Sandboxie sandboxie-plus.com
winget install --id=Sandboxie.Classic -e Sandboxie is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. It is developed by David Xanatos since it became open source, before that it was developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur). It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. Such an isolated virtual environment allows controlled testing of untrusted programs and web surfing.
Sandboxie is a sandbox-based isolation software designed to create an isolated operating environment for running applications without permanently modifying the host system or its resources. It allows users to execute untrusted programs, test software, and surf the web in a secure and controlled manner.
Key Features:
- Unlimited Sandboxes: Create as many sandboxes as needed to isolate processes from each other and the host system.
- Isolation of Processes: Applications run within sandboxes are prevented from modifying local drives, mapped drives, or the Windows registry.
- Network Firewall Per Sandbox: Each sandbox can be configured with its own network firewall using the Windows Filtering Platform (WFP).
- Snapshot Manager: Capture and restore snapshots of sandboxes to easily revert to a previous state when needed.
- Customizable Security Settings: Adjust settings to block access to specific Windows components, limit process counts, or restrict syscalls.
Audience & Benefit:
Ideal for developers, IT professionals, security researchers, and everyday users who need to test untrusted software or surf the web securely. Sandboxie provides a robust layer of protection against potential system modifications or data breaches caused by malicious or unstable applications.
Available as open-source software, it can be installed via winget, ensuring easy integration into your workflow.
README
Sandboxie Plus / Classic
EN | 中文
| System requirements | Release notes | Contribution guidelines | Security policy | Code of Conduct |
|---|---|---|---|---|
| Windows 7 or higher, 32-bit or 64-bit. | CHANGELOG.md | CONTRIBUTING.md | SECURITY.md | CODE_OF_CONDUCT.md |
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the Windows registry. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.
Sandboxie allows you to create virtually unlimited sandboxes and run them alone or simultaneously to isolate programs from the host and each other, while also allowing you to run as many programs simultaneously in a single box as you wish.
Note: This is a community fork that took place after the release of the Sandboxie source code and not the official continuation of the previous development (see the project history and #2926).
⏬ Download
✨ Changelog
🚀 Features
Sandboxie is available in two editions, Plus and Classic. They both share the same core components, this means they have the same level of security and compatibility. What's different is the availability of features in the user interface.
Sandboxie Plus has a modern Qt-based UI, which supports all new features that have been added since the project went open source:
- Snapshot Manager - takes a copy of any box in order to be restored when needed
- Maintenance menu - allows to uninstall/install/start/stop Sandboxie driver and service when needed
- Portable mode - you can run the installer and choose to extract all files to a directory
- Additional UI options to block access to Windows components like printer spooler and clipboard
- More customization options for Start/Run and Internet access restrictions
- Privacy mode sandboxes that protect user data from illegitimate access
- Security enhanced sandboxes that restrict the availability of syscalls and endpoints
- Global hotkeys to suspend or terminate all boxed processes
- A network firewall per sandbox which supports Windows Filtering Platform (WFP)
- The list of sandboxes can be searched with the shortcut key Ctrl+F
- A search function for Global Settings and Sandbox Options
- Ability to import/export sandboxes to and from 7z files
- Integration of sandboxes into the Windows Start menu
- A browser compatibility wizard to create templates for unsupported browsers
- Vintage View mode to reproduce the graphical appearance of Sandboxie Control
- A troubleshooting wizard to assist users with their problems
- An Add-on manager to extend or add functionality via additional components
- Protections of sandboxes against the host, including the prevention of taking screenshots
- A trigger system to perform actions, when a sandbox goes through different stages, like initialization, box start, termination or file recovery
- Make a process not sandboxed, but its child processes sandboxed
- Sandboxing as a unit of control to force programs to automatically use the SOCKS5 proxy
- DNS resolution control with sandboxing as control granularity
- Limit the number of processes in the sandbox and the total amount of memory space they can occupy, and You can limit the total number of sandboxed processes per box
- A completely different token creation mechanism from Sandboxie's pre-open-source version makes sandboxes more independent in the system
- Encrypted Sandbox - an AES-based reliable data storage solution
- Prevent sandboxed programs from generating unnecessary unique identifier in the normal way
More features can be spotted by finding the sign = through the shortcut key Ctrl+F in the CHANGELOG.md file.
Sandboxie Classic has the old no longer developed MFC-based UI, hence it lacks native interface support for Plus features. Although some of the missing features can be configured manually in the Sandboxie.ini configuration file or even replaced with custom scripts, the Classic edition is not recommended for users who want to explore the latest security options.
📚 Documentation
A GitHub copy of the Sandboxie documentation is currently maintained, although more volunteers are needed to keep it updated with the new changes. It is recommended to also check the following labels to track current issues: Labels · sandboxie-plus/Sandboxie.
A partial archive of the old Sandboxie forum that was previously maintained by Invincea is still available. If you need to find something specific, it is possible to use the following search query: site:https://sandboxie-website-archive.github.io/www.sandboxie.com/old-forums/.
🚀 Useful tools for Sandboxie
Sandboxie's functionality can be enhanced with specialized tools like the following:
- LogApiDll - adds a verbose output to Sandboxie's trace log, listing invocations of relevant Windows API functions
- SbieHide - attempts to hide the presence of SbieDll.dll from the application being sandboxed
- SandboxToys2 - allows to monitor files and registry changes in a sandbox
- Sbiextra - adds additional user mode restrictions to sandboxed processes
- WrapLocale - provide more flexible locale pretending options than native LangId feature
📌 Project history
| Timeline | Maintainer |
|---|---|
| 2004 - 2013 | Ronen Tzur |
| 2013 - 2017 | Invincea Inc. |
| 2017 - 2020 | Sophos Group plc |
| 8 April 2020 - open-source code | Sophos Ltd. |
| 9 April 2020 onwards - project fork | David Xanatos |
Looking for older Sandboxie versions? Check the version history.
See the current roadmap.
📌 Project support / sponsorship
Thank you Vector 35 for providing a Binary Ninja license to help with reverse engineering.
Binary Ninja is a multi-platform interactive disassembler, decompiler, and binary analysis tool for reverse engineers, malware analysts, vulnerability researchers, and software developers.
Thank you Icons8 for providing icons for the project.
🤝 Support the project
If you find Sandboxie useful, then feel free to contribute through our Contribution guidelines.
📑 Helpful Contributors
- DavidBerdik - Maintainer of Sandboxie Website Archive
- Jackenmen - Maintainer of Chocolatey packages for Sandboxie (support)
- vedantmgoyal9 - Maintainer of Winget Releaser for Sandboxie (support)
- blap - Maintainer of SandboxToys2 addon
- diversenok - Security analysis & PoCs / Security fixes
- TechLord - Team-IRA / Reversing
- hg421 - Security analysis & PoCs / Code reviews
- hx1997 - Security analysis & PoC
- mpheath - Author of Plus installer / Code fixes / Collaborator
- offhub - Documentation additions / Code fixes / Qt5 patch and build script / Collaborator
- LumitoLuma - Qt5 patch and build script
- QZLin - Author of sandboxie-docs theme
- isaak654 - Templates / Documentation / Code fixes / Collaborator
- typpos - UI additions / Documentation / Code fixes
- Yeyixiao - Feature additions
- Deezzir - Feature additions
- wzxjohn - Code fixes, Documentation additions
- okrc - Code fixes
- Sapour - Code fixes
- lmou523 - Code fixes
- sredna - Code fixes for Classic installer
- weihongx9315 - Code fix
- marti4d - Code fix
- jorgectf - CodeQL workflow
- stephtr - CI / Certification
- yfdyh000 - Localization support for Plus installer
- Dyras - Templates additions
- cricri-pingouin - UI fixes
- Valinwolf - UI / Icons
- daveout - UI / Icons
- kokofixcomputers - Support member of the Discord channel
- NewKidOnTheBlock - Changelog fixes
- Naeemh1 - Documentation additions
- APMichael - Templates additions
- 1mm0rt41PC - Documentation additions
- Luro223 - Documentation additions
- lwcorp - Documentation additions
- wilders-soccerfan - Documentation additions
- LepordCat - Documentation additions
- stdedos - Documentation additions
🌏 Translators
- czoins - Arabic
- yuhao2348732, 0x391F, nkh0472, yfdyh000, gexgd0419, Zerorigin, UnnamedOrange, DevSplash, Becods, okrc, 4rt3mi5, sepcnt, fzxx, Vstory, GT-Stardust - Simplified Chinese
- TragicLifeHu, Hulen, xiongsp - Traditional Chinese
- RockyTDR - Dutch
- clexanis, Mmoi-Fr, hippalectryon-0, Monsieur Pissou - French (provided by email)
- bastik-1001, APMichael - German
- timinoun - Hungarian (provided by email)
- isaak654, DerivativeOfLog7 - Italian
- takahiro-itou - Japanese
- VenusGirl - Korean
- 7zip, AndrzejRafalowski - Polish (provided separately)
- JNylson - Portuguese and Brazilian Portuguese
- lufog, marat2509 - Russian
- LumitoLuma, sebadamus - Spanish
- 1FF, Thatagata - Swedish (provided by email or pull request)
- xorcan, fmbxnary, offhub - Turkish
- SuperMaxusa, lufog - Ukrainian
- GunGunGun - Vietnamese
All translators are encouraged to look at the Localization notes and tips before sending a translation.
📚 Documentation Translators
- Vstory, GT-Stardust, wzxjohn - Simplified Chinese
All documentation translators are encouraged to look at the Multilingual Translation Contribution Guide before sending a translation.