,..." directives to non-excluded images if they are located in a sandbox
--- added 'AlwaysCloseForBoxed=n' to disable this behaviour as it may not be always desired, and it doesn't provide extra security
-- added process image information to SandMan UI
-- localized template categories in the Plus UI [#727](https://github.com/sandboxie-plus/Sandboxie/issues/727)
-- added "DisableResourceMonitor=y" to disable resource access monitor for selected boxes [#886](https://github.com/sandboxie-plus/Sandboxie/issues/886)
-- added option to show trace entries only for the selected sandbox [#886](https://github.com/sandboxie-plus/Sandboxie/issues/886)
-- added "UseVolumeSerialNumbers=y" that allows drive letters to be suffixed with the volume SN in the \drive\ sandbox location
--- it helps to avoid files mixed together on multiple pendrives using the same letter
--- Note: this option is not compatible with the recovery function of the Classic UI, only SandMan UI is fully compatible
-- added "ForceRestart=PicoTorrent.exe" to the PicoTorrent template in order to fix a compatibility issue [#720](https://github.com/sandboxie-plus/Sandboxie/issues/720)
-- added localization support for RPC templates (by isaak654) [#736](https://github.com/sandboxie-plus/Sandboxie/issues/736)
-
-### Changed
-- portable clean-up message now has yes/no/cancel options [#874](https://github.com/sandboxie-plus/Sandboxie/issues/874)
-- consolidated Proc_CreateProcessInternalW and Proc_CreateProcessInternalW_RS5 to remove duplicate code
-- the ElevateCreateProcess fix, as sometimes applied by the Program Compatibility Assistant, will no longer be emulated by default [#858](https://github.com/sandboxie-plus/Sandboxie/issues/858)
--- use 'ApplyElevateCreateProcessFix=y' or 'ApplyElevateCreateProcessFix=program.exe,y' to enable it
-- trace log gets disabled only when it has no entries and the logging is stopped
-
-### Fixed
-- fixed APC issue with the new global hook emulation mechanism and WoW64 processes [#780](https://github.com/sandboxie-plus/Sandboxie/issues/780) [#779](https://github.com/sandboxie-plus/Sandboxie/issues/779)
-- fixed IPv6 issues with BlockPort options
-- fixed an issue with CheatEngine when "OpenWinClass=*" was specified [#786](https://github.com/sandboxie-plus/Sandboxie/issues/786)
-- fixed memory corruption in SbieDrv [#838](https://github.com/sandboxie-plus/Sandboxie/issues/838)
-- fixed crash issue with process elevation on CreateProcess calls [#858](https://github.com/sandboxie-plus/Sandboxie/issues/858)
-- fixed process elevation when running in the built-in administrator account [#3](https://github.com/sandboxie-plus/Sandboxie/issues/3)
-- fixed template preview resetting unsaved entries in box options window [#621](https://github.com/sandboxie-plus/Sandboxie/issues/621)
-
-
-
-## [0.7.5 / 5.49.8] - 2021-06-05
-
-### Added
-- clipboard access for a sandbox can now be disabled with "OpenClipboard=n" [#794](https://github.com/sandboxie-plus/Sandboxie/issues/794)
-
-### Changed
-- now the OpenBluetooth template is enabled by default for compatibility with Unity games [#799](https://github.com/sandboxie-plus/Sandboxie/issues/799)
-- "PreferExternalManifest=program.exe,y" can now be set on a per-process basis
-
-### Fixed
-- fixed compiler issues with the most recent VS2019 update
-- fixed issue with Vivaldi browser [#821](https://github.com/sandboxie-plus/Sandboxie/issues/821)
-- fixed some issues with box options in the Plus UI [#879](https://github.com/sandboxie-plus/Sandboxie/issues/879)
-- fixed some issues with hardware acceleration in Chromium based browsers [#795](https://github.com/sandboxie-plus/Sandboxie/issues/795)
-- the "Stop All" command now issues "KmdUtil scandll" first to solve issues when the SbieDll.dll is in use
-- workaround for Electron apps, by forcing an additional command line argument on the GPU renderer process [#547](https://github.com/sandboxie-plus/Sandboxie/issues/547) [#310](https://github.com/sandboxie-plus/Sandboxie/issues/310) [#215](https://github.com/sandboxie-plus/Sandboxie/issues/215)
-- fixed issue with Software Compatibility tab that doesn't always show template names correctly [#774](https://github.com/sandboxie-plus/Sandboxie/issues/774)
-
-
-
-## [0.7.4 / 5.49.7] - 2021-04-11
-
-### Added
-- added option to disable file migration prompt in the Plus UI with PromptForFileMigration=n [#643](https://github.com/sandboxie-plus/Sandboxie/issues/643)
-- added UI options for various security isolation features
-- added missing functionality to set template values in the Plus UI
-- added templates for Popcorn-Time, Clementine Music Player, Strawberry Music Player, 32-bit MPC-HC (by Dyras) [#726](https://github.com/sandboxie-plus/Sandboxie/pull/726) [#737](https://github.com/sandboxie-plus/Sandboxie/pull/737)
-
-### Changed
-- align default settings of AutoRecover and Favourites to the Plus version (thanks isaak654) [#747](https://github.com/sandboxie-plus/Sandboxie/pull/747)
-- list of email clients and browsers is now centralized in Dll_GetImageType
-- localstore.rdf reference in Templates.ini was replaced with xulstore.json (by isaak654) [#751](https://github.com/sandboxie-plus/Sandboxie/pull/751)
-
-### Fixed
-- fixed minor issue with logging internet blocks
-- fixed issue with file recovery when located on a network share [#711](https://github.com/sandboxie-plus/Sandboxie/issues/711)
-- fixed UI issue with CallTrace [#769](https://github.com/sandboxie-plus/Sandboxie/issues/769)
-- fixed sandbox shortcuts receiving double extension upon creation [#770](https://github.com/sandboxie-plus/Sandboxie/issues/770)
-- fixed misplaced labels in the Classic UI (thanks isaak654) [#759](https://github.com/sandboxie-plus/Sandboxie/pull/759)
-- fixed separator line in SbieCtrl (thanks isaak654) [#761](https://github.com/sandboxie-plus/Sandboxie/pull/761)
-- fixed broken paths in The Bat! template (by isaak654) [#756](https://github.com/sandboxie-plus/Sandboxie/pull/756)
-- fixed issue about media players that attempt to write unneeded media files inside the box (by Dyras) [#743](https://github.com/sandboxie-plus/Sandboxie/pull/743) [#536](https://github.com/sandboxie-plus/Sandboxie/issues/536)
-
-
-
-## [0.7.3 / 5.49.5] - 2021-03-27
-
-### Added
-- added "UseSbieWndStation=y" to emulate CreateDesktop for selected processes, not only Firefox and Chrome [#635](https://github.com/sandboxie-plus/Sandboxie/issues/635)
-- added option to drop the console host process integrity, now you can use "DropConHostIntegrity=y" [#678](https://github.com/sandboxie-plus/Sandboxie/issues/678)
-- added option to easily add local templates
-- added new torrent clients and media players templates (by Dyras) [#719](https://github.com/sandboxie-plus/Sandboxie/pull/719)
-
-### Changed
-- reworked window hooking mechanism to improve performance [#697](https://github.com/sandboxie-plus/Sandboxie/issues/697) [#519](https://github.com/sandboxie-plus/Sandboxie/issues/519) [#662](https://github.com/sandboxie-plus/Sandboxie/issues/662) [#69](https://github.com/sandboxie-plus/Sandboxie/issues/69) [#109](https://github.com/sandboxie-plus/Sandboxie/issues/109) [#193](https://github.com/sandboxie-plus/Sandboxie/issues/193)
--- resolves issues with file save dialogs taking 30+ seconds to open
--- this fix greatly improves the Win32 GUI performance of sandboxed processes
-- reworked RPC resolver to be ini-configurable
--- the following options are now deprecated:
---- "UseRpcMgmtSetComTimeout=some.dll,n", so use "RpcPortBinding=some.dll,*,TimeOut=y"
---- "OpenUPnP=y", "OpenBluetooth=y", "OpenSmartCard=n", so use the new RPC templates instead
--- See Templates.ini for usage examples
-
-### Fixed
-- fixed process-specific hooks being applied to all processes in a given sandbox
-- fixed issue with messages and templates sometimes not being properly displayed in the SandMan UI
-- fixed issue with compatibility settings not being applied properly
-- fixed auto delete issue that got introduced with 0.7.1 [#637](https://github.com/sandboxie-plus/Sandboxie/issues/637)
-- fixed issue with NtSetInformationFile, FileDispositionInformation resulting in Opera installer failing
-- fixed issue with MacType introduced in the 0.7.2 build [#676](https://github.com/sandboxie-plus/Sandboxie/issues/676)
-- fixed global sandboxed windows hooks not working when window rename option is disabled
-- fixed issue with saving local templates
-- fixed issue when using runas to start a process that was created outside of the Sandboxie supervision [#688](https://github.com/sandboxie-plus/Sandboxie/issues/688)
--- since the runas facility is not accessible by default, this did not constitute a security issue
--- to enable runas functionality, add "OpenIpcPath=\RPC Control\SECLOGON" to your Sandboxie.ini
--- please take note that doing so may open other yet unknown issues
-- fixed a driver compatibility issue with Windows 10 32 bit Insider Preview Build 21337
-- fixed issues with driver signature for Windows 7
-
-
-
-## [0.7.2 / 5.49.0] - 2021-03-04
-
-### Added
-- added option to alter reported Windows version "OverrideOsBuild=7601" for Windows 7 SP1 [#605](https://github.com/sandboxie-plus/Sandboxie/issues/605)
-- the trace log can now be structured like a tree with processes as root items and threads as branches
-
-### Changed
-- SandboxieCrypto now always migrates the CatRoot2 files in order to prevent locking of real files
-- greatly improved trace log performance
-- MSI Server can now run with the "FakeAdminRights=y" and "DropAdminRights=y" options [#600](https://github.com/sandboxie-plus/Sandboxie/issues/600)
--- special service allowance for the MSI Server can be disabled with "MsiInstallerExemptions=n"
-- changed SCM access check behaviour; non elevated users can now start services with a user token
--- elevation is now only required to start services with a system token
-- reworked the trace log mechanism to be more verbose
-- reworked RPC mechanism to be more flexible
-
-### Fixed
-- fixed issues with some installers introduced in 5.48.0 [#595](https://github.com/sandboxie-plus/Sandboxie/issues/595)
-- fixed "add user to sandbox" in the Plus UI [#597](https://github.com/sandboxie-plus/Sandboxie/issues/597)
-- FIXED SECURITY ISSUE ID-15: the HostInjectDll mechanism allowed for local privilege escalation (thanks hg421)
-- Classic UI no longer allows to create a sandbox with an invalid or reserved device name [#649](https://github.com/sandboxie-plus/Sandboxie/issues/649)
-
-
-
-## [0.7.1 / 5.48.5] - 2021-02-21
-
-### Added
-- enhanced RpcMgmtSetComTimeout handling with "UseRpcMgmtSetComTimeout=some.dll,n"
--- this option allows to specify if RpcMgmtSetComTimeout should be used or not for each individual dll
--- this setting takes precedence over hard-coded and per-process presets
--- "UseRpcMgmtSetComTimeout=some.dll" and "UseRpcMgmtSetComTimeout=some.dll,y" are equivalent
-- added "FakeAdminRights=y" option that makes processes think they have admin permissions in a given box
--- this option is recommended to be used in combination with "DropAdminRights=y" to improve security
--- with "FakeAdminRights=y" and "DropAdminRights=y" installers should still work
-- added RPC support for SSDP API (the Simple Service Discovery Protocol), you can enable it with "OpenUPnP=y"
-
-
-### Changed
-- SbieCrypto no longer triggers message 1313
-- changed enum process API; now more than 511 processes per box can be enumerated (no limit)
-- reorganized box settings a bit
-- made COM tracing more verbose
-- "RpcMgmtSetComTimeout=y" is now again the default behaviour, it seems to cause less issues overall
-
-### Fixed
-- fixed issues with webcam access when the DevCMApi filtering is in place
-- fixed issue with free download manager for 'AppXDeploymentClient.dll', so RpcMgmtSetComTimeout=y will be used by default for this one [#573](https://github.com/sandboxie-plus/Sandboxie/issues/573)
-- fixed not all WinRM files were blocked by the driver, with "BlockWinRM=n" this file block can be disabled
-- fixed Sandboxie Classic crash when saving any option in Sandbox Settings -> Appearance (by typpos) [#586](https://github.com/sandboxie-plus/Sandboxie/issues/586)
-
-
-
-## [0.7.0 / 5.48.0] - 2021-02-14
-
-### Added
-- sandboxed indicator for tray icons, the tooltip now contains [#] if enabled
-- the trace log buffer can now be adjusted with "TraceBufferPages=2560"
--- the value denotes the count of 4K large pages to be used; here for a total of 10 MB
-- new functionality for the list finder
-
-### Changed
-- improved RPC debugging
-- improved IPC handling around RpcMgmtSetComTimeout; "RpcMgmtSetComTimeout=n" is now the default behaviour
--- required exceptions have been hard-coded for specific calling DLLs
-- the LogApi dll is now using Sbie's tracing facility to log events instead of its own pipe server
-
-### Fixed
-- FIXED SECURITY ISSUE ID-11: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
--- this protection option can be disabled by using "AllowRawDiskRead=y"
-- fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
-- fixed issue with Resource Monitor sort by timestamp
-- fixed invalid Opera bookmarks path (by isaak654) [#542](https://github.com/sandboxie-plus/Sandboxie/pull/542)
-- FIXED SECURITY ISSUE ID-12: a race condition in the driver allowed to obtain an elevated rights handle to a process (thanks typpos) [#549](https://github.com/sandboxie-plus/Sandboxie/pull/549)
-- FIXED SECURITY ISSUE ID-13: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421) [#553](https://github.com/sandboxie-plus/Sandboxie/issues/553)
--- this allowed elevated processes to change passwords, delete users and alike; to disable filtering use "OpenSamEndpoint=y"
-- FIXED SECURITY ISSUE ID-14: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421) [#552](https://github.com/sandboxie-plus/Sandboxie/issues/552)
--- this allowed elevated processes to change hardware configuration; to disable filtering use "OpenDevCMApi=y"
-
-
-
-## [0.6.7 / 5.47.1] - 2021-02-01
-
-### Added
-- added UI language auto-detection
-
-### Fixed
-- fixed Brave.exe now being properly recognized as Chrome-, not Firefox-based
-- fixed issue introduced in 0.6.5 with recent Edge builds
--- the 0.6.5 behaviour can be set on a per-process basis using "RpcMgmtSetComTimeout=POPPeeper.exe,n"
-- fixed grouping issues [#445](https://github.com/sandboxie-plus/Sandboxie/issues/445)
-- fixed main window restore state from tray [#288](https://github.com/sandboxie-plus/Sandboxie/issues/288)
-
-
-
-## [0.6.5 / 5.47.0] - 2021-01-31
-
-### Added
-- added detection for Waterfox.exe, Palemoon.exe and Basilisk.exe Firefox forks as well as Brave.exe [#468](https://github.com/sandboxie-plus/Sandboxie/issues/468)
-- added Bluetooth API support, IPC port can be opened with "OpenBluetooth=y" [#319](https://github.com/sandboxie-plus/Sandboxie/issues/319)
--- this should resolve issues with many Unity games hanging on startup for a long time
-- added enhanced RPC/IPC interface tracing
-- when DefaultBox is not found by the SandMan UI, it will be recreated
-- "Disable Forced Programs" time is now saved and reloaded
-
-### Changed
-- reduced SandMan CPU usage
-- Sandboxie.ini and Templates.ini can now be UTF-8 encoded [#461](https://github.com/sandboxie-plus/Sandboxie/issues/461) [#197](https://github.com/sandboxie-plus/Sandboxie/issues/197)
--- this feature is experimental, files without a UTF-8 Signature should be recognized also
--- "ByteOrderMark=yes" is obsolete, Sandboxie.ini is now always saved with a BOM/Signature
-- legacy language files can now be UTF-8 encoded
-- reworked file migration behaviour, removed hardcoded lists in favour of templates [#441](https://github.com/sandboxie-plus/Sandboxie/issues/441)
--- you can now use "CopyAlways=", "DontCopy=" and "CopyEmpty=" that support the same syntax as "OpenFilePath="
--- "CopyBlockDenyWrite=program.exe,y" makes a write open call to a file that won't be copied fail instead of turning it read-only
-- removed hardcoded SkipHook list in favour of templates
-
-### Fixed
-- fixed old memory pool leak in the Sbie driver [#444](https://github.com/sandboxie-plus/Sandboxie/issues/444)
-- fixed issue with item selection in the access restrictions UI
-- fixed updater crash in SbieCtrl.exe [#450](https://github.com/sandboxie-plus/Sandboxie/issues/450)
-- fixed issues with RPC calls introduced in Sbie 5.33.1
-- fixed recently broken 'terminate all' command
-- fixed a couple minor UI issues with SandMan UI
-- fixed IPC issue with Windows 7 and 8 resulting in process termination
-- fixed "recover to" functionality
-
-
-
-## [0.6.0 / 5.46.5] - 2021-01-25
-
-### Added
-- added confirmation prompts to terminate all commands
-- added window title to boxed process info [#360](https://github.com/sandboxie-plus/Sandboxie/issues/360)
-- added WinSpy based sandboxed window finder [#351](https://github.com/sandboxie-plus/Sandboxie/issues/351)
-- added option to view disabled boxes and double-click on box to enable it
-
-### Changed
-- "Reset Columns" now resizes them to fit the content, and it can now be localized [#426](https://github.com/sandboxie-plus/Sandboxie/issues/426)
-- modal windows are now centered to the parent [#417](https://github.com/sandboxie-plus/Sandboxie/issues/417)
-- improved new box window [#417](https://github.com/sandboxie-plus/Sandboxie/issues/417)
-
-### Fixed
-- fixed issues with window modality [#409](https://github.com/sandboxie-plus/Sandboxie/issues/409)
-- fixed issues when main window was set to be always on top [#417](https://github.com/sandboxie-plus/Sandboxie/issues/417)
-- fixed a driver issue with Windows 10 insider build 21286
-- fixed issues with snapshot dialog [#416](https://github.com/sandboxie-plus/Sandboxie/issues/416)
-- fixed an issue when writing to a path that already exists in the snapshot but not outside [#415](https://github.com/sandboxie-plus/Sandboxie/issues/415)
-
-
-
-## [0.5.5 / 5.46.4] - 2021-01-17
-
-### Added
-- added "SandboxService=..." to force selected services to be started in the sandbox
-- added template clean-up functionality to Plus UI
-- added internet prompt to now also allow internet access permanently
-- added browse button for box root folder in the SandMan UI [#382](https://github.com/sandboxie-plus/Sandboxie/issues/382)
-- added explorer info message [#352](https://github.com/sandboxie-plus/Sandboxie/issues/352)
-- added option to keep the SandMan UI always on top
-- allow drag and drop file onto SandMan.exe to run it sandboxed [#355](https://github.com/sandboxie-plus/Sandboxie/issues/355)
-- added start SandMan UI when a sandboxed application starts [#367](https://github.com/sandboxie-plus/Sandboxie/issues/367)
-- recovery window can now list all files
-- added file counter to recovery window
-- when "NoAddProcessToJob=y" is specified, Chrome and related browsers now can fully use the job system
--- Note: "NoAddProcessToJob=y" reduces the box isolation, but the affected functions are mostly covered by UIPI anyway
-- added optimized default column widths to Sbie view
-- added template support for Yandex and Ungoogled Chromium browsers (by isaak654)
-
-### Changed
-- updated templates with multiple browsers fixes (thanks isaak654)
-- when trying to take a snapshot of an empty sandbox a proper error message is displayed [#381](https://github.com/sandboxie-plus/Sandboxie/issues/381)
-- new layout for the recovery window
-- Sbie view sorting is now case insensitive
-
-### Fixed
-- fixed issue child window closing terminating application when main was hidden [#349](https://github.com/sandboxie-plus/Sandboxie/issues/349)
-- fixed issues with non modal windows [#349](https://github.com/sandboxie-plus/Sandboxie/issues/349)
-- fixed issues connecting to driver in portable mode
-- fixed minor issues with snapshot window
-- fixed missing error message when attempting to create an already existing sandbox [#359](https://github.com/sandboxie-plus/Sandboxie/issues/359)
-- fixed issue allowing to save setting when a sandbox was already deleted [#359](https://github.com/sandboxie-plus/Sandboxie/issues/359)
-- fixed issues with disabled items in dark mode [#359](https://github.com/sandboxie-plus/Sandboxie/issues/359)
-- fixed some dialogs not closing when pressing Esc [#359](https://github.com/sandboxie-plus/Sandboxie/issues/359)
-- fixed tab stops on many windows
-
-
-
-## [0.5.4d / 5.46.3] - 2021-01-11
-
-### Changed
-- improved access tracing, removed redundant entries
-- OpenIpcPath=\BaseNamedObjects\[CoreUI]-* is now hardcoded in the driver no need for the template entry
-- WindowsFontCache is now open by default
-- refactored some IPC code in the driver
-
-### Fixed
-- FIXED SECURITY ISSUE ID-10: the registry isolation could be bypassed, present since Windows 10 Creators Update
-- fixed creation time not always being properly updated in the SandMan UI
-
-
-
-## [0.5.4c / 5.46.2] - 2021-01-10
-
-### Added
-- added "CallTrace=*" to log all system calls to the access log
-
-### Changed
-- improved IPC logging code
-- improved MSG_2101 logging
-
-### Fixed
-- fixed more issues with IPC tracing
-- fixed SBIE2101 issue with Chrome and derivatives
-
-
-
-## [0.5.4b / 5.46.1] - 2021-01-08
-
-### Added
-- added "RunServiceAsSystem=..." allows specific named services to be run as system
-
-### Changed
-- refactored some code around SCM access
-
-### Fixed
-- fixed a crash issue in SbieSvc.exe introduced with the last build
-- fixed issue with SandMan UI update check
-- FIXED SECURITY ISSUE ID-9: a Sandboxed process could start sandboxed as system even with DropAdminRights in place
-
-### Removed
-- removed "ProtectRpcSs=y" due to incompatibility with new isolation defaults
-
-
-
-## [0.5.4 / 5.46.0] - 2021-01-06
-
-### Added
-- FIXED SECURITY ISSUE ID-4: Sandboxie now strips particularly problematic privileges from sandboxed system tokens
--- with those a process could attempt to bypass the sandbox isolation (thanks Diversenok)
--- old legacy behaviour can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended)
-- added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
--- those resources are open by default, but for a hardened box it is desired to close them
-- FIXED SECURITY ISSUE ID-5: added print spooler filter to prevent printers from being set up outside the sandbox
--- the filter can be disabled with "OpenPrintSpooler=y"
-- added overwrite prompt when recovering an already existing file
-- added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
-- added more compatibility templates (thanks isaak654) [#294](https://github.com/sandboxie-plus/Sandboxie/pull/294)
-
-### Changed
-- Changed Emulated SCM behaviour, boxed services are no longer by default started as boxed system
--- use "RunServicesAsSystem=y" to enable the old legacy behaviour
--- Note: sandboxed services with a system token are still sandboxed and restricted
--- However not granting them a system token in the first place removes possible exploit vectors
--- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence!
-- reworked dynamic IPC port handling
-- improved Resource Monitor status strings
-
-### Fixed
-- FIXED SECURITY ISSUE ID-6: processes could spawn processes outside the sandbox (thanks Diversenok)
-- FIXED SECURITY ISSUE ID-7: bug in the dynamic IPC port handling allowed to bypass IPC isolation
-- fixed issue with IPC tracing
-- FIXED SECURITY ISSUE ID-8: CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
--- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y"
-- fixed hooking issues SBIE2303 with Chrome, Edge and possibly others [#68](https://github.com/sandboxie-plus/Sandboxie/issues/68) [#166](https://github.com/sandboxie-plus/Sandboxie/issues/166)
-- fixed failed check for running processes when performing snapshot operations
-- fixed some box options checkboxes were not properly initialized
-- fixed unavailable options are not properly disabled when SandMan is not connected to the driver
-- fixed MSI installer issue, not being able to create "C:\Config.msi" folder on Windows 20H2 [#219](https://github.com/sandboxie-plus/Sandboxie/issues/219)
-- added missing localization to generic list commands
-- fixed issue with "iconcache_*" when running sandboxed explorer
-- fixed more issues with groups
-
-
-
-## [0.5.3b / 5.45.2] - 2021-01-02
-
-### Added
-- added settings for the portable boxed root folder option
-- added process name to resource log
-- added command line column to the process view in the SandMan UI
-
-### Fixed
-- fixed a few issues with group handling [#262](https://github.com/sandboxie-plus/Sandboxie/issues/262)
-- fixed issue with GetRawInputDeviceInfo when running a 32 bit program on a 64 bit system
-- fixed issue when pressing apply in the "Resource Access" tab; the last edited value was not always applied
-- fixed issue merging entries in Resource Access Monitor
-
-
-
-## [0.5.3a / 5.45.2] - 2020-12-29
-
-### Added
-- added prompt to choose if links in the SandMan UI should be opened in a sandboxed or unsandboxed browser [#273](https://github.com/sandboxie-plus/Sandboxie/issues/273)
-- added more recovery options
-- added "ClosedClsid=" to block COM objects from being used when they cause compatibility issues
-- added "ClsidTrace=*" option to trace COM usage
-- added "ClosedRT=" option to block access to problematic Windows RT interfaces
-- added option to make a link for any selected process to SandMan UI
-- added option to reset all hidden messages
-- added more process presets "force program" and "allow internet access"
-- added "SpecialImage=chrome,some_electron_app.exe" option to Sandboxie.ini, valid image types "chrome", "firefox"
--- with this option you can enable special hardcoded workarounds to new obscure forks of those browsers
-- added German translation (thanks bastik-1001) to the SandMan UI
-- added Russian translation (thanks lufog) to the SandMan UI
-- added Portuguese translation (thanks JNylson ) to the SandMan UI
-
-### Changed
-- changed docs and update URLs to the new sandboxie-plus.com domain
-- greatly improved the setup script (thanks mpheath)
-- "OpenClsid=" and "ClosedClsid=" now support specifying a program or group name
-- by default, when started in portable mode, the sandbox folder will be located in the parent directory of the Sandboxie instance
-
-### Fixed
-- grouping menu not fully working in the new SandMan UI [#277](https://github.com/sandboxie-plus/Sandboxie/issues/277)
-- fixed not being able to set quick recovery in SandMan UI
-- fixed resource leak when loading process icons in SandMan UI
-- fixed issue with OpenToken debug options
-- fixed Chrome crashing on websites that cause the invocation of "FindAppUriHandlersAsync" [#198](https://github.com/sandboxie-plus/Sandboxie/issues/198)
-- fixed issue connecting to the driver when starting in portable mode
-- fixed missing template setup when creating new boxes
-
-### removed
-- removed obsolete "OpenDefaultClsid=n" use "ClosedClsid=" with the appropriate values instead
-- removed suspend/resume menu entry, pooling that state wastes substantial CPU cycles; use task explorer for that functionality
-
-
-
-## [0.5.2a / 5.45.1] - 2020-12-23
-
-### Fixed
-- fixed translation support in the SandMan UI
-- fixed sandboxed explorer issue [#289](https://github.com/sandboxie-plus/Sandboxie/issues/289)
-- fixed simplified Chinese localization
-
-
-
-## [0.5.2 / 5.45.1] - 2020-12-23
-
-### Added
-- added advanced new box creation dialog to SandMan UI
-- added show/hide tray context menu entry
-- added refresh button to file recovery dialog
-- added mechanism to load icons from {install-dir}/Icons/{icon}.png for UI customization
-- added tray indicator to show disabled forced program status in the SandMan UI
-- added program name suggestions to box options in SandMan UI
-- added saving of column sizes in the options window
-
-### Changed
-- reorganized the advanced box options a bit
-- changed icons (thanks Valinwolf for picking the new ones) [#235](https://github.com/sandboxie-plus/Sandboxie/issues/235)
-- updated Templates.ini (thanks isaak654) [#256](https://github.com/sandboxie-plus/Sandboxie/pull/256) [#258](https://github.com/sandboxie-plus/Sandboxie/pull/258)
-- increased max value for disable forced process time in SandMan UI
-
-### Fixed
-- fixed BSOD introduced in 5.45.0 when using Windows 10 "core isolation" [#221](https://github.com/sandboxie-plus/Sandboxie/issues/221)
-- fixed minor issue with lingering/leader processes
-- fixed menu issue in SandMan UI
-- fixed issue with stop behaviour page in SandMan UI
-- fixed issue with Plus installer not displaying KmdUtil window
-- fixed SandMan UI saving UI settings on Windows shutdown
-- fixed issue with Plus installer autorun [#247](https://github.com/sandboxie-plus/Sandboxie/issues/247)
-- fixed issue with legacy installer not removing all files
-- fixed a driver compatibility issue with Windows 20H1 and later [#228](https://github.com/sandboxie-plus/Sandboxie/issues/228)
--- this solves "stop pending", LINE messenger hanging and other issues...
-- fixed quick recovery issue in SbieCtrl.exe introduced in 5.45.0 [#224](https://github.com/sandboxie-plus/Sandboxie/issues/224)
-- fixed issue advanced hide process settings not saving
-- fixed some typos in the UI (thanks isaak654) [#252](https://github.com/sandboxie-plus/Sandboxie/pull/252) [#253](https://github.com/sandboxie-plus/Sandboxie/pull/253) [#254](https://github.com/sandboxie-plus/Sandboxie/pull/254)
-- fixed issue with GetRawInputDeviceInfo failing when boxed processes are put in a job object [#176](https://github.com/sandboxie-plus/Sandboxie/issues/176) [#233](https://github.com/sandboxie-plus/Sandboxie/issues/233)
--- this fix resolves issues with CP2077 and other games not getting keyboard input (thanks Rostok)
-- fixed failing ClipCursor won't longer span the message log
-- fixed issue with adding recovery folders in SandMan UI
-- fixed issue with Office 2019 template when using a non-default Sbie install location
-- fixed issue setting last access attribute on sandboxed folders [#218](https://github.com/sandboxie-plus/Sandboxie/issues/218)
-- fixed issue with process start signal
-
-
-
-## [0.5.1 / 5.45.0] - 2020-12-12
-
-### Added
-- added simple view mode
-
-### Changed
-- updated SandMan UI to use Qt 5.15.1
-
-### Fixed
-- fixed crash issue with progress dialog
-- fixed progress dialog cancel button not working for update checker
-- fixed issue around NtQueryDirectoryFile when deleting sandbox content
-- fixed dark theme in the notification window
-- fixed issue with disable force programs tray menu
-
-
-
-## [0.5.0 / 5.45.0] - 2020-12-06
-
-### Added
-- added new notification window
-- added user interactive control mechanism when using the new SandMan UI
--- when a file exceeds the copy limit instead of failing, the user is prompted if the file should be copied or not
--- when internet access is blocked it now can be exempted in real time by the user
-- added missing file recovery and auto/quick recovery functionality [#188](https://github.com/sandboxie-plus/Sandboxie/issues/188) [#178](https://github.com/sandboxie-plus/Sandboxie/issues/178)
-- added silent MSG_1399 boxed process start notification to keep track of short lived boxed processes
-- added ability to prevent system wide process starts, Sandboxie can now instead of just alerting also block processed on the alert list
--- set "StartRunAlertDenied=y" to enable process blocking
-- the process start alert/block mechanism can now also handle folders use "AlertFolder=..."
-- added ability to merge snapshots [#151](https://github.com/sandboxie-plus/Sandboxie/issues/151)
-- added icons to the sandbox context menu in the new UI
-- added more advanced options to the sandbox options window
-- added file migration progress indicator
-- added more run commands and custom run commands per sandbox
--- the box settings users can now specify programs to be available from the box run menu
--- also processes can be pinned to that list from the presets menu
-- added more Windows 10 specific template presets
-- added ability to create desktop shortcuts to sandboxed items
-- added icons to box option tabs
-- added box grouping
-- added new debug option "DebugTrace=y" to log debug output to the trace log
-- added check for updates to the new SandMan UI
-- added check for updates to the legacy SbieCtrl UI
-
-### Changed
-- File migration limit can now be disabled by specifying "CopyLimitKb=-1" [#526](https://github.com/sandboxie-plus/Sandboxie/issues/526)
-- improved and refactored message logging mechanism, reducing memory usage by factor of 2
-- terminated boxed processes are now kept listed for a couple of seconds
-- reworked sandbox deletion mechanism of the new UI
-- restructured sandbox options window
-- SbieDLL.dll can now be compiled with an up to date ntdll.lib (Thanks to TechLord from Team-IRA for help)
-- improved automated driver self repair
-
-### Fixed
-- fixed issues migrating files > 4GB
-- fixed an issue that would allow a malicious application to bypass the internet blockade
-- fixed issue when logging messages from a non-sandboxed process, added process_id parameter to API_LOG_MESSAGE_ARGS
-- fixed issues with localization
-- fixed issue using file recovery in legacy UI SbieCtrl.exe when "SeparateUserFolders=n" is set
-- when a program is blocked from starting due to restrictions no redundant messages are issued any more
-- fixed UI not properly displaying async errors
-- fixed issues when a snapshot operation failed
-- fixed some special cases of IpcPath and WinClass in the new UI
-- fixed driver issues with WHQL passing compatibility testing
-- fixed issues with Classic installer
-
-
-
-## [0.4.5 / 5.44.1] - 2020-11-16
-
-### Added
-- added "Terminate all processes" and "disable forced programs" commands to tray menu in SandMan UI
-- program start restrictions settings now can be switched between a white list and a black list
--- programs can be terminated and blacklisted from the context menu
-- added additional process context menu options, lingering and leader process can be now set from menu
-- added option to view template presets for any given box
-- added text filter to templates view
-- added new compatibility templates:
--- Windows 10 core UI component: OpenIpcPath=\BaseNamedObjects\[CoreUI]-* solving issues with Chinese Input and Emojis [#120](https://github.com/sandboxie-plus/Sandboxie/issues/120) [#88](https://github.com/sandboxie-plus/Sandboxie/issues/88)
--- Firefox Quantum, access to Windows's FontCachePort for compatibility with Windows 7
-- added experimental debug option "OriginalToken=y" which lets sandboxed processes retain their original unrestricted token
--- This option is comparable with "OpenToken=y" and is intended only for testing and debugging, it BREAKS most SECURITY guarantees (!)
-- added debug option "NoSandboxieDesktop=y" it disables the desktop proxy mechanism
--- Note: without an unrestricted token with this option applications won't be able to start
-- added debug option "NoSysCallHooks=y" it disables the sys call processing by the driver
--- Note: without an unrestricted token with this option applications won't be able to start
-- added ability to record verbose access traces to the Resource Monitor
--- use ini options "FileTrace=*", "PipeTrace=*", "KeyTrace=*", "IpcTrace=*", "GuiTrace=*" to record all events
--- replace "*" to log only: "A" - allowed, "D" - denied, or "I" - ignore events
-- added ability to record debug output strings to the Resource Monitor
--- use ini option DebugTrace=y to enable
-
-### Changed
-- AppUserModelID string no longer contains Sandboxie version string
-- now by default Sbie's application manifest hack is disabled, as it causes problems with version checking on Windows 10
--- to enable old behaviour add "PreferExternalManifest=y" to the global or the box specific ini section
-- the resource log mechanism can now handle multiple strings to reduce on string copy operations
-
-### Fixed
-- fixed issue with disabling some restriction settings failed
-- fixed disabling of internet block from the presets menu sometimes failed
-- the software compatibility list in the SandMan UI now shows the proper template names
-- fixed use of freed memory in the driver
-- replaced swprintf with snwprintf to prevent potential buffer overflow in SbieDll.dll
-- fixed bad list performance with resource log and API log in SandMan UI
-
-
-
-## [0.4.4 / 5.44.0] - 2020-11-03
-
-### Added
-- added SbieLdr (experimental)
-
-### Changed
-- moved code injection mechanism from SbieSvc to SbieDll
-- moved function hooking mechanism from SbieDrv to SbieDll
-- introduced a new driverless method to resolve wow64 ntdll base address
-
-### removed
-- removed support for Windows Vista x64
-
-
-
-## [0.4.3 / 5.43.7] - 2020-11-03
-
-### Added
-- added disable forced programs menu command to the SandMan UI
-
-### Fixed
-- fixed file rename bug introduced with an earlier Driver Verifier fix [#174](https://github.com/sandboxie-plus/Sandboxie/issues/174) [#153](https://github.com/sandboxie-plus/Sandboxie/issues/153)
-- fixed issue saving access lists
-- fixed issue with program groups parsing in the SandMan UI
-- fixed issue with internet access restriction options [#177](https://github.com/sandboxie-plus/Sandboxie/issues/177) [#185](https://github.com/sandboxie-plus/Sandboxie/issues/185)
-- fixed issue deleting sandbox when located on a drive directly [#139](https://github.com/sandboxie-plus/Sandboxie/issues/139)
-
-
-
-## [0.4.2 / 5.43.6] - 2020-10-10
-
-### Added
-- added "explore box" content menu option
-
-### Fixed
-- fixed thread handle leak in SbieSvc and other components [#144](https://github.com/sandboxie-plus/Sandboxie/issues/144)
-- msedge.exe is now categorized as a Chromium derivate
-- fixed Chrome 86+ compatibility bug with Chrome's own sandbox [#149](https://github.com/sandboxie-plus/Sandboxie/issues/149)
-
-
-
-## [0.4.1 / 5.43.5] - 2020-09-12
-
-### Added
-- added core version compatibility check to SandMan UI
-- added shell integration options to SbiePlus
-
-### Changed
-- SbieCtrl no longer auto-shows the tutorial on first start
-- when hooking to the trampoline, the migrated section of the original function is no longer noped out
--- it caused issues with Unity games
-
-### Fixed
-- fixed colour issue with vertical tabs in dark mode
-- fixed wrong path separators when adding new forced folders
-- fixed directory listing bug introduced in 5.43
-- fixed issues with settings window when not being connected to driver
-- fixed issue when starting SandMan UI as admin
-- fixed auto-content-delete not working with SandMan UI
-
-
-
-## [0.4.0 / 5.43] - 2020-09-05
-
-### Added
-- added a proper custom installer to the Plus release
-- added sandbox snapshot functionality to Sbie core
--- filesystem is saved incrementally, the snapshots built upon each other
--- each snapshot gets a full copy of the box registry for now
--- each snapshot can have multiple children snapshots
-- added access status to Resource Monitor
-- added setting to change border width [#113](https://github.com/sandboxie-plus/Sandboxie/issues/113)
-- added snapshot manager UI to SandMan
-- added template to enable authentication with an Yubikey or comparable 2FA device
-- added UI for program alert
-- added software compatibility options to the UI
-
-### Changed
-- SandMan UI now handles deletion of sandbox content on its own
-- no longer adding redundant resource accesses as new events
-
-### Fixed
-- fixed issues when hooking functions from delay loaded libraries
-- fixed issues when hooking an already hooked function
-- fixed issues with the new box settings editor
-
-### Removed
-- removes deprecated workaround in the hooking mechanism for an obsolete anti-malware product
-
-
-
-## [0.3.5 / 5.42.1] - 2020-07-19
-
-### Added
-- added settings window
-- added translation support
-- added dark theme
-- added auto start option
-- added sandbox options
-- added debug option "NoAddProcessToJob=y"
-
-### Changed
-- improved empty sandbox tray icon
-- improved message parsing
-- updated homepage links
-
-### Fixed
-- fixed ini issue with SandMan.exe when renaming sandboxes
-- fixed ini auto reload bug introduced in the last build
-- fixed issue when hooking delayed loaded libraries
-
-
-
-## [0.3 / 5.42] - 2020-07-04
-
-### Added
-- API_QUERY_PROCESS_INFO can be now used to get the original process token of sandboxed processes
--- Note: this capability is used by TaskExplorer to allow inspecting sandbox internal tokens
-- added option "KeepTokenIntegrity=y" to make the Sbie token keep its initial integrity level (debug option)
--- Note: Do NOT USE Debug Options if you don't know their security implications (!)
-- added process id to log messages very useful for debugging
-- added finder to resource log
-- added option "HideHostProcess=program.exe" to hide unsandboxed host processes
--- Note: Sbie hides by default processes from other boxes, this behaviour can now be controlled with "HideOtherBoxes=n"
-- Sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" however this breaks the sandboxed explorer and others
-- Built-in Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
-- Processes can be now terminated with the del key, and require a confirmation
-- added sandboxed window border display to SandMan.exe
-- added notification for Sbie log messages
-- added Sandbox Presets submenu allowing to quickly change some settings
--- Enable/Disable API logging, logapi_dll's are now distributed with SbiePlus
--- And other: Drop admin rights; Block/Allow internet access; Block/Allow access to files on the network
-- added more info to the sandbox status column
-- added path column to SbieModel
-- added info tooltips in SbieView
-
-### Changed
-- reworked ApiLog, added PID and PID filter
-- auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes
-- Sandbox names now replace "_" with " " for display allowing to use names that are made of separated words
-
-### Fixed
-- added missing PreferExternalManifest initialization to portable mode
-- FIXED SECURITY ISSUE ID-2: fixed permission issues with sandboxed system processes
--- Note: you can use "ExposeBoxedSystem=y" for the old behaviour (debug option)
-- FIXED SECURITY ISSUE ID-3: fixed missing SCM access check for sandboxed services (thanks Diversenok)
--- Note: to disable the access check use "UnrestrictedSCM=y" (debug option)
-- fixed missing initialization in service server that caused sandboxed programs to crash when querying service status
-- fixed many bugs that caused the SbieDrv.sys to BSOD when running with Driver Verifier enabled [#57](https://github.com/sandboxie-plus/Sandboxie/issues/57)
--- 0xF6 in GetThreadTokenOwnerPid and File_Api_Rename
--- missing non optional parameter for FltGetFileNameInformation in File_PreOperation
--- 0xE3 in Key_StoreValue and Key_PreDataInject
-
-
-
-## [0.2.2 / 5.41.2] - 2020-06-19
-
-### Added
-- added option "SeparateUserFolders=n" to no longer have the user profile files stored separately in the sandbox
-- added "SandboxieLogon=y" - it makes processes run under the SID of the "Sandboxie" user instead of the Anonymous user
--- Note: the global option "AllowSandboxieLogon=y" must be enabled, the "Sandboxie" user account must be manually created first and the driver reloaded, else process start will fail
-- improved debugging around process creation errors in the driver
-
-### Fixed
-- fixed some log messages going lost after driver reload
-- found a workable fix for the MSI installer issue, see Proc_CreateProcessInternalW_RS5
-
-
-
-## [0.2.1 / 5.41.1] - 2020-06-18
-
-### Added
-- added different sandbox icons for different types
--- Red LogAPI/BSA enabled
--- more to come :D
-- added progress window for async operations that take time
-- added DPI awareness [#56](https://github.com/sandboxie-plus/Sandboxie/issues/56)
-- the driver file is now obfuscated to avoid false positives
-- additional debug options to Sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y
--- Note: using these options weakens the sandboxing, they are intended for debugging and may be used for better application virtualization later
-
-### Changed
-- SbieDll.dll when processing InjectDll now looks in the SbieHome folder for the DLLs if the entered path starts with a backslash
--- i.e. "InjectDll=\LogAPI\i386\logapi32v.dll" or "InjectDll64=\LogAPI\amd64\logapi64v.dll"
-
-### Fixed
-- IniWatcher did not work in portable mode
-- service path fix broke other services, now properly fixed, maybe
-- found workaround for the MSI installer issue
-
-
-
-## [0.2 / 5.41.0] - 2020-06-08
-
-### Added
-- IniWatcher, the .ini is now reloaded automatically every time it changes
-- added Maintenance menu to the Sandbox menu, allowing to install/uninstall and start/stop Sandboxie driver, service
-- SandMan.exe now is packed with Sbie files and when no Sbie is installed acts as a portable installation
-- added option to clean-up logs
-
-### Changed
-- Sbie driver now first checks the home path for the configuration file Sandboxie.ini before checking SystemRoot
-
-### Fixed
-- FIXED SECURITY ISSUE ID-1: sandboxed processes could obtain a write handle on non sandboxed processes (thanks Diversenok)
--- this allowed to inject code in non sandboxed processes
-- fixed issue boxed services not starting when the path contained a space
-- NtQueryInformationProcess now returns the proper sandboxed path for sandboxed processes
-
-
-
-## [0.1 / 5.40.2] - 2020-06-01
-
-### Added
-- created a new Qt based UI names SandMan (Sandboxie Manager)
-- Resource Monitor now shows the PID
-- added basic API call log using updated BSA LogApiDll
-
-
-### Changed
-- reworked Resource Monitor to work with multiple event consumers
-- reworked log to work with multiple event consumers
-
-
-
-## [5.40.1] - 2020-04-10
-
-### Added
-- "Other" type for the Resource Access Monitor
--- added call to StartService to the logged Resources
-
-### Fixed
-- fixed "Windows Installer Service could not be accessed" that got introduced with Windows 1903
-
diff --git a/PlusContent/compartment-mode.md b/PlusContent/compartment-mode.md
index c99f7c167..d24acf502 100644
--- a/PlusContent/compartment-mode.md
+++ b/PlusContent/compartment-mode.md
@@ -4,16 +4,17 @@
The concept of an "Application Compartment" mode was introduced in **Sandboxie Plus v1.0.0**. This mode disables the normally used token-based security isolation in order to significantly improve compatibility while still retaining a level of security comparable to that of other available sandboxing products. It avoids many of the typical Sandboxie issues caused by processes running with a heavily restricted token.
-The setting for a compartment box can be enabled by adding `NoSecurityIsolation=y` to the box settings section of **Sandboxie.ini**. It can also be enabled in the Sandman UI. Right-click on a box and select "Sandbox Options" from the drop-down menu (or simply double-click on a box) to bring up the Box Options UI. Select the Box Type Preset as "Application Compartment (NO Isolation)" (with a **green** box icon) and click OK to apply changes. The status column of Sandman UI labels this box as **Application Compartment**.
+The setting for a compartment box can be enabled by adding `NoSecurityIsolation=y` to the box settings section of **[Sandboxie Ini](../Content/SandboxieIni.md)**. It can also be enabled in the Sandman UI. Right-click on a box and select "Sandbox Options" from the drop-down menu (or simply double-click on a box) to bring up the Box Options UI. Select the box type preset as "Application Compartment (NO Isolation)" (with a **green** box icon) and click OK to apply changes. The status column of Sandman UI labels this box as **Application Compartment**.
-In compartment mode, file system and registry filtering are still in place to enforce any access rules. So, processes do run without administrative privileges. This filtering can be disabled by adding `NoSecurityFiltering=y` to the box settings section of **Sandboxie.ini** in order to provide a greater degree of compatibility.
+In compartment mode, file system and registry filtering are still in place to enforce any access rules. So, processes do run without administrative privileges. This filtering can be disabled by adding `NoSecurityFiltering=y` to the box settings section of **[Sandboxie Ini](../Content/SandboxieIni.md)** in order to provide a greater degree of compatibility.
-A new object access filter, enabled by default for new installations since **Sandboxie Plus v1.0.16**, replaces the Sandboxie's old process/thread handle filter to facilitate process isolation. For previous versions starting with **Sandboxie Plus v1.0.0**, it can be enabled by adding `EnableObjectFiltering=y` to the [GlobalSettings] section of **Sandboxie.ini**.
+A new object access filter, enabled by default for new installations since **Sandboxie Plus v1.0.16**, replaces the Sandboxie's old process/thread handle filter to facilitate process isolation. For previous versions starting with **Sandboxie Plus v1.0.0**, it can be enabled by adding `EnableObjectFiltering=y` to the [GlobalSettings] section of **[Sandboxie Ini](../Content/SandboxieIni.md)**.
**Caveat:** Even though an application compartment virtualizes the file system and registry, it does not change the process token or apply other more limiting restrictions. As a result, a process could potentially escape the virtualization. Because of this reduced security (even though it is only a slight reduction), this mode should be **avoided for untrusted applications**.
**Recent Changes:** Token based workarounds were added in subsequent Sandboxie Plus versions to facilitate even greater compatibility with the more commonly used programs. They used `DropAppContainerToken=y` for such workarounds and `FakeAppContainerToken=program.exe,n` to disable their use for a specific program. In **Sandboxie Plus v1.8.2a** and above, such workarounds are disabled when in compartment mode. In case of issues with some programs (primarily browsers), they can be re-enabled by using `DeprecatedTokenHacks=y`. **Sandboxie Plus v1.8.0** moved the built-in access rules for an application compartment box to a dedicated template (included in the file **Templates.ini** under the `[TemplateAppCPaths]` section) for easier management. **Sandboxie Plus v1.10.1** addressed and fixed various long-standing bugs affecting application compartment boxes.
-**Fun Fact (for any box type):** If you add `OpenFilePath=*` to the box settings section of **Sandboxie.ini** (or disable the isolation in some other way), the status column in the Sandman UI displays **OPEN Root Access** as a warning that this box is no longer really a "sandbox"! Starting with **Sandboxie Plus v1.3.2**, the box icon also changes its default color.
+**Fun Fact (for any box type):** If you add `OpenFilePath=*` to the box settings section of **[Sandboxie Ini](../Content/SandboxieIni.md)** (or disable the isolation in some other way), the status column in the Sandman UI displays **OPEN Root Access** as a warning that this box is no longer really a "sandbox"! Starting with **Sandboxie Plus v1.3.2**, the box icon also changes its default color.
+
diff --git a/PlusContent/contribute.md b/PlusContent/contribute.md
deleted file mode 100644
index 5ca4fae2d..000000000
--- a/PlusContent/contribute.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# Contributing to the Sandboxie project
-
-- [Monetary contributions](#monetary-contributions)
-- [Non-monetary contributions](#non-monetary-contributions)
-- [How to help with Sandboxie issues?](#how-to-help-with-sandboxie-issues)
-
-## Monetary contributions
-
-1. Get a [supporter certificate](https://sandboxie-plus.com/go.php?to=sbie-get-cert)
-A supporter certificate is like a license key and enables the use of new supporter exclusive features, like [Privacy Mode](https://sandboxie-plus.com/privacy-mode/) or [Application Compartment](https://sandboxie-plus.com/compartment-mode/) sandboxes. See the [Feature Comparison](https://sandboxie-plus.com/feature-comparison/) for more details and certificate options.
-In order to use Sandboxie Plus in specific business or education contexts, a [Business certificate](https://xanasoft.com/product/sandboxie-plus-business-certificate/) is required!
-
-2. Get a [Patreon subscription](https://www.patreon.com/DavidXanatos)
-Patreon certificates are valid for as long as the subscription is active and unlock all features. Patreons which ended their subscription are entitled to a residual certificate corresponding to the total amount of their support. See also [how to renew a Patreon supporter certificate](https://github.com/sandboxie-plus/Sandboxie/issues/2144).
-
-3. Donate with PayPal
-
-
-4. Donate with cryptocurrencies
-In order to arrange custom payments with cryptocurrencies, please get in touch by [email](https://xanasoft.com/contact/).
-
-In case of issues with your refund request, please get in touch by [email](https://xanasoft.com/contact/) with the full name and order ID.
-
-## Non-monetary contributions
-
-Contributor certificates do not expire (regardless of how many PCs you own) and are available to all people who open meaningful [pull requests](https://docs.github.com/articles/creating-a-pull-request) or provide continued support to the [Sandboxie-docs](https://github.com/sandboxie-plus/sandboxie-docs) / [Sandboxie](https://github.com/sandboxie-plus/Sandboxie) repositories.
-
-For example:
-
-1. You could add a new Sandboxie Plus translation for the language of your country, see also [Localization notes and tips](https://github.com/sandboxie-plus/Sandboxie/discussions/1123#discussioncomment-1203489).
-2. You could help to keep updated our [Sandboxie-docs repository](https://github.com/sandboxie-plus/sandboxie-docs) by providing a number of meaningful changes. More volunteers are needed to keep it constantly updated with the new introduced settings mentioned in the [CHANGELOG.md](https://github.com/sandboxie-plus/Sandboxie/blob/master/CHANGELOG.md) file.
-3. You could provide new code changes that fix a specific Sandboxie functionality or introducing a new one.
-4. You could offer your availability to become a [collaborator](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/permission-levels-for-a-personal-account-repository#collaborator-access-for-a-repository-owned-by-a-personal-account) in the [Sandboxie-docs](https://github.com/sandboxie-plus/sandboxie-docs) / [Sandboxie](https://github.com/sandboxie-plus/Sandboxie) repositories (after proving your continued support with open issues and/or sufficient skills to manage pull requests).
-
-If you are willing to become a new contributor or collaborator, please get in touch by [email](https://xanasoft.com/contact/) for further details.
-
-## How to help with Sandboxie issues?
-
-We encourage the developers and community to conduct research, report issues, and suggest improvements on this code base.
-However, please do not report security vulnerabilities in public GitHub comments. This repository has a [SECURITY.md](https://github.com/sandboxie-plus/Sandboxie/blob/master/SECURITY.md) file with instructions on responsibly reporting security vulnerabilities.
-
-You may also want to follow the following topics:
-
-- [The least strict sandboxing rules](https://github.com/sandboxie-plus/Sandboxie/issues/1515#issuecomment-1006408988)
-- [The use of the Sandboxie Trace log features](https://github.com/sandboxie-plus/Sandboxie/issues/1208#issuecomment-1200170825)
-- [The use of Procmon traces to track file and registry access](https://github.com/sandboxie-plus/Sandboxie/issues/1679#issuecomment-1065760921)
-- [Reporting issues to third-party vendors in case of evident conflicts](https://github.com/sandboxie-plus/Sandboxie/issues/2025#issuecomment-1200110235)
-- Check out the new introduced features in the [CHANGELOG.md](https://github.com/sandboxie-plus/Sandboxie/blob/master/CHANGELOG.md) file
(a good way to highlight them is a simple search of the `=` sign in your browser)
-- Check out whether the problem has already been reported:
-
- in the [Issues](https://github.com/sandboxie-plus/Sandboxie/issues) section of this repository (including the [labels](https://github.com/sandboxie-plus/Sandboxie/labels))
-
- in the [Discussions](https://github.com/sandboxie-plus/Sandboxie/discussions) section of this repository
-
- in the [Issues](https://github.com/sandboxie-plus/sandboxie-docs/issues) section of the Sandboxie-docs repository
-
- in the [cached copy](https://www.ecosia.org/search?method=index&q=site%3Ahttps%3A%2F%2Fsandboxie-website-archive.github.io%2Fwww.sandboxie.com%2Fold-forums%2F) of the old Sandboxie forum
-
- in the other [support channels](https://github.com/sandboxie-plus/Sandboxie/discussions/1768)
diff --git a/PlusContent/feature-comparison.md b/PlusContent/feature-comparison.md
deleted file mode 100644
index 30877c0fa..000000000
--- a/PlusContent/feature-comparison.md
+++ /dev/null
@@ -1,233 +0,0 @@
-Sandboxie Plus and Classic share the same core components, the main difference is that the Classic UI is no longer under development. Hence a UI for new core functionality is only available in the SandMan UI of the Sandboxie-Plus. Likewise various other new features are only implemented in the SandMan UI.
-
-Some exclusive functionality is only available to project supporters with a valid [Supporter Certificate](https://sandboxie-plus.com/supporter-certificate/), see the table below.
-
-**Please note that to use Sandboxie Plus in a commercial or educational setting a [Business Certificate](https://xanasoft.com/product/sandboxie-plus-business-certificate/) is required!**
-
-
-
-
- | Plus vs. Classic |
- Free |
- Supported |
-
- Free vs. Supported |
- Free |
- Small |
- Medium |
- Large |
- Business |
- Huge |
-
-
- | Usage |
- |
- |
- |
-
- Personal |
- Personal |
- Personal |
- Personal |
- Commercial |
- Personal |
-
-
- | Support reminder |
- Yes |
- No |
- |
-
- Yes |
- No |
- No |
- No |
- No |
- No |
-
-
- | PC’s per Certificate |
- |
- As Certified |
- |
-
- |
- Personal |
- Personal |
- Personal and Family |
- 1 |
- Personal and Family |
-
-
- | Expiration |
- |
- As Certified |
- |
-
- |
- 1 year |
- 1 year |
- 2 years |
- 1 year |
- No |
-
-
- | Old builds work after expiration |
- |
- As Certified |
- |
-
- |
- No |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | UI Dark mode |
- No |
- No |
- |
-
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Start Menu Integration |
- No |
- No |
- |
-
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Windows 11 Context menu |
- No |
- No |
- |
-
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Box Snapshots |
- No |
- No |
- |
-
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Object Filtering |
- Yes |
- Yes |
- |
-
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | WFP support |
- No |
- Yes (no UI) |
- |
-
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Privacy enchanced boxes |
- No |
- Yes (no UI) |
- |
-
- No |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Security Enchanced boxes |
- No |
- Yes (no UI) |
- |
-
- No |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Compatybility enchanced boxes |
- No |
- Yes (no UI) |
- |
-
- No |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
- | Process Breakout |
- Yes (no UI) |
- Yes (no UI) |
- |
-
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
- Yes |
-
-
-
-
-
-
diff --git a/PlusContent/imdisk.md b/PlusContent/imdisk.md
index 140a66768..5e5947b2c 100644
--- a/PlusContent/imdisk.md
+++ b/PlusContent/imdisk.md
@@ -1 +1,4 @@
-ImDisk Driver
\ No newline at end of file
+# ImDisk
+
+TODO
+
diff --git a/PlusContent/privacy-mode.md b/PlusContent/privacy-mode.md
index 4518f9ed8..0a5c3eee8 100644
--- a/PlusContent/privacy-mode.md
+++ b/PlusContent/privacy-mode.md
@@ -6,7 +6,7 @@ The concept of privacy mode and privacy enhanced (or Data Protection) boxes was
In this mode, most of the locations on a PC are set to be treated like a Write[File/Key]Path, which means the sandboxed locations are writable, but the unsandboxed locations are not readable.
In addition, the registry does not allow reading of user root keys. In other words, even though sandboxed processes can continue to work, they cannot access private user data.
-The setting for a privacy enhanced box can be enabled by adding `UsePrivacyMode=y` to the box settings section of **Sandboxie.ini**. It can also be enabled in the Sandman UI. Right-click on a box and select "Sandbox Options" from the drop-down menu (or simply double-click on a box) to bring up the Box Options UI. Select the Box Type Preset as "Sandbox with Data Protection" (with a **blue** box icon) and click OK to apply changes. The status column of Sandman UI labels this box as **Privacy Enhanced**.
+The setting for a privacy enhanced box can be enabled by adding `UsePrivacyMode=y` to the box settings section of **[Sandboxie Ini](../Content/SandboxieIni.md)**. It can also be enabled in the Sandman UI. Right-click on a box and select "Sandbox Options" from the drop-down menu (or simply double-click on a box) to bring up the Box Options UI. Select the box type preset as "Sandbox with Data Protection" (with a **blue** box icon) and click OK to apply changes. The status column of Sandman UI labels this box as **Privacy Enhanced**.
@@ -27,3 +27,4 @@ Internally, a privacy enhanced box is based on three defaults:
- Internally, rule specificity is **always enabled** in privacy mode. It uses the **[Normal](../Content/NormalFilePath.md)** path directive (`Normal[File/Ipc/Key]Path`) to open selected locations to be **readable and sandboxed**. Note that setting a path to normal is meaningful only when a parent path was first set to something else, as done in privacy mode. It is thus relevant not only for **blue** boxes (based on privacy mode) but also for **red** boxes (with both privacy mode **and** [security mode](../PlusContent/security-mode.md) enabled).
**Recent Changes:** Upon the introduction of privacy mode, a few built-in access rules were offered for some of the more common browsers and applications and these were augmented in later versions. Starting with **Sandboxie Plus v1.8.0**, all built-in access rules have been moved to a set of default templates (included in the file **Templates.ini** under the `[TemplatePModPaths]` section) for easier management.
+
diff --git a/PlusContent/privacy-policy.md b/PlusContent/privacy-policy.md
deleted file mode 100644
index 134e7ad33..000000000
--- a/PlusContent/privacy-policy.md
+++ /dev/null
@@ -1 +0,0 @@
-Who we are
Our website address is: https://xanasoft.net.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Additional information
How we protect your data
What data breach procedures we have in place
What third parties we receive data from
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements
\ No newline at end of file
diff --git a/PlusContent/sandboxie-plus.md b/PlusContent/sandboxie-plus.md
index b4a81fc00..74417d1ef 100644
--- a/PlusContent/sandboxie-plus.md
+++ b/PlusContent/sandboxie-plus.md
@@ -1,5 +1,6 @@
-[Sandboxie](Sandboxie.md) is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. It is being developed by David Xanatos since it became open source, before that it was developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur). It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.
+[Sandboxie](../Content/Sandboxie.md) is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It is being developed by David Xanatos since it became open source, before that it was developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur). It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.
-Since the Open Sourcing sandboxie is being released in two flavors the classical build with a [MFC](https://en.wikipedia.org/wiki/Microsoft_Foundation_Class_Library) based UI and as plus build that incorporates new features and an entirely new [Q’t](https://www.qt.io/) based UI. All newly added features target the plus branch but often can be utilized in the classical edition by manually editing the sandboxie.ini file.
+Since the open sourcing, Sandboxie is being released in two flavors: the Classic build with a [MFC](https://en.wikipedia.org/wiki/Microsoft_Foundation_Class_Library)-based UI and a Plus build that incorporates new features with an entirely new [Qt](https://www.qt.io/)-based UI. All newly added features target the Plus branch, but can often be utilized in the Classic edition by manually editing the [Sandboxie Ini](../Content/SandboxieIni.md) file.
+
+The full Sandboxie documentation can be found through the [Support Page Index](../Content/AllPages.md), or you can start directly with the [Help Topics](../Content/HelpTopics.md) overview.
-The full archived classical sandboxie documentation can be found through the [Support Page Index](allpages.md), or you can start directly with the [Help Topics](helptopics.md) overview.
\ No newline at end of file
diff --git a/PlusContent/sandboxie-portable.md b/PlusContent/sandboxie-portable.md
index 1f23827e7..eab5d8319 100644
--- a/PlusContent/sandboxie-portable.md
+++ b/PlusContent/sandboxie-portable.md
@@ -1 +1,4 @@
-# Sandboxie-Portable
\ No newline at end of file
+# Sandboxie-Portable
+
+TODO
+
diff --git a/PlusContent/security-mode.md b/PlusContent/security-mode.md
index 07a331b0f..46540f3db 100644
--- a/PlusContent/security-mode.md
+++ b/PlusContent/security-mode.md
@@ -1,32 +1,32 @@
-# Security Hardened Mode
-
-
-**NOTE: This feature requires a [supporter certificate](https://sandboxie-plus.com/supporter-certificate/).**
-
-The security hardened box and the concept of security hardened mode was introduced in **Sandboxie Plus v1.3.0**. It restricts NT syscall elevation to approved known safe/filtered syscalls. It also provides device security by restricting device access to known safe/filtered endpoints.
-
-The setting for a security hardened box can be enabled by adding `UseSecurityMode=y` to the box settings section of **[Sandboxie Ini](../Content/SandboxieIni.md)**. It can also be enabled in the Sandman UI. Right-click on a box and select "Sandbox Options" from the drop-down menu (or simply double-click on a box) to bring up the Box Options UI. Select the Box Type Preset as "Security Hardened Sandbox" (with an **orange** box icon) and click OK to apply changes. The status column of Sandman UI labels this box as **Enhanced Isolation**.
-
-
-
-Internally, the security hardened mode is based on four settings:
-```
-DropAdminRights=y
-RestrictDevices=y
-SysCallLockDown=y
-UseRuleSpecificity=y
-```
-1. **[DropAdminRights](../Content/DropAdminRights.md):** Prior to **Sandboxie Plus v1.3.0**, any box with `DropAdminRights=y` was considered **hardened** and labeled "Enhanced Isolation" in the Sandman UI status column. Starting with **Sandboxie Plus v1.3.0**, only boxes with `UseSecurityMode=y` have their status listed as "Enhanced Isolation".
-
-2. **SysCallLockDown:**
-The setting `SysCallLockDown=y` limits the use of NT system calls. Only those calls that are included as defaults in the file **Templates.ini** or
-calls configured in the [GlobalSettings] section of **Sandboxie.ini** as `ApproveWinNtSysCall=...` or `ApproveWin32SysCall=...`
-are executed with the original token. Any NT syscalls that are not approved are executed with the sandboxed token and may break compatibility in certain scenarios. To find which syscalls may be needed to make a particular program work is tedious and involves trial and error. But once these syscalls are found, they can be added to the [GlobalSettings] section of **Sandboxie.ini**. Note that **the machine must be rebooted (or the driver restarted) for them to take effect**.
-
-3. **RestrictDevices:** An earlier **"DeviceSecurity"** template was replaced by a dedicated setting `RestrictDevices=y` in **Sandboxie Plus v1.3.0** to harden box security even further. A security enhanced sandbox does not have access to drivers installed on the host. However, the use of appropriate **[Normal](../Content/NormalFilePath.md)** path directives can allow one to open specific devices as needed.
-
-4. **[Rule Specificity](../PlusContent/RuleSpecificity.md):** The setting `UseRuleSpecificity=y` allows rules to be prioritized based on their "specificity". When rule specifity is combined with `Normal[File/Key/Ipc]Path` entries, selected subpaths can be made readable/writeable while parent paths are still protected. A security hardened box works in a **default allow** mode: every path is a `Normal[File/Key/Ipc]Path` (which allows read/write changes to a sandbox) unless specifically blocked by an overriding rule.
-
-**Comparison with Other Box Types:** RuleSpecificity along with `Normal[File/Key/Ipc]Path` entries is also used in **blue** ([privacy enhanced](../PlusContent/privacy-mode.md)) boxes and in **red** boxes (that combine enhanced privacy and enhanced security). These two box types work in a **default block** mode: all drive paths are set to `WriteFilePath`. This hides all files and folders outside the sandbox, but allows new files and folders to be created in the sandbox (unless specifically allowed by an overriding rule).
-
-**Recent Changes:** Starting with **Sandboxie Plus v1.8.0**, all built-in access rules for a security hardened box have been moved to a dedicated template (included in the file **Templates.ini** under the `[TemplateSModPaths]` section) for easier management.
+# Security Hardened Mode
+
+
+**NOTE: This feature requires a [supporter certificate](https://sandboxie-plus.com/supporter-certificate/).**
+
+The security hardened box and the concept of security hardened mode was introduced in **Sandboxie Plus v1.3.0**. It restricts NT syscall elevation to approved known safe/filtered syscalls. It also provides device security by restricting device access to known safe/filtered endpoints.
+
+The setting for a security hardened box can be enabled by adding `UseSecurityMode=y` to the box settings section of **[Sandboxie Ini](../Content/SandboxieIni.md)**. It can also be enabled in the Sandman UI. Right-click on a box and select "Sandbox Options" from the drop-down menu (or simply double-click on a box) to bring up the Box Options UI. Select the box type preset as "Security Hardened Sandbox" (with an **orange** box icon) and click OK to apply changes. The status column of Sandman UI labels this box as **Enhanced Isolation**.
+
+
+
+Internally, the security hardened mode is based on four settings:
+```
+DropAdminRights=y
+RestrictDevices=y
+SysCallLockDown=y
+UseRuleSpecificity=y
+```
+1. **[DropAdminRights](../Content/DropAdminRights.md):** Prior to **Sandboxie Plus v1.3.0**, any box with `DropAdminRights=y` was considered **hardened** and labeled "Enhanced Isolation" in the Sandman UI status column. Starting with **Sandboxie Plus v1.3.0**, only boxes with `UseSecurityMode=y` have their status listed as "Enhanced Isolation".
+
+2. **SysCallLockDown:**
+The setting `SysCallLockDown=y` limits the use of NT system calls. Only those calls that are included as defaults in the file **Templates.ini** or
+calls configured in the [GlobalSettings] section of **[Sandboxie Ini](../Content/SandboxieIni.md)** as `ApproveWinNtSysCall=...` or `ApproveWin32SysCall=...`
+are executed with the original token. Any NT syscalls that are not approved are executed with the sandboxed token and may break compatibility in certain scenarios. To find which syscalls may be needed to make a particular program work is tedious and involves trial and error. But once these syscalls are found, they can be added to the [GlobalSettings] section of **[Sandboxie Ini](../Content/SandboxieIni.md)**. Note that **the configuration must be reloaded using "Options -> Reload configuration" for these settings to take effect**.
+
+3. **RestrictDevices:** An earlier **"DeviceSecurity"** template was replaced by a dedicated setting `RestrictDevices=y` in **Sandboxie Plus v1.3.0** to harden box security even further. A security enhanced sandbox does not have access to drivers installed on the host. However, the use of appropriate **[Normal](../Content/NormalFilePath.md)** path directives can allow one to open specific devices as needed.
+
+4. **[Rule Specificity](../PlusContent/RuleSpecificity.md):** The setting `UseRuleSpecificity=y` allows rules to be prioritized based on their "specificity". When rule specifity is combined with `Normal[File/Key/Ipc]Path` entries, selected subpaths can be made readable/writeable while parent paths are still protected. A security hardened box works in a **default allow** mode: every path is a `Normal[File/Key/Ipc]Path` (which allows read/write changes to a sandbox) unless specifically blocked by an overriding rule.
+
+**Comparison with Other Box Types:** RuleSpecificity along with `Normal[File/Key/Ipc]Path` entries is also used in **blue** ([privacy enhanced](../PlusContent/privacy-mode.md)) boxes and in **red** boxes (that combine enhanced privacy and enhanced security). These two box types work in a **default block** mode: all drive paths are set to `WriteFilePath`. This hides all files and folders outside the sandbox, but allows new files and folders to be created in the sandbox (unless specifically allowed by an overriding rule).
+
+**Recent Changes:** Starting with **Sandboxie Plus v1.8.0**, all built-in access rules for a security hardened box have been moved to a dedicated template (included in the file **Templates.ini** under the `[TemplateSModPaths]` section) for easier management.
diff --git a/PlusContent/supporter-certificate.md b/PlusContent/supporter-certificate.md
index 274a0a3e2..1b0af302b 100644
--- a/PlusContent/supporter-certificate.md
+++ b/PlusContent/supporter-certificate.md
@@ -1,21 +1,16 @@
-A supporter certificate, is like a license key but for awesome people using and supporting open source software. :-)
+A supporter certificate is like a license key, but for awesome people using and supporting open source software. :-)
+Keeping Sandboxie up to date with the rolling releases of Windows and compatible with all web browsers is a never-ending endeavor. Please consider supporting this work with a PayPal donation or by purchasing a [Sandboxie Plus Supporter Certificate](https://sandboxie-plus.com/go.php?to=sbie-get-cert), you can also provide continuous support with a [Patreon subscription](https://sandboxie-plus.com/go.php?to=patreon).
-Keeping Sandboxie up to date with the rolling releases of Windows and compatible with all web browsers is a never-ending endeavor. Please consider supporting this work with a PayPal donation or by purchasing a [Sandboxie-Plus Supporter Certificate](https://sandboxie-plus.com/go.php?to=sbie-get-cert), you can also provide continuous support with a [Patreon subscription](https://sandboxie-plus.com/go.php?to=patreon).
+A support certificate enables the use of new supporter exclusive Plus features, like [Privacy Mode](../PlusContent/privacy-mode.md) or [App Compartment Boxes](../PlusContent/compartment-mode.md), see the [Feature Comparison Table](https://sandboxie-plus.com/feature-comparison/) for more details and certificate options.
+**Please note that a [Business Certificate](https://xanasoft.com/product/sandboxie-plus-business/) is required to use Sandboxie Plus in a business or educational setting!**
+**Patreon certificates** are valid for as long as the subscription is active and unlock all features. Patreons who have ended their subscription are entitled to a residual certificate corresponding to the total amount of their support.
-A support certificate enables the use of new supporter exclusive plus features, like [Privacy Mode](privacy-mode) or [App Compartment Boxes](compartment-mode), see the [Feature Comparison Table](https://sandboxie-plus.com/feature-comparison/) for more details and certificate options.
+**Contributor certificates** are available to all people that help by contributing to the project, these certificates do not expire. If you are a contributor, please get in touch by email or alike to get your certificate.
+
-
-**Patreon certificates** are valid for as long as the subscription is active and unlock all features. Patreons which ended their subscription are entitled to a residual certificate corresponding to the total amount of their support.
-
-**Contributor certificates** are available to all people that help by contributing to the project, these certificates do not expire. If you are a contributor please get in touch by eMail or alike to get your certificate.
-
-
-
diff --git a/PlusContent/translations.md b/PlusContent/translations.md
index 898cdb3a5..3ddfe34c1 100644
--- a/PlusContent/translations.md
+++ b/PlusContent/translations.md
@@ -33,3 +33,4 @@
|Turkish|Yes|Yes|
|Ukrainian|Yes|Yes|
|Vietnamese| |Yes
+