Windows Sandbox
Published Dec 18 2018 04:18 PM 1.9M Views
Microsoft

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

 

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

 

At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

 

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

 

Prerequisites for using the feature

  • Windows 10 Pro or Enterprise Insider build 18305 or later
  • AMD64 architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • At least 1 GB of free disk space (SSD recommended)
  • At least 2 CPU cores (4 cores with hyperthreading recommended)

 

Quick start

  1. Install Windows 10 Pro or Enterprise, Insider build 18305 or newer
  2. Enable virtualization:
    • If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS.
    • If you are using a virtual machine, enable nested virtualization with this PowerShell cmdlet:
    • Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
  3. Open Windows Features, and then select Windows Sandbox. Select OK to install Windows Sandbox. You might be asked to restart the computer.
  4. Optional Windows Features dlg.png
  5. Using the Start menu, find Windows Sandbox, run it and allow the elevation
  6. Copy an executable file from the host
  7. Paste the executable file in the window of Windows Sandbox (on the Windows desktop)
  8. Run the executable in the Windows Sandbox; if it is an installer go ahead and install it
  9. Run the application and use it as you normally do
  10. When you’re done experimenting, you can simply close the Windows Sandbox application. All sandbox content will be discarded and permanently deleted
  11. Confirm that the host does not have any of the modifications that you made in Windows Sandbox.

 Windows Sandbox Screenshot - open.jpg

 

Windows Sandbox respects the host diagnostic data settings. All other privacy settings are set to their default values.

 

Windows Sandbox internals

Since this is the Windows Kernel Internals blog, let’s go under the hood. Windows Sandbox builds on the technologies used within Windows Containers. Windows containers were designed to run in the cloud. We took that technology, added integration with Windows 10, and built features that make it more suitable to run on devices and laptops without requiring the full power of Windows Server.

 

Some of the key enhancements we have made include:

 

Dynamically generated Image

At its core Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. One of the key enhancements we have made for Windows Sandbox is the ability to use a copy of the Windows 10 installed on your computer, instead of downloading a new VHD image as you would have to do with an ordinary virtual machine.

 

We want to always present a clean environment, but the challenge is that some operating system files can change. Our solution is to construct what we refer to as “dynamic base image”: an operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host. The majority of the files are links (immutable files) and that's why the small size (~100MB) for a full operating system. We call this instance the “base image” for Windows Sandbox, using Windows Container parlance.

 

When Windows Sandbox is not installed, we keep the dynamic base image in a compressed package which is only 25MB. When installed the dynamic base package it occupies about 100MB disk space.

 Dynamic Image.PNG

Smart memory management

Memory management is another area where we have integrated with the Windows Kernel. Microsoft’s hypervisor allows a single physical machine to be carved up into multiple virtual machines which share the same physical hardware. While that approach works well for traditional server workloads, it isn't as well suited to running devices with more limited resources. We designed Windows Sandbox in such a way that the host can reclaim memory from the Sandbox if needed.

 

Additionally, since Windows Sandbox is basically running the same operating system image as the host we also allow Windows sandbox to use the same physical memory pages as the host for operating system binaries via a technology we refer to as “direct map”. In other words, the same executable pages of ntdll, are mapped into the sandbox as that on the host. We take care to ensure this done in a secure manner and no secrets are shared. 

 Direct Map.PNG

Integrated kernel scheduler

With ordinary virtual machines, Microsoft’s hypervisor controls the scheduling of the virtual processors running in the VMs. However, for Windows Sandbox we use a new technology called “integrated scheduler” which allows the host to decide when the sandbox runs. 

 

For Windows Sandbox we employ a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of using the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine which results in a much more responsive host, similar to Linux KVM.

 

The whole goal here is to treat the Sandbox like an app but with the security guarantees of a Virtual Machine. 

 

Snapshot and clone

As stated above, Windows Sandbox uses Microsoft’s hypervisor. We're essentially running another copy of Windows which needs to be booted and this can take some time. So rather than paying the full cost of booting the sandbox operating system every time we start Windows Sandbox, we use two other technologies; “snapshot” and “clone.”

 

Snapshot allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in the memory rather than booting it, when we need a new instance of Windows Sandbox. This significantly improves the start time of Windows Sandbox. 

 

Graphics virtualization

Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments; e.g. Microsoft RemoteFX.

 

More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.

 

At a high level, this form of graphics virtualization works as follows:

  • Apps running in a Hyper-V VM use graphics APIs as normal.
  • Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
  • The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually they behave as one pool of graphics clients.

This process is illustrated below:

 

GPU virtualization for Sandbox - diagram.png 

 

This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.

 

To take advantage of these benefits, you’ll need a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer). Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology.

 

Battery pass-through

Windows Sandbox is also aware of the host’s battery state, which allows it to optimize power consumption. This is critical for a technology that will be used on laptops, where not wasting battery is important to the user.

 

Filing bugs and suggestions

As with any new technology, there may be bugs. Please file them so that we can continually improve this feature. 

 

File bugs and suggestions at Windows Sandbox's Feedback Hub (select Add new feedback), or follows these steps:

  1. Open the Feedback Hub
  2. Select Report a problem or Suggest a feature.
  3. Fill in the Summarize your feedback and Explain in more details boxes with a detailed description of the issue or suggestion.
  4. Select an appropriate category and subcategory by using the dropdown menus. There is a dedicated option in Feedback Hub to file "Windows Sandbox" bugs and feedback. It is located under "Security and Privacy" subcategory "Windows Sandbox".
  5. Feedback Hub.png
  6. Select Next 
  7. If necessary, you can collect traces for the issue as follows: Select the Recreate my problem tile, then select Start capture, reproduce the issue, and then select Stop capture.
  8. Attach any relevant screenshots or files for the problem.
  9. Submit

Conclusion

We look forward to you using this feature and receiving your feedback!

 

Cheers, 

Hari Pulapaka, Margarit Chenchev, Erick Smith, & Paul Bozzay

(Windows Sandbox team)

317 Comments
Copper Contributor
Yes, is started @ 18343.19h1. Localized Pro. The only thing I see is some devices have no installed drivers, HW IDs: 1. VMBUS\{dde9cbc0-5060-4436-9448-ea1254a5d177}, VMBUS\{711dad3a-73ce-468b-90a9-ede6906841b2} 2. VMBUS\{c376c1c3-d276-48d2-90a9-c04748072c60}, VMBUS\{c63c9bdf-5fa5-4208-b03f-6b458b365592} 3. Root\Spaceport 4. ROOT\vdrvroot
Copper Contributor

I've been waiting for the Sandbox feature for ages.  I was excited today and installed the latest (on slow ring) build to get it.

All installed and working, except for networking.

The sandboxed image doesn't get internet.

Is there any "in-depth" tech details somewhere about setting up and running sandboxes?  I thought I'd done everything necessary, but obviously something is missing...

Thanks.

Copper Contributor

My Sandbox wasn't started until I revealed that it has something with the network. Since a few flight ago my virtual network went to bad, I wasn't able to add back to the bridge - because when I'm adding it (still) I get a GSOD. So with the very latest flight in Skip ahead, 18841 has introduced a config file for SandBox. And I was able to remove the network and now it is working :)

Here is the config file, if anybody needs it:

 

&gtConfiguration&lt
&gtVGpu&ltDisable&gt/VGpu&lt
&gtNetworking&ltDisable&gt/Networking&lt
&gt/Configuration&lt

 

The GPU config can come handy for those who had problems with an advanced GPU...

Cheers,
Gyorgy

Copper Contributor
Replace the > and < code with the appropriate less than and greater than symbol, because this stupid chat sw doesn't allow to use them... :=( ^_^

@Ray Taylor  Thanks for trying Windows Sandbox! Please, submit a bug report via Feedback Hub so that we can investigate this issue.

Copper Contributor

Is there any way to install .NET 3.5?   There doesn't seem to be a way to for some reason. I have tried "add windows features" but the list of features is blank. and both PS and Dism commands result in a "Enable-Feature" is an unknown command, or something very similar. 

Running the installer directly throws this error code: 0x80070422 (The service could not be started because it is disabled or because it has no enabled devices associated with it.

 

thanks for your help

Copper Contributor

When will this be available in the final Windows 10 OS?  Also, can I open up more than one Windows Sandbox and have several virtual sessions running at once?  This would be beneficial to various test teams.  Also, it would be nice to preserve the state of the sandbox should I have to shut-down my computer for some unforeseen reason.

 

Thanks, I look forward to it.

Silver Contributor

It should be available in 1903, unless they think it is not polished enough and postpone it (like it was with Sets feature).

Copper Contributor

This is great!  So much faster than creating and destroying hyper-V VMs to test a single file.  I agree with other comments that a log of changes made by running an executable is needed.  My main need for a sandbox is to evaluate suspected malware emailed to my organization.  It's great to be able to open a document to see if there are links to suspicious sites.  It would be far better to understand if opening that document placed malware on the machine or modified anything on the host.

Copper Contributor

I tried graphics acceleration of Windows sandbox and found that while it does accelerate graphics and leverages the GPU, I still see very high CPU usage while playing videos, 3d graphics, etc. Anyone knows how to reduce the CPU overhead?

Thanks

Copper Contributor

What would like to know the position on Windows licensing under Microsoft Sandbox ?

Since when I entered Windows setting in Sandbox, it told me the windows license is not activated.

Is it required to buy another license or reuse my original windows license ?

 

Many Thanks

Nelson Lai 

Brass Contributor
@Margarit_Chenchev i have to run/install untrusted components. if i have handle to tag that sandbox, and not delete that sandbox right after closure. i can always re use previous sandbox to proceed. otherwise i always have to go through installation and setting up binaries. we can do the above one through hyper-v. just hoping that these sandboxes will use less resource foot print. thanks for going through my comment.
Deleted
Not applicable

Tried using the Turn Windows features on or off, no luck, resolving the following issue: Windows Sandbox failed to start. (0x80070002)

Checked %windir%\system32, the file is missing %windir%\system32\WindowsSandbox.exe

 

Anyone else run into this Windows 10 Pro - Version 1903 - Build 18362.1

Copper Contributor

Here's a question for the Windows Sandbox people.  I assume that this will be the same as a virtual machine and when the hosting window closes, anything added through that UI interface will be removed?  I will be installing test versions of my software packages (full .msi installs).  When I close the sandbox window, will the installed software be removed, as if it was not there before I opened the sandbox window?

 

For example, if I were to install Visual Studio in the sandbox window (assuming that I did not have it installed before opening the window), when I close the sandbox window, will the installed Visual Studio and all of its files, registry entries, and connections disappear, as if they never existed?

 

Thanks to you all for getting this up and running.

Jim L.

Copper Contributor

@Deleted

I have the same problem, pt-BR locale. I have a %windir%\system32\WindowsSandbox.exe in the filesystem.

 

Annotation 2019-04-04 180437.jpg

 

Copper Contributor

@Scardine brazilian too, and i got the same error when i try to open Windows Sandbox. I tried everything, but it wont load. 

Copper Contributor

HELP A.png

@Ray Taylor  Do you still have problems with the networking? If so please submit a bug via Feedback Hub so that we have enough information to look into this.

@jameslonero  Your understanding of how Windows Sandbox works is correct! Every time when you start Windows Sandbox it is like a brand new, clean installation of Windows free of user content.

Copper Contributor

Hi @Margarit_Chenchev 

 

Yes, still having the issue after updating to build 18362.30.

I've posted Feedback (again).

 

Thanks

Ray

 
Brass Contributor

I noticed that Sandbox doesn't provide ability to restart the OS (restart actually shuts down the Sandbox). Some installers require OS restart before installed program can be used, but this case is not possible with Sandbox.

Also, after restarting I get this error, which is not very explaining for an average user:

Annotation 2019-04-13 102757.jpg

Copper Contributor

After installing windows 10 compilation 1903 and uninstalling the sandbox. If we want to run this we have the error 0x80070002. Please, improve.

blad.JPG

 

Brass Contributor

Stunning Folks :)

Copper Contributor

the build 18362.86, upgraded with official ISO from MSDN and with updates, the sandbox gives the same error:

Feature - Windows Sandbox was set and PC was restarted.

 

Windows Sandbox failed to start.  
Error 0х80070426. The service has not been started.

 

In Task Manager after that there is an process vmmem what is suspended. It does not close but remains in the system.

The End Task - access denied

 

Is this normal?

 

sand.jpg

 

sand2.jpg

Copper Contributor

This issue (0x80070002) is fixed for me in the last Insider build released today (18890)! :thumbs_up:

 

Maybe a fix will be released for the May update later. 

Copper Contributor

thanks for good news, ChristopheLavalle

can you also try to view, if you can and have, VMware (Pro or Player, that it is free) is starting on that machine with Sandbox started?

I have an error, Sandbox don't want to start, but also, there are issues with VMplayer 15.0.4 and VirtualBox too. they didn't start with errors.

Some tells that with Sandbox started, it will be not possible to start another HyperVisors on that machine.

It is not so good, if it is right!

 

Copper Contributor

@rabocii : sorry I don't have VMware or VirtualBox installed on my machine. I use Hyper-V for my VMs (or emulator with Visual Studio) because when Hyper-V is running the others hypervisor are not start correctly.

Brass Contributor

@ChristopheLavalle: This is not the case with the newer versions of VirtualBox or WMware Workstation Pro. They use Hyper-V when they detect it.

Of course, to use Hyper-V, they probably need Windows Hypervisor Platform.

Copper Contributor

@MasterMysterious: thanks for the sharing :)

Copper Contributor

Seemingly people have an issue with Nvidia GPUs. Me too :(

 

When ran on the host with Nvidia GTX 980 (latest drivers, 430.39), Sandbox in 18362.86 fails with a 0x80070002 ("file not found") in the error dialog, although in the event log it manifests very differently:

<System>
  <Provider Name="Microsoft-Windows-Hyper-V-Compute" Guid="{17103e3f-3c6e-4677-bb17-3b267eb5be57}" />
  <EventID>2007</EventID>
  <Version>0</Version>
  <Level>4</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x4000000000000000</Keywords>
  <TimeCreated SystemTime="2019-05-07T02:51:39.479941600Z" />
  <EventRecordID>235</EventRecordID>
  <Correlation />
  <Execution ProcessID="5484" ThreadID="16348" />
  <Channel>Microsoft-Windows-Hyper-V-Compute-Operational</Channel>
  <Computer>Nickel.at.all</Computer>
  <Security UserID="S-1-5-18" />
  </System>
<UserData>
  <SystemId>ce0ec531-de7f-4d8a-b92d-b41962529752</SystemId>
  <Result>0x80070057</Result>
  <Parameter0>{"ResourcePath":"VirtualMachine/ComputeTopology/Gpu","RequestType":"Update","Settings":{"AssignmentMode":"Mirror"}}</Parameter0>
  </VmlEventLog>
  </UserData>
</Event>
 
Note different error code. This is only error in the event log, all other records corresponding to same session are successful, with 0x00000000.
 
Also, when ran inside a Hyper-V VM on the same PC (and same OS build), it runs just fine. No error, no nothing.
Copper Contributor
Why Windows Sandbox is able to communicate with the internal network (i.e. the hosting OS) ? This is really dangerous considering attack vectors using lateral movements (APTs or more known publicly known Wannacry). Moreover you cannot disable the virtual network interface from the application... That is making non sense. This need to have more options, set in a secured way (starting with no network interfaces for instance). Thanks, Adrien.
Copper Contributor

@Margarit_Chenchev That is a big point. The user wil copy/paste the exe but many malwares are able to know their environment during first instructions.
So the user will assume the file is not malicious and run it within the host.... There is a lot of work here, but the idea is nice. I saw it an alternative to "Qubes OS"... But, still, lot of work. Cheers.

Adrien.

Copper Contributor

after installing 18362.113 and reg updates, like an workaround for error 0x800705b4, I received another one issue:

 

c0370106: the virtual machine or container exited unexpectedly.

 

Another VM (Virtual player or VirtualBox) cannot start, with another error about Windows Defender Application Guard

0370106.png

vm.png

Copper Contributor

The issue (0xc0370106) after installing 18362.113 is probably caused by "Microarchitectural Data Sampling (MDS)". I had the same issue after installation of latest microcode-updates KB4497165. This enabled Microarchitectural Data Sampling (MDS) support (MDSWindowsSupportEnabled = true from Get-SpeculationControlSettings). After uninstalling KB4497165 MDSWindowsSupportEnabled got back to "false" and Sandbox and WDAG work again.

Copper Contributor

Thanks, I confirm that uninstalling KB4497165 resolves the issue. Sandbox started very slow. I dont know, how it works on another computers, but seems to be slowly app.

How I found out KB4497165 it is a critical update, in further updates maybe will be taken into account.

Additionally, issue with another hypervisors (VMware player, VirtualBox) is still persist.

Copper Contributor

After installing KB4497165 Windows Sandbox does not start without errors. After an hour, nothing happens :(nie.JPG

Brass Contributor

After installing the recent updates Sandbox seems to be working ok, but I'm not able to use "regular" Hyper-V at all, Hyper-V manager hangs on "Connecting to Virtual Machine Management service"...

Copper Contributor

For me, the hyper-v Manager function works correctly. I do not understand why the Windows Sandbox can not run?

 

I also confirm the problem of VMware Workstation 15 Player after installing KB4497165. After removing KB4497165 is ok. And no problem only Virtual Machine Management ...

 

Brass Contributor

Regarding my Hyper-V failure: turns out that if you have a VM with saved state (memory saved to disk), after an OS update hyper-v seems to be doing some very long (more than 30 mins for sure) check of that state, resulting in hanging any application trying to communicate with the Management Service (e.g. HV Manager, PowerShell). After manually deleting VM state all starts working fine. Sorry for these off-topic messages, but this seems to be the best place to let the Hyper-V-related devs to know about such bugs (which also may affect sandbox, who knows).

Copper Contributor

mam zainstalowany Windows 10 Insider budować 18898.1000 (rs_prerelease) dostępne 20 H 1. Windows problem piaskownicy zostało popełnione :)

Copper Contributor

@grzegorz25music  can you test on Insider release if work another free Hypervisors?

Copper Contributor

As Hypervisors is enabled, VMware Workstation 15 Player does not work. But if I turn off Hypervisors, you will not run Windows Sandbox. If someone wants to use without a problem, this is a useful tutorial for hatching Hypervisors :) https://www.ivobeerens.nl/2018/12/13/vmware-workstation-device-credential-guard-are-not-compatible/

Copper Contributor

I just upgrade my windows to Windows 10 May update version. I am trying to start Sanbox with manual here but facing an issue How to solve it? 

 

Untitled.png

Copper Contributor

I'm a developer and we have a product that offers a free trial by placing some hidden bits in the registry that prevent it from being uninstalled and reinstalled to extend the trial. If this sandbox completely deletes itself every time it's going to allow people to just keep running the trial over and over in the sandbox and never pay. Is there any way for a developer to detect the sandbox? Or is there some sort of hardware ID that's persistent across sandbox instances that we could send to a server during the activation process to prevent trial abuse?

Copper Contributor

Next comment :)

Copper Contributor

I enabled sandbox

p

but after run write not find file 

p

virtualization enabled

p

Copper Contributor

Great program. But if you have Comodo Internet Security Premium, networking doesn't work in the Sandbox.

 

That and my Feedback hub doesn't work so I can't submit a report.


Copper Contributor

I just upgraded my computer to the 1903 version of Windows released in May 21, but seems like Windows SandBox does not want work,

 

Its giving me an error message when i try to launch it that says "windows sandbox failed to start 0x80070002" the system can not find the specified file, i have an english version of windows and have tried to troubleshoot this by my own enabling Hyper V feature and also from The bios of my computer because i am a computer technician but no success so far. You guys can see the attached screenshot to this message.

 

Any help from the Windows Sandbox team would be highly appreciated,

 

Best regards!

 

Capture.PNG

Copper Contributor

Hi all,

I have updated yesterday my Win 10 pro to the 1903 version (build no: 18362.116). I have no Sandbox among the Windows Features.

All prerequisites for using the feature are OK (BIOS also), but the Win 10 language version is Hungarian.

Someone have some suggestions?

Thanks

Miklós

Brass Contributor

@Dan203: Hi. I am an ex-developer. I can tell you that the practice of trying to hide something somewhere in the computer of the user has been a failed enterprise since 2010. If people want to find what you hide, they find it. Internet-based activation is the way to go. Publishing to Microsoft Store is one way, maintaining your own publication and activation servers is another way.

Version history
Last update:
‎Dec 12 2022 11:07 AM
Updated by: