Added further options

Co-authored-by: isaak654 <isaak654@users.noreply.github.com>
sandboxie-plus · Jul 25, 2024 · cbd5f39 · cbd5f39
1 parent a354470
commit cbd5f39
Show file tree

Hide file tree

Showing 14 changed files with 207 additions and 1 deletion.
diff --git a/Content/AllPages.md b/Content/AllPages.md
@@ -8,10 +8,14 @@
 
 [Alert Process](AlertProcess.md)
 
+[Allow Raw Disk Read](AllowRawDiskRead.md)
+
 [Appearance Settings](AppearanceSettings.md)
 
 [Applications Settings](ApplicationsSettings.md)
 
+[Applying a Supporter Certificate](../PlusContent/applying-supporter-certificate.md)
+
 [Auto Delete](AutoDelete.md)
 
 [Auto Exec](AutoExec.md)
@@ -32,6 +36,8 @@
 
 ~~[Block Port](BlockPort.md)~~ (removed since Sandboxie v0.9.0 / 5.51.0)
 
+[Block Screen Capture](BlockScreenCapture.md)
+
 ~~[Block Sys Param](BlockSysParam.md)~~ (removed since Sandboxie v4.xx)
 
 ~~[Block Win Hooks](BlockWinHooks.md)~~ (removed since Sandboxie v4.xx)
@@ -84,6 +90,8 @@
 
 [Copy Limit Silent](CopyLimitSilent.md)
 
+[Cover Boxed Windows](CoverBoxedWindows.md)
+
 ### D
 
 [Delete Command](DeleteCommand.md)
@@ -118,6 +126,8 @@
 
 [Expandable Variables](ExpandableVariables.md)
 
+[External Tutorials](ExternalTutorials.md)
+
 ### F
 
 [FAQ Email](FAQEmail.md)
@@ -144,6 +154,8 @@
 
 [Force Process](ForceProcess.md)
 
+[Forget Password](ForgetPassword.md)
+
 [Frequently Asked Questions](FrequentlyAskedQuestions.md)
 
 ### G
@@ -168,6 +180,10 @@
 
 [Help Topics](HelpTopics.md)
 
+[Hide Host Process](HideHostProcess.md)
+
+[Hide Other Boxes](HideOtherBoxes.md)
+
 [How It Works](HowitWorks.md)
 
 [How To Use Win Dbg](HowToUseWinDbg.md)
@@ -186,16 +202,22 @@
 
 [Ipc Root Path](IpcRootPath.md)
 
+[Isolation Mechanism](IsolationMechanism.md)
+
 ### J
 
 ### K
 
 [Key Root Path](KeyRootPath.md)
 
+[Known Conflicts](KnownConflicts.md)
+
 ### L
 
 [Leader Process](LeaderProcess.md)
 
+[Linger Exempt Wnds](LingerExemptWnds.md)
+
 [Linger Process](LingerProcess.md)
 
 ### M
@@ -204,6 +226,8 @@
 
 [Monitor Admin Only](MonitorAdminOnly.md)
 
+[Msi Installer Exemptions](MsiInstallerExemptions.md)
+
 ### N
 
 [Never Delete](NeverDelete.md)
@@ -224,10 +248,14 @@
 
 [Notify Start Run Access Denied](NotifyStartRunAccessDenied.md)
 
+[Nt Namespace Isolation](NtNamespaceIsolation.md)
+
 [Nt Status Codes](NtStatusCodes.md)
 
 ### O
 
+[Open Clipboard](OpenClipboard.md)
+
 [Open Clsid](OpenClsid.md)
 
 [Open Conf Path](OpenConfPath.md)
@@ -274,6 +302,8 @@
 
 [Programs View](ProgramsView.md)
 
+[Protect Host Images](ProtectHostImages.md)
+
 [Protected Storage](ProtectedStorage.md)
 
 [Proxy Support](../PlusContent/ProxySupport.md)
@@ -318,6 +348,8 @@
 
 [Sandbox Settings](SandboxSettings.md)
 
+[Sandboxie](Sandboxie.md)
+
 [Sandboxie Control](SandboxieControl.md)
 
 [Sandboxie Ini](SandboxieIni.md)
@@ -326,6 +358,8 @@
 
 [Sandboxie Live](../PlusContent/Sandboxie-Live.md)
 
+[Sandboxie Plus](../PlusContent/sandboxie-plus.md)
+
 [Sandboxie Plus Features](../PlusContent/Plus-Features.md)
 
 [Sandboxie Plus Migration Guide](PlusMigrationGuide.md)
@@ -334,6 +368,8 @@
 
 [Sandboxie Trace](SandboxieTrace.md)
 
+[SandboxieDrv use of undocumented kernel exports](TokenMagic.md)
+
 [SBIE DLL API](SBIEDLLAPI.md)
 
 [SBIE Messages](SBIEMessages.md)
@@ -606,6 +642,8 @@
 
 [Security Mode](../PlusContent/security-mode.md)
 
+[Separate User Folders](SeparateUserFolders.md)
+
 [Service Programs](ServicePrograms.md)
 
 [Shell Folders](ShellFolders.md)
@@ -626,6 +664,8 @@
 
 [Test Email Configuration](TestEmailConfiguration.md)
 
+[Trace logging](../PlusContent/TraceLog.md)
+
 [Translations](../PlusContent/translations.md)
 
 [Tray Icon Menu](TrayIconMenu.md)

diff --git a/Content/AllowRawDiskRead.md b/Content/AllowRawDiskRead.md
@@ -0,0 +1,13 @@
+# Allow Raw Disk Read 
+
+_AllowRawDiskRead_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v0.7.0 / 5.48.0. This setting can be used to disable protection which prevents elevated sandboxed processes from accessing volumes/disks for reading.
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   AllowRawDiskRead=y
+```
+
+Related Sandboxie Plus setting: Sandbox Options > File Options > Allow elevated sandboxed applications to read the harddrive
diff --git a/Content/BlockScreenCapture.md b/Content/BlockScreenCapture.md
@@ -0,0 +1,13 @@
+# Block Screen Capture
+
+_BlockScreenCapture_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.13.6 / 5.68.6. If enabled, it will prevent sandboxed processes from accessing the images of the window outside the sandbox. For example:
+```
+   .
+   .
+   .
+   [DefaultBox]
+   BlockScreenCapture=y
+```
+A setting similar to _BlockScreenCapture_ is [CoverBoxedWindows](CoverBoxedWindows.md).
+
+Related Sandboxie Plus setting: Sandbox Options > General Options > Restrictions > Prevent sandboxed processes from capturing window images
diff --git a/Content/CoverBoxedWindows.md b/Content/CoverBoxedWindows.md
@@ -0,0 +1,15 @@
+# Cover Boxed Windows
+
+_CoverBoxedWindows_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.13.6 / 5.68.6. If enabled, it will block host processes from taking screenshots of sandboxed processes.
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   CoverBoxedWindows=y
+```
+
+A setting similar to _CoverBoxedWindows_ is [BlockScreenCapture](BlockScreenCapture.md).
+
+Related Sandboxie Plus setting: Sandbox Options > Security Options > Box Protection > Prevent processes from capturing window images from sandboxed windows
diff --git a/Content/ForgetPassword.md b/Content/ForgetPassword.md
@@ -0,0 +1,17 @@
+# Forget Password
+
+_ForgetPassword_ is a global setting in [Sandboxie Ini](SandboxieIni.md). If set in [Sandboxie Control](SandboxieControl.md) or [Sandman](PlusMigrationGuide.md), the configuration password is cleared when the main window is hidden - and will need to be re-entered in order to modify configuration settings.
+
+Usage:
+
+```
+   .
+   .
+   .
+   [GlobalSettings]
+   ForgetPassword=y
+```
+
+See also: [Configuration Protection](ConfigurationProtection.md).
+
+Related Sandboxie Plus setting: Options menu > Global Settings > Advanced Config > Sandboxie.ini Presets > Clear password when main window becomes hidden
diff --git a/Content/HideHostProcess.md b/Content/HideHostProcess.md
@@ -0,0 +1,13 @@
+# Hide Host Process
+
+_HideHostProcess_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v0.3 / 5.42. It is used to hide unsandboxed host processes. It can also be used to hide Sandboxie services.
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   HideHostProcess=program.exe
+```
+
+Related Sandboxie Plus setting: Sandbox Options > Advanced Options > Hide Processes
diff --git a/Content/HideOtherBoxes.md b/Content/HideOtherBoxes.md
@@ -0,0 +1,13 @@
+# Hide Other Boxes
+
+_HideOtherBoxes_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v0.3 / 5.42. By default, Sandboxie enables this feature, which allows processes to be hidden from other boxes. Example of disabling this setting:
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   HideOtherBoxes=n
+```
+
+Related Sandboxie Plus setting: Sandbox Options > Advanced Options > Hide Processes > Don't allow sandboxed processes to see processes running in other boxes
diff --git a/Content/LingerExemptWnds.md b/Content/LingerExemptWnds.md
@@ -0,0 +1,15 @@
+# Linger Exempt Wnds
+
+_LingerExemptWnds_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.13.4 / 5.68.4. To make the lingering process monitor mechanism no longer exempt lingering processes with windows from termination. For example:
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   LingerExemptWnds=n
+```
+
+Related [Sandboxie Control](SandboxieControl.md) setting: [Sandbox Settings -> Program Stop -> Lingering Programs](ProgramStopSettings.md#lingering-programs)
+
+See also: [Program Settings](ProgramSettings.md#linger).
diff --git a/Content/MsiInstallerExemptions.md b/Content/MsiInstallerExemptions.md
@@ -0,0 +1,15 @@
+# Msi Installer Exemptions
+
+_MsiInstallerExemptions_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v0.7.2 / 5.49.0.
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   MsiInstallerExemptions=y
+```
+
+Use the 'MsiInstallerExemptions=y' option to allow MSIServer to run with a sandboxed system token and apply other exceptions. This option may help with installing an MSI package.
+
+Related Sandboxie Plus setting: Sandbox Options > Security Options > Security Hardening > Allow MSIServer to run with a sandboxed system token and apply other exceptions if required
diff --git a/Content/NtNamespaceIsolation.md b/Content/NtNamespaceIsolation.md
@@ -0,0 +1,11 @@
+# Nt Namespace Isolation
+
+_NtNamespaceIsolation_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.8.0 / 5.63.0. It can be used to disable virtualization for CreateDirectoryObject and OpenDirectoryObject - which will reduce security and remove measures to prevent name squatting.
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   NtNamespaceIsolation=n
+```
diff --git a/Content/OpenClipboard.md b/Content/OpenClipboard.md
@@ -0,0 +1,13 @@
+# Open Clipboard
+
+_OpenClipboard_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v0.7.5 / 5.49.8. It allows to disable clipboard access for a sandbox. For example:
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   OpenClipboard=n
+```
+
+Related Sandboxie Plus setting: Sandbox Options > General Options > Restrictions > Block read access to the clipboard
diff --git a/Content/ProtectHostImages.md b/Content/ProtectHostImages.md
@@ -0,0 +1,13 @@
+# Protect Host Images 
+
+_ProtectHostImages_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.9.0 / 5.64.0. This setting can be enabled to prevent processes located outside the sandbox from loading boxed DLLs.  
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   ProtectHostImages=y
+```
+
+Related Sandboxie Plus setting: Sandbox Options > Various Options > Dlls & Extensions > Prevent sandboxed programs installed on host from loading DLLs from the sandbox
diff --git a/Content/SeparateUserFolders.md b/Content/SeparateUserFolders.md
@@ -0,0 +1,15 @@
+# Separate User Folders 
+
+_SeparateUserFolders_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v0.2.2 / 5.41.2. It specifies whether user profile files will be stored separately in the sandbox.
+
+```
+   .
+   .
+   .
+   [DefaultBox]
+   SeparateUserFolders=n
+```
+
+The setting in the example will result in user profile files no longer being stored separately in the sandbox.
+
+Related Sandboxie Plus setting: Sandbox Options > File Options > Separate user folders
diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ A GitHub Pages site based on this content is also available: [https://sandboxie-
 * [General Usage Tips](Content/UsageTips.md)
 * [Usage Manual for Sandboxie Control](Content/SandboxieControl.md)
 * [Known Conflicts](Content/KnownConflicts.md)
-* [Frequenty Asked Questions](Content/FrequentlyAskedQuestions.md)
+* [Frequently Asked Questions](Content/FrequentlyAskedQuestions.md)
 * [Advanced Topics](Content/AdvancedTopics.md)
 * [Technical Aspects](Content/TechnicalAspects.md)
 * [SBIE Messages](Content/SBIEMessages.md)