Full disclosure: The 64-bit edition of Sandboxie provides a reduced level of protection compared to the 32-bit edition of Sandboxie.
This shortcoming is the result of a new security feature introduced in 64-bit editions of Windows, called Kernel Patch Protection
. This feature aims to protect the core of Windows (the kernel) by regularly performing self-checks to detect changes.
The problem is that a stock Windows kernel does not provide all the facilities necessary to implement a security solution such as Sandboxie. On 32-bit Windows, Sandboxie can dynamically enhance the Windows kernel to provide the missing functionality. This is not possible on 64-bit Windows, due to the Kernel Patch Protection feature.
It should be noted, however, that even with this disadvantage, the 64-bit edition of Sandboxie is still an adequate front line of defense against most types of malicious software.
Additionally, in order to compensate for this disadvantage, the 64-bit edition of Sandboxie enables the Drop Rights
setting by default. This setting may need to be disabled before software can be installed into a sandbox.