Important Information Regarding Sandboxie Open Source Release

Sophos is proud to announce the release of the Sandboxie source code to the community, meaning we are finally an open source tool!

We’re excited to give the code to the community. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level. We’re proud to release it to the community in the hope it will spawn a fresh wave of ideas and use cases.

To download this release please visit our download page here.

As we are monitoring and keeping you up to date on the take-up of the source code and its transition to become a true open source project we can imagine that you have some questions about the availability of the free Sandboxie versions and the future of the forum and this website.

FAQ on this release:

Will Sophos take ownership of the open source project?

Sophos is currently engaging with members of the community who are willing to take on the Sandboxie source code and make it available through an open source project to the community. We will keep you informed about the progress through this website.

Will a Sophos pre-compiled version be made available?

The latest version of Sandboxie (Win 7, 8.1 and 10 only) is available here . This is the last version of Sandboxie that Sophos will make available to the community and no further updates will be made to it. All restricted features have been made completely free in this version. Any further improvements to Sandboxie will need to be made through the open source community.

What will happen to the forums?

Sophos is planning to close the Sophos community Sandboxie forum on June 1st 2020.

What will happen to the existing license server?

The open source release has no code to check the license server. We have removed any checks against the license server since the 5.31.1 release. For this reason we will be shutting down the license server on June 1st 2020.

What will happen to the Sandboxie website and available downloads?

As and when the Sandboxie community embraces the available source code, transitioning it to an open source project, we will gradually wind down the website and expect to close the website during the fall of 2020.

How do I compile the code?

There are 3 steps to building Sandboxie:

Compile the source code Sign the generated binaries (optional for most things but required for the driver) Create the installer (optional but useful for initially performing tasks like installing the service and driver)

To start with there is a Readme.txt file in the root of the source code.

The main piece of source that is needed to compile the code is Microsoft Visual Studio 2015. (The Community Version may build the source code but be advised that there are restrictions on the use of the binaries generated by this version).

There is a dependency on the Microsoft Windows Device Driver Kit 7.1.0 (link has been provided in the Readme.txt file).

There is a separate Readme.txt located in the /install/ folder for building the installer. This contains additional requirements to set up.

Does the Sandboxie Source Code come with pre-compiled code?

No, Sandboxie can be compiled entirely from source code withll very few dependencies.

Are there any restrictions to using the source code?

We are releasing the source code under the GPL v3 license (https://www.gnu.org/licenses/gpl-3.0.en.html)

How do I start studying the source code?

Start with the Readme.txt file at the root. There is a little more explanation of each of the different projects in the source code.

Do I need to sign my drivers?

Yes, Microsoft requires that all drivers are signed. This requires purchasing a validated certificate from a Certificate Authority who normally will vet the individual/company that they are issuing too. Since Windows 10, Microsoft also requires that all drivers be submitted to them through their hardware development portal so that it can be validated and signed by them.

For testing purposes, it is possible to create a self-signed certificate and use that to sign your driver locally. Windows still need to run in what is called Test Signing mode in order to accept this form of signed driver.

It is beyond the scope of this document to describe how to sign the binaries but there are plenty of resources online to help with this.

Can I avoid signing the driver?

If you use a version of the driver that is already signed, it is possible to update other components and drop in files as replacements. The only condition is that the “Version” associated with the SbieSvc project (see common\my_version.h) matches the driver version.

Avoid changing the *.rc files

There is a known issue that opening any *.rc in Visual Studio can cause it to get corrupted. The default versions should work as is.

This has been resolved.