Sandboxie-Plus

by http://xanasoft.com/v1.17.7

Last updated Jun 8, 2026

Sandboxie is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems.

Install with winget

$ winget install --id Sandboxie.Plus --exact --version 1.17.7

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Sandboxie-Plus

Sandboxie-Plus uses EXE (Inno Setup). The silent install switches are /VERYSILENT /SUPPRESSMSGBOXES /NORESTART.

One-line silent install (x64, machine scope)

Sandboxie-Plus-x64-v1.17.7.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /ALLUSERS

See the full silent install reference for Sandboxie-Plus →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Sandboxie is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems.

It is developed by David Xanatos since it became open source, before that it was developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur).

It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive.

Such an isolated virtual environment allows controlled testing of untrusted programs and web surfing.

Installers · v1.17.7

Architecture	Type	Scope	Install	Download
x64	EXE Inno Setup	machine		Direct
arm64	EXE Inno Setup	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

15 known CVEs via NVD

high7.0Patched in wingetCVE-2026-34596affects before 1.17.3May 5, 2026
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spa...
Vendor advisory
medium5.3Patched in wingetCVE-2026-34527affects before 1.17.3May 5, 2026
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces z...
Vendor advisory
high8.8Patched in wingetCVE-2026-34464affects before 1.17.3May 5, 2026
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat without verifying null terminat...
Vendor advisory
high7.8Patched in wingetCVE-2026-34462affects before 1.17.3May 5, 2026
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from request structures into WCHAR[40] stack...
Vendor advisory
high7.8Patched in wingetCVE-2026-34461affects before 1.17.3May 5, 2026
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled before normal sandbox and impersonation chec...
Vendor advisory
high8.8Patched in wingetCVE-2026-34459affects before 1.17.3May 5, 2026
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process send...
Vendor advisory
high8.8Patched in wingetCVE-2026-34458affects before 1.17.3May 5, 2026
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions (EditAdminOnly and ConfigPassword) and inject arbitrary directives in...
Patch Vendor advisory
medium6.5Patched in wingetCVE-2026-32603affects before 1.17.3May 5, 2026
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \D...
Vendor advisory

Showing 8 of 15. Source: NVD, updated just now. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Sandboxiesandboxie-plus.com
Sandboxie.Classicv5.72.7
Sandboxie is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems.
A
AlgodooAlgoryx
Algoryx.Algodoov2.2.1
Physics-based 2D sandbox simulator
daggerDagger
Dagger.Cliv0.21.6
Dagger is an integrated platform to orchestrate the delivery of applications
WSBBuilderMojtabaTajik
MojtabaTajik.WSBBuilderv1.0.0.28
Easy GUI to generate Windows sandbox configuration files
W
WasmtimeBytecode Alliance
BytecodeAlliance.Wasmtime.Portablev45.0.1
A fast and secure runtime for WebAssembly

More from http://xanasoft.com/ or browse sandbox.

Frequently asked questions

How do I install Sandboxie-Plus on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Sandboxie.Plus --exact --version 1.17.7. winget downloads the installer from http://xanasoft.com/ and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Sandboxie-Plus silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Sandboxie.Plus --exact 1.17.7 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Sandboxie-Plus?

Sandboxie-Plus uses EXE (Inno Setup). Run the downloaded installer with: Sandboxie-Plus-x64-v1.17.7.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /ALLUSERS. The silent switches are /VERYSILENT /SUPPRESSMSGBOXES /NORESTART.

How do I uninstall Sandboxie-Plus via winget?

Run: winget uninstall --id Sandboxie.Plus --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Sandboxie-Plus's Apps & Features entry.

Is Sandboxie-Plus free?

Sandboxie-Plus is distributed under GPL-3.0. Refer to the publisher (https://github.com/sandboxie-plus/Sandboxie) for the full license terms - Wingetly itself does not charge for installation.

Does Sandboxie-Plus work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Sandboxie-Plus directly from the publisher.

How do I keep Sandboxie-Plus up to date?

Run winget upgrade --id Sandboxie.Plus --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Sandboxie-Plus from microsoft/winget-pkgs.

Recent versions

1.17.7latest
1.17.6
1.17.5
1.17.4
1.17.3
1.17.2
1.17.1
1.17.0
1.16.9
1.16.8