64-bit editions of Windows introduce a new security feature called Kernel Patch Protection. This feature aims to protect the core of Windows (the kernel) by regularly performing self-checks to detect changes.
The problem is that a stock Windows kernel does not provide all the facilities necessary to implement a security solution such as Sandboxie. On 32-bit Windows, Sandboxie can dynamically enhance the Windows kernel to provide the missing functionality. This was not initially possible on 64-bit Windows, due to the Kernel Patch Protection feature.
What this means in simple terms, is that Sandboxie was only able to partially monitor the use of some system objects that are used by programs to connect and communicate with each other. In principle, a malicious program that is running under the supervision of Sandboxie could potentially communicate with a service that is running outside the sandbox, without Sandboxie noticing this and blocking the communication.
It should be noted, however, that even with this disadvantage, the 64-bit edition of Sandboxie is still an adequate front line of defense against most types of malicious software.
Additionally, in order to compensate for this disadvantage, the 64-bit edition of Sandboxie enables the Drop Rights setting by default. This setting may need to be disabled before software can be installed into a sandbox.
Version 3.56 of Sandboxie introduces the Experimental Protection feature, which can provide the missing kernel functionality through semi-official kernel interfaces. This is very similar to what the 32-bit edition of Sandboxie does, and does not circumvent Kernel Patch Protection or diminish its protection in any way.
However, because it uses kernel interfaces which are not completely documented and official, the feature is tagged as experimental. There is a small chance that a future update to the Windows kernel could render the feature inoperable and might even cause system crashes.
Note that system crashes related to Kernel Patch Protection do not generally occur immediately upon system start-up, but some minutes later.
You should generally enable the Experimental Protection mode, unless there is some reason not to do this.
Please note that the Experimental Protection feature is not offered in the 64-bit version of Windows 8.
Sandboxie is Copyright © 2004-2012 by Sandboxie Holdings LLC. All rights reserved.
Sandboxie.com | Contact Author
This site has been viewed 208,622,407 times since June 2004