There is no trade-off of functionality for security: the Web site can use the full range of active content tools, and if it uses these tools maliciously to install software or otherwise make changes in your computer, then these changes can be easily undone.

Sandboxie has originally been designed to increase the security of browsing with Internet Explorer, however it is just as effective with any other browser, and in fact, any other program. Sandboxie wraps a protection layer around the programs it supervises. It is this layer that intercepts and isolates any changes the programs make to the computer. And this layer is impartial to the specific program it wraps.

Sandboxie was designed as an application that will allow you isolates and quarantines website.

When you browse the web, changes occur to your computer system. Most of the time these changes are harmless, like recording the addresses of web sites you have visited (and when), so the browser can help you complete a web address that you type in. Whether these changes are harmless or harmful, they do in fact happen to your computer system.

When you use Sandboxie to protect your browsing session, it catches all these changes just as the browser is about to apply them into your computer system. Sandboxie does record these changes on behalf of the browser, but it records them in a special isolated folder, called the sandbox.

The benefit of having a sandbox is that it ensures your ability to get rid of all changes done by the browser, simply by deleting the sandbox folder.

Another useful feature of Sandboxie is the ability to terminate all sandboxed programs at once. As some web sites tend to pop up three new browser windows for each one you close, you can have Sandboxie close all of them with a click of a button.

What's New:


  • Added option to alter reported Windows version "OverrideOsBuild=7601" for Windows 7 SP1
  • The trace log can now be structured like a tree with processes as root items and threads as branches


  • SandboxieCrypto now always migrates the CatRoot2 files in order to prevent locking of real files
  • Greatly improved trace log performance
  • MSI Server can now run with the "FakeAdminRights=y" and "DropAdminRights=y" options
  • Special service allowance for the MSI Server can be disabled with "MsiInstallerExemptions=n"
  • Changed SCM access check behaviour; non elevated users can now start services with a user token
  • Elevation is now only required to start services with a system token
  • Reworked the trace log mechanism to be more verbose
  • Reworked RPC mechanism to be more flexible


  • Fixed issues with some installers introduced in 5.48.0
  • Fixed "add user to sandbox" in the Plus UI
  • Fixed SECURITY ISSUE: the HostInjectDll mechanism allowed for local privilege escalation (thanks hg421)
  • Classic UI no longer allows to create a sandbox with an invalid or reserved device name