using Sandboxie-Plus for more than %1 days now.</b><br /><br /> Sandboxie on ARM64 requires a valid supporter certificate for continued use.<br /><br /> Personal use of Sandboxie is free of charge on x86/x64, although some functionality is only available to project supporters.<br /><br /> Please continue <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">supporting the project</a> by renewing your <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a> and continue using the <b>enhanced functionality</b> in new builds. Sandboxie <u>without</u> a valid supporter certificate will sometimes <b><font color='red'>pause for a few seconds</font></b>, to give you time to contemplate the option of <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">supporting the project</a>.<br /><br />A <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a> not just removes this reminder, but also enables <b>exclusive enhanced functionality</b> providing better security and compatibility. Sandboxie-Plus - Support Reminder %1 Quit Continue Get Certificate Enter Certificate CTraceModel Unknown %1 (%2) Process %1 Process Type Status Value CTraceView Monitor mode Show as task tree PID: [All] TID: Type: Status: Open Closed Trace Other Show All Boxes Save to file Cleanup Trace Log %1 (%2) %1 Save trace log to file Failed to open log file for writing Unknown CTraceWindow Sandboxie-Plus - Trace Monitor CUIPage Configure <b>Sandboxie-Plus</b> UI Select the user interface style you prefer. &Advanced UI for experts &Simple UI for beginners &Vintage SbieCtrl.exe UI Use Bright Mode Use Dark Mode CWFPPage Configure <b>Sandboxie-Plus</b> network filtering Sandboxie can use the Windows Filtering Platform (WFP) to restrict network access. Using WFP allows Sandboxie to reliably enforce IP/Port based rules for network access. Unlike system level application firewalls, Sandboxie can use different rules in each box for the same application. If you already have a good and reliable application firewall and do not need per box rules, you can leave this option unchecked. Without WFP enabled, Sandboxie will still be able to reliably and entirely block processes from accessing the network. However, this can cause the process to crash, as the driver blocks the required network device endpoints. Even with WFP disabled, Sandboxie offers to set IP/Port based rules, however these will be applied in user mode only and not be enforced by the driver. Hence, without WFP enabled, an intentionally malicious process could bypass those rules, but not the entire network block. Enable Windows Filtering Platform (WFP) support NewBoxWindow SandboxiePlus new box Sandbox Name: Box Type Preset: A sandbox isolates your host system from processes running within the box, it prevents them from making permanent changes to other programs and data in your computer. The level of isolation impacts your security as well as the compatibility with applications, hence there will be a different level of isolation depending on the selected Box Type. Sandboxie can also protect your personal data from being accessed by processes running under its supervision. Box info OptionsWindow SandboxiePlus Options General Options Box Options Appearance General Configuration Box Type Preset: Sandbox Indicator in title: px Width Sandboxed window border: Box info Show this box in the 'run in box' selection prompt <b>More Box Types</b> are exclusively available to <u>project supporters</u>, the Privacy Enhanced boxes <b><font color='red'>protect user data from illicit access</font></b> by the sandboxed programs.<br />If you are not yet a supporter, then please consider <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">supporting the project</a>, to receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">supporter certificate</a>.<br />You can test the other box types by creating new sandboxes of those types, however processes in these will be auto terminated after 5 minutes. Always show this sandbox in the systray list (Pinned) File Options Auto delete content when last sandboxed process terminates Copy file size limit: Box Delete options Protect this sandbox from deletion or emptying Raw Disk access File Migration Allow elevated sandboxed applications to read the harddrive Warn when an application opens a harddrive handle kilobytes Issue message 2102 when a file is too large Prompt user for large file migration (Recommended) Protect the system from sandboxed processes Elevation restrictions CAUTION: When running under the built in administrator, processes can not drop administrative privileges. Make applications think they are running elevated (allows to run installers safely) Note: Msi Installer Exemptions should not be required, but if you encounter issues installing a msi package which you trust, this option may help the installation complete successfully. You can also try disabling drop admin rights. Security note: Elevated applications running under the supervision of Sandboxie, with an admin or system token, have more opportunities to bypass isolation and modify the system outside the sandbox. Drop rights from Administrators and Power Users groups Allow MSIServer to run with a sandboxed system token and apply other exceptions if required Open Windows Credentials Store (user mode) Allow the print spooler to print to files outside the sandbox Remove spooler restriction, printers can be installed outside the sandbox Block read access to the clipboard Open System Protected Storage Block access to the printer spooler Other restrictions Printing restrictions Network restrictions Block network files and folders, unless specifically opened. Prevent change to network and firewall parameters (user mode) Run Menu You can configure custom entries for the sandbox run menu. Name Command Line Add program Remove Type Program Groups Double click action: Separate user folders Box Structure Security Options Security Hardening Various Restrictions Allow to read memory of unsandboxed processes (not recommended) Issue message 2111 when a process access is denied Security Isolation Adcanced Security Use a Sandboxie login instead of an anonymous token (experimental) Other isolation Privilege isolation Sandboxie token Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens. Add Group Add Program You can group programs together and give them a group name. Program groups can be used with some of the settings instead of program names. Groups defined for the box overwrite groups defined in templates. Show Templates Force Folder Path Force Program Programs entered here, or programs started from entered locations, will be put in this sandbox automatically, unless they are explicitly started in another sandbox. Stop Behaviour Start Restrictions Issue message 1308 when a program fails to start Allow only selected programs to start in this sandbox. * Prevent selected programs from starting in this sandbox. Allow all programs to start in this sandbox. * Note: Programs installed to this sandbox won't be able to start at all. Process Restrictions Issue message 1307 when a program is denied internet access Prompt user whether to allow an exemption from the blockade. Note: Programs installed to this sandbox won't be able to access the internet at all. Access Set network/internet access for unlisted processes: Test Rules, Program: Port: IP: Protocol: X Add Rule Program Program Control Force Programs Breakout Programs Programs entered here will be allowed to break out of this box when thay start, you can capture them into an other box. For example to have your web browser always open in a dedicated box. This feature requires a valid supporter certificate to be installed. Lingering Programs Lingering programs will be automatically terminated if they are still running after all other processes have been terminated. Leader Programs If leader processes are defined, all others are treated as lingering processes. Files Configure which processes can access Files, Folders and Pipes. 'Open' access only applies to program binaries located outside the sandbox, you can use 'Open for All' instead to make it apply to all programs, or change this behavior in the Policies tab. Registry Configure which processes can access the Registry. 'Open' access only applies to program binaries located outside the sandbox, you can use 'Open for All' instead to make it apply to all programs, or change this behavior in the Policies tab. IPC Configure which processes can access NT IPC objects like ALPC ports and other processes memory and context. To specify a process use '$:program.exe' as path. Wnd Wnd Class Configure which processes can access Desktop objects like Windows and alike. COM Class Id Configure which processes can access COM objects. Don't use virtualized COM, Open access to hosts COM infrastructure (not recommended) Access Policies Apply Close...=!<program>,... rules also to all binaries located in the sandbox. Network Options Action Port IP Protocol CAUTION: Windows Filtering Platform is not enabled with the driver, therefore these rules will be applied only in user mode and can not be enforced!!! This means that malicious applications may bypass them. Resource Access Add Wnd Class Add COM Object Add Reg Key Add IPC Path Add File/Folder The rule specificity is a measure to how well a given rule matches a particular path, simply put the specificity is the length of characters from the begin of the path up to and including the last matching non-wildcard substring. A rule which matches only file types like "*.tmp" would have the highest specificity as it would always match the entire file path. The process match level has a higher priority than the specificity and describes how a rule applies to a given process. Rules applying by process name or group have the strongest match level, followed by the match by negation (i.e. rules applying to all processes but the given one), while the lowest match levels have global matches, i.e. rules that apply to any process. Prioritize rules based on their Specificity and Process Match Level Privacy Mode, block file and registry access to all locations except the generic system ones Access Mode When the Privacy Mode is enabled, sandboxed processes will be only able to read C:\Windows\*, C:\Program Files\*, and parts of the HKLM registry, all other locations will need explicit access to be readable and/or writable. In this mode, Rule Specificity is always enabled. Rule Policies Apply File and Key Open directives only to binaries located outside the sandbox. File Recovery Add Folder Ignore Extension Ignore Folder Enable Immediate Recovery prompt to be able to recover files as soon as they are created. You can exclude folders and file types (or file extensions) from Immediate Recovery. When the Quick Recovery function is invoked, the following folders will be checked for sandboxed content. Allow use of nested job objects (works on Windows 8 and later) Advanced Options Security enhancements Use the original token only for approved NT system calls Restrict driver/device access to only approved ones Enable all security enhancements (make security hardened box) Miscellaneous Emulate sandboxed window station for all processes Drop critical privileges from processes running with a SYSTEM token Add sandboxed processes to job objects (recommended) Do not start sandboxed services using a system token (recommended) Protect sandboxed SYSTEM processes from unprivileged processes Allow only privileged processes to access the Service Control Manager Force usage of custom dummy Manifest files (legacy behaviour) (Security Critical) Start the sandboxed RpcSs as a SYSTEM process (not recommended) Don't alter window class names created by sandboxed programs Compatibility Protect the sandbox integrity itself Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues) Security Isolation through the usage of a heavily restricted process token is Sandboxie's primary means of enforcing sandbox restrictions, when this is disabled the box is operated in the application compartment mode, i.e. it’s no longer providing reliable security, just simple application compartmentalization. Open access to Windows Local Security Authority Allow sandboxed programs to manage Hardware/Devices Disable Security Isolation (experimental) Various advanced isolation features can break compatibility with some applications. If you are using this sandbox <b>NOT for Security</b> but for simple application portability, by changing these options you can restore compatibility by sacrificing some security. Open access to Windows Security Account Manager Security Isolation & Filtering Disable Security Filtering (not recommended) Security Filtering used by Sandboxie to enforce filesystem and registry access restrictions, as well as to restrict process access. The below options can be used safely when you don't grant admin rights. Access isolation Triggers Event Run Command Start Service These events are executed each time a box is started On Box Start These commands are run UNBOXED just before the box content is deleted These commands are executed only when a box is initialized. To make them run again, the box content must be deleted. On Box Init Here you can specify actions to be executed automatically on various box events. Hide Processes Add Process Hide host processes from processes running in the sandbox. Don't allow sandboxed processes to see processes running in other boxes Users Restrict Resource Access monitor to administrators only Add User Add user accounts and user groups to the list below to limit use of the sandbox to only those accounts. If the list is empty, the sandbox can be used by all user accounts. Note: Forced Programs and Force Folders settings for a sandbox do not apply to user accounts which cannot use the sandbox. Tracing Pipe Trace Log all SetError's to Trace log (creates a lot of output) Log Debug Output to the Trace Log Log all access events as seen by the driver to the resource access log. This options set the event mask to "*" - All access events You can customize the logging using the ini by specifying "A" - Allowed accesses "D" - Denied accesses "I" - Ignore access requests instead of "*". Ntdll syscall Trace (creates a lot of output) File Trace Disable Resource Access Monitor IPC Trace GUI Trace Resource Access Monitor Access Tracing COM Class Trace Key Trace Network Firewall Debug WARNING, these options can disable core security guarantees and break sandbox security!!! These options are intended for debugging compatibility issues, please do not use them in production use. App Templates Filter Categories Text Filter Add Template This list contains a large amount of sandbox compatibility enhancing templates Category Template Folders Configure the folder locations used by your other applications. Please note that this values are currently user specific and saved globally for all boxes. Value Accessibility To compensate for the lost protection, please consult the Drop Rights settings page in the Restrictions settings group. Screen Readers: JAWS, NVDA, Window-Eyes, System Access DNS Filter Add Filter With the DNS filter individual domains can be blocked, on a per process basis. Leave the IP column empty to block or enter an ip to redirect. Domain Internet Proxy Add Proxy Sandboxed programs can be forced to use a preset socks5 proxy. Proxy Quick Recovery Immediate Recovery Various Options This command will be run before the box content will be deleted On File Recovery This command will be run before a file is being recoverd and the file path will be passed as the first argument, if this command return something other than 0 the recovery will be blocked Run File Checker On Delete Content Protect processes in this box from being accessed by specified unsandboxed host processes. Process Block also read access to processes in this sandbox Add Option Here you can configure advanced per process options to improve compatibility and/or customize sand boxing behavior. Option API call trace (requires LogAPI to be installed in the Sbie directory) Dns Request Logging Templates The following settings enable the use of Sandboxie in combination with accessibility software. Please note that some measure of Sandboxie protection is necessarily lost when these settings are in effect. Edit ini Section Edit ini Cancel Save PopUpWindow SandboxiePlus Notifications ProgramsDelegate Group: %1 QObject Drive %1 QPlatformTheme OK Apply Cancel &Yes &No RecoveryWindow SandboxiePlus - Recovery Delete Close TextLabel Show All Files Recover target: Recover Add Folder Refresh Delete Content SelectBoxWindow SandboxiePlus select box Select the sandbox in which to start the program, installer or document. Sandbox Run As UAC Administrator Run Sandboxed Run Outside the Sandbox SettingsWindow SandboxiePlus Settings General Config Open urls from this ui sandboxed Show Notifications for relevant log Messages Systray options Watch Sandboxie.ini for changes Hotkey for terminating all boxed processes: Show recoverable files as notifications Show first recovery window when emptying sandboxes UI Language: Show Icon in Systray: Shell Integration Run Sandboxed - Actions Start UI with Windows Always use DefaultBox Start Sandbox Manager Start UI when a sandboxed process is started Run box operations asynchronously whenever possible (like content deletion) General Options Add 'Run Sandboxed' to the explorer context menu Show boxes in tray list: Add 'Run Un-Sandboxed' to the context menu Show a tray notification when automatic box operations are started Advanced Config Portable root folder Use Windows Filtering Platform to restrict network access Separate user folders ... Sandbox <a href="sbie://docs/ipcrootpath">ipc root</a>: Sandbox default Sandboxing features Sandbox <a href="sbie://docs/keyrootpath">registry root</a>: Sandbox <a href="sbie://docs/filerootpath">file system root</a>: Hook selected Win32k system calls to enable GPU acceleration (experimental) Use Compact Box List Interface Config Make Box Icons match the Border Color Use a Page Tree in the Box Options instead of Nested Tabs * Interface Options Use large icons in box list * High DPI Scaling Don't show icons in menus * Use Dark Theme Font Scaling Show the Recovery Window as Always on Top % (Restart required) Alternate row background in lists Use a Sandboxie login instead of an anonymous token (experimental) Name Path Remove Program Add Program When any of the following programs is launched outside any sandbox, Sandboxie will issue message SBIE1301. Add Folder Prevent the listed programs from starting on this system Issue message 1308 when a program fails to start Recovery Options Count and display the disk space occupied by each sandbox Start Menu Integration Integrate boxes with Host Start Menu Scan shell folders and offer links in run menu Show "Pizza" Background in box list * * a partially checked checkbox will leave the behavior to be determined by the view mode. Use Fusion Theme Use new config dialog layout * Program Alerts Issue message 1301 when forced processes has been disabled Config Protection Config protection Clear password when main window becomes hidden Only Administrator user accounts can make changes Only Administrator user accounts can use Pause Forcing Programs command In the future, don't notify about certificate expiration Keeping Sandboxie up to date with the rolling releases of Windows and compatible with all web browsers is a never-ending endeavor. Please consider supporting this work with a donation.<br />You can support the development with a <a href="https://sandboxie-plus.com/go.php?to=sbie-cert">PayPal donation</a>, working also with credit cards.<br />Or you can provide continuous support with a <a href="https://sandboxie-plus.com/go.php?to=patreon">Patreon subscription</a>. Search in the Preview channel Supporters of the Sandboxie-Plus project can receive a <a href="https://sandboxie-plus.com/go.php?to=sbie-get-cert">supporter certificate</a>. It's like a license key but for awesome people using open source software. :-) Download Updates automatically Password must be entered in order to make changes Change Password Compatibility In the future, don't check software compatibility Enable Disable Sandboxie has detected the following software applications in your system. Click OK to apply configuration settings, which will improve compatibility with these applications. These configuration settings will have effect in all existing sandboxes and in any new sandboxes. Edit ini Section Save Edit ini Cancel Support Search in the Release channel Install updates automatically This supporter certificate has expired, please <a href="sbie://update/cert">get an updated certificate</a>. Check periodically for updates of Sandboxie-Plus Enter the support certificate here Activate Kernel Mode Object Filtering Support Settings SnapshotsWindow SandboxiePlus - Snapshots Selected Snapshot Details Name: Description: When deleting a snapshot content, it will be returned to this snapshot instead of none. Default snapshot Snapshot Actions Remove Snapshot Go to Snapshot Take Snapshot