Windows Sandbox
Published Dec 18 2018 04:18 PM 1.9M Views
Microsoft

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

 

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

 

At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

 

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

 

Prerequisites for using the feature

  • Windows 10 Pro or Enterprise Insider build 18305 or later
  • AMD64 architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • At least 1 GB of free disk space (SSD recommended)
  • At least 2 CPU cores (4 cores with hyperthreading recommended)

 

Quick start

  1. Install Windows 10 Pro or Enterprise, Insider build 18305 or newer
  2. Enable virtualization:
    • If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS.
    • If you are using a virtual machine, enable nested virtualization with this PowerShell cmdlet:
    • Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
  3. Open Windows Features, and then select Windows Sandbox. Select OK to install Windows Sandbox. You might be asked to restart the computer.
  4. Optional Windows Features dlg.png
  5. Using the Start menu, find Windows Sandbox, run it and allow the elevation
  6. Copy an executable file from the host
  7. Paste the executable file in the window of Windows Sandbox (on the Windows desktop)
  8. Run the executable in the Windows Sandbox; if it is an installer go ahead and install it
  9. Run the application and use it as you normally do
  10. When you’re done experimenting, you can simply close the Windows Sandbox application. All sandbox content will be discarded and permanently deleted
  11. Confirm that the host does not have any of the modifications that you made in Windows Sandbox.

 Windows Sandbox Screenshot - open.jpg

 

Windows Sandbox respects the host diagnostic data settings. All other privacy settings are set to their default values.

 

Windows Sandbox internals

Since this is the Windows Kernel Internals blog, let’s go under the hood. Windows Sandbox builds on the technologies used within Windows Containers. Windows containers were designed to run in the cloud. We took that technology, added integration with Windows 10, and built features that make it more suitable to run on devices and laptops without requiring the full power of Windows Server.

 

Some of the key enhancements we have made include:

 

Dynamically generated Image

At its core Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. One of the key enhancements we have made for Windows Sandbox is the ability to use a copy of the Windows 10 installed on your computer, instead of downloading a new VHD image as you would have to do with an ordinary virtual machine.

 

We want to always present a clean environment, but the challenge is that some operating system files can change. Our solution is to construct what we refer to as “dynamic base image”: an operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host. The majority of the files are links (immutable files) and that's why the small size (~100MB) for a full operating system. We call this instance the “base image” for Windows Sandbox, using Windows Container parlance.

 

When Windows Sandbox is not installed, we keep the dynamic base image in a compressed package which is only 25MB. When installed the dynamic base package it occupies about 100MB disk space.

 Dynamic Image.PNG

Smart memory management

Memory management is another area where we have integrated with the Windows Kernel. Microsoft’s hypervisor allows a single physical machine to be carved up into multiple virtual machines which share the same physical hardware. While that approach works well for traditional server workloads, it isn't as well suited to running devices with more limited resources. We designed Windows Sandbox in such a way that the host can reclaim memory from the Sandbox if needed.

 

Additionally, since Windows Sandbox is basically running the same operating system image as the host we also allow Windows sandbox to use the same physical memory pages as the host for operating system binaries via a technology we refer to as “direct map”. In other words, the same executable pages of ntdll, are mapped into the sandbox as that on the host. We take care to ensure this done in a secure manner and no secrets are shared. 

 Direct Map.PNG

Integrated kernel scheduler

With ordinary virtual machines, Microsoft’s hypervisor controls the scheduling of the virtual processors running in the VMs. However, for Windows Sandbox we use a new technology called “integrated scheduler” which allows the host to decide when the sandbox runs. 

 

For Windows Sandbox we employ a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of using the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine which results in a much more responsive host, similar to Linux KVM.

 

The whole goal here is to treat the Sandbox like an app but with the security guarantees of a Virtual Machine. 

 

Snapshot and clone

As stated above, Windows Sandbox uses Microsoft’s hypervisor. We're essentially running another copy of Windows which needs to be booted and this can take some time. So rather than paying the full cost of booting the sandbox operating system every time we start Windows Sandbox, we use two other technologies; “snapshot” and “clone.”

 

Snapshot allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in the memory rather than booting it, when we need a new instance of Windows Sandbox. This significantly improves the start time of Windows Sandbox. 

 

Graphics virtualization

Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments; e.g. Microsoft RemoteFX.

 

More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.

 

At a high level, this form of graphics virtualization works as follows:

  • Apps running in a Hyper-V VM use graphics APIs as normal.
  • Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
  • The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually they behave as one pool of graphics clients.

This process is illustrated below:

 

GPU virtualization for Sandbox - diagram.png 

 

This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.

 

To take advantage of these benefits, you’ll need a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer). Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology.

 

Battery pass-through

Windows Sandbox is also aware of the host’s battery state, which allows it to optimize power consumption. This is critical for a technology that will be used on laptops, where not wasting battery is important to the user.

 

Filing bugs and suggestions

As with any new technology, there may be bugs. Please file them so that we can continually improve this feature. 

 

File bugs and suggestions at Windows Sandbox's Feedback Hub (select Add new feedback), or follows these steps:

  1. Open the Feedback Hub
  2. Select Report a problem or Suggest a feature.
  3. Fill in the Summarize your feedback and Explain in more details boxes with a detailed description of the issue or suggestion.
  4. Select an appropriate category and subcategory by using the dropdown menus. There is a dedicated option in Feedback Hub to file "Windows Sandbox" bugs and feedback. It is located under "Security and Privacy" subcategory "Windows Sandbox".
  5. Feedback Hub.png
  6. Select Next 
  7. If necessary, you can collect traces for the issue as follows: Select the Recreate my problem tile, then select Start capture, reproduce the issue, and then select Stop capture.
  8. Attach any relevant screenshots or files for the problem.
  9. Submit

Conclusion

We look forward to you using this feature and receiving your feedback!

 

Cheers, 

Hari Pulapaka, Margarit Chenchev, Erick Smith, & Paul Bozzay

(Windows Sandbox team)

317 Comments
Copper Contributor

Hi there!

I do have registered Window10 pro but Sandbox is not available, what's the reason and where i can get it?

 

Snap.JPG

Could you please advise?

Copper Contributor

I'd start by checking which version of Windows 10 Pro you have.  You'll need at least Version 1903.

 

https://support.microsoft.com/en-us/help/13443/windows-which-version-am-i-running

@faizannasir Hi,

Which Windows 10 version are you using?

Copper Contributor

Has anyone been able to use LocalDB with Windows Sandbox?

 

I can install it, but it crashes.

 

Steps to reproduce:

 

Install LocalDB from 

Run in command line:

SqlLocalDB.exe create "DeptLocalDB"

Copper Contributor

@HotCakeX & @f1ben hello!

i am using below version:

Version.JPG

@faizannasir Well there you go

you need to Update your Windows. you see it says you have version 1809 but you need at least version 1903 to be able to use Windows Sandbox.

 

Download or Update your machine from here:

https://www.microsoft.com/en-us/software-download/windows10

@virzak 

Here,

I tested it for you on Windows 10 insider fast ring build 19008, it doesn't crash

so I think it is fixed and the changed will be available on the next stable version of Windows 10

 

Annotation 2019-10-26 003006.png

 

 

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Try the new cross-platform PowerShell <a href="https://aka.ms/pscore6" target="_blank">https://aka.ms/pscore6</a>

PS C:\Users\WDAGUtilityAccount> SqlLocalDB.exe create "DeptLocalDB"
LocalDB instance "DeptLocalDB" created with version 14.0.1000.169.
PS C:\Users\WDAGUtilityAccount>

 

 

Copper Contributor

So which part of the insider program is it on right now? "Active development", "Skip ahead" or "just fixes, apps and drivers"? Or is it currently in none of them?

@Eddie_Ashe Windows Sandbox has been released to everyone few months ago starting with Windows 10 build 1903, and it is globally available right now.

Copper Contributor

@HotCakeX Alright. Thanks for letting me know.

You're welcome!

Copper Contributor

Hi there,

 

I have Windows 10 Pro 1903 (18362.418) with virtualisation enabled in the BIOS, and I have enabled Windows Sandbox in Windows Features and rebooted, but I still don't see any "Windows Sandbox" icon in the start menu.

 

Did I miss a step, or is there some requirement or step missing from the instructions above? Any help would be appreciated.

 

Thanks!

@alzadude try searching for "sandbox" in Windows search

Copper Contributor

@HotCakeX thanks, I got it working in the end.. I was typing "sandbox" into the search box, but initially it wasn't showing up. I worked around that by opening the start menu and manually scrolling down the list until I found it..

 

However, when I just tried now, it's now showing up when I type "sandbox" into the search box. So I don't know what happened that stopped it from working previously! Anyway, all working fine now. Thanks!

@alzadude that's good to know, you're welcome :)

Iron Contributor

I'm very interested in rolling this out to my IT staff to use for malware/AV investigation work. We have some tools we use. Since this starts from a pristine state every time, is the only way to get the install with our tools to reinstall them each time?

I'm thinking we need to use a SysDiff type of tool or some other tool to get all the tools installed.

Thoughts? Thanks.

@Jleebiker it would be good to be able to modify Windows Sandbox image, only if i knew where it is in the C drive.

Copper Contributor

Can you guys please make it "High DPI" aware? The sandbox itself looks fine, but the prompts and title bar text are minuscule on 4K monitor.

 

Capture.PNG

Please active Windows Sandbox. it's so annoying when Sandbox keeps prompting user to active Windows. my host has an activated Windows 10 pro so I don't understand why the Sandbox is not activated. when Sandbox is not activated, we can't personalize and do some actions in Sandbox.
Copper Contributor

We did not take advantage of this feature. When you install a program and close it, you must reinstall the program. Instead of send box, I hope that the android box will be a fake Android system running on Windows

@Gandi_Mohammad 

you mean that you want something temporary like Windows sandbox but with Android OS?

Copper Contributor
@HotCakeX He can already do that using Bluestacks, Memu etc. Full list here https://windowsfish.com/best-android-emulators-for-windows/

@Richwood 

This:

"We did not take advantage of this feature. When you install a program and close it, you must reinstall the program. Instead of send box, I hope that the android box will be a fake Android system running on Windows"

 

means he wants bluestacks? I don't think so..

 

his comment which is translated automatically from German does not even make sense..

Copper Contributor

I see a few BL issues on this thread. Not a HyperV expert but some forums mention that installing HyperV "virtualizes" the host O/S into its own special VM. Not sure if VM's support Bitlocker yet. When I install Sandbox, my host O/S thinks my hard drive no longer has BL enabled. I can't begin to test this tool per this issue.

@SurfaceAreaHi, which Windows 10 version?

Copper Contributor

bandicam 2020-03-12 16-32-50-537.jpg

You see the Sandbox ?

Have you turned on virtualization features in the motherboard UEFI? what is your CPU?

Copper Contributor

Hello - I can't detail my employer but we have a policy where all hard drives must be protected by Bitlocker. Not sure if this policy is polled and enforced by gpo, 3rd party software or company developed application. In any case, after installing Sandbox and testing it, i received the policy violation. After removing the Sandbox feature the policy resolved. I'll continue testing at some other point after reading more on Sandbox (Windows Container?) architecture.

@SurfaceAreahi, not to be confused with these containers

https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/

 

by the way, are you using build 1909?

Brass Contributor

Sandboxie has a "Force" mode that causes specified programs (.EXE) to always load inside of SandBoxie when the application is started.

.

Does the Win sandbox have a similar feature? I've been looking, haven't found anything yet.

.

It is unfortunate that Sandbox is limited to Pro and Enterprise users.  Education and especially HOME users really could use this sort feature. There are lots of people who STILL use Office 2003 (and earlier). And there are going to be lots MORE people who won't be willing to "upgrade" away from Office 2010 when it goes end-of-life in October this year.

@ron S. How is Windows Sandbox related to Office 2003?!

if someone doesn't want to upgrade their 20 years old software then it's their own problem and fault, can't blame others. any piece of software or OS in the market from ANY company has an end of life. 

 

Copper Contributor

The "graphics virtualization" feature would be a great addition for Hyper-V and Windows Docker containers workflows? Any plans to support this on Windows 10 Pro hosts?

Microsoft

@Paul Michalik said:

The "graphics virtualization" feature would be a great addition for Hyper-V and Windows Docker containers workflows?


Indeed the same GPU virtualization technology can be used with Windows containers: see GPU Acceleration in Windows containers. That's currently limited to process-isolated containers and does not include Hyper-V isolated containers, but we're looking into expanding that.

Copper Contributor

Hi,


I didn't see any concern about that : Smart memory management

How is Host memory protected from dll injection and so on from sandbox OS ?

As memory pages are the same, a corruption from the sandbox will affect the host OS. Thus, this should not be used to test any malware behavior.

Or maybe I've missed something.

Brass Contributor

@Touffman There are approaches to securely share memory. For example, on the same machine applications share mapped executable pages of DLLs, this has been working maybe from inception of Windows (NT?). Pages can be protected from writing or can be configured to "copy-on-write". Now, DLL injection is a way to load a DLL in some process. If the process is inside the sandbox VM, how injecting a DLL in that process can affect the host? The goal of DLL injection is usually to install some hooks in a process to intercept code execution paths, and installing hooks means changing some process state, including user mode and kernel mode structures (via OS API). And that state is obviously not what makes sense to share between host and guest.

I think it must be a super critical security hole in memory protection management to make this memory sharing dangerous. And  because Sandbox is not a VM which would run tons of requests, I doubt there will be big effort to hack it.

Copper Contributor

My Sandbox is failed to initialize, my Windows edition is Windows 10 IoT Enterprise 64-bitScreenshot (6).pngScreenshot (8).png

Copper Contributor

@HotCakeX tried the same on 3 machines with the 2004 version. All 3 crashed. Can I ask you to please try again?

@virzakHi, I don't exactly know what you are talking about

Copper Contributor

@HotCakeX 

 

SQL LocalDB 2017 doesn't run on Windows Sandbox with Win10 2004: (https://download.microsoft.com/download/E/F/2/EF23C21D-7860-4F05-88CE-39AA114B014B/SqlLocalDB.msi)

 

SQL LocalDB 2019 doesn't even install: (https://download.microsoft.com/download/7/c/1/7c14e92e-bdcb-4f89-b7cf-93543e7112d1/SqlLocalDB.msi)

 

SqlLocalDB.exe create "DeptLocalDB"

SqlLocalDB.exe start "DeptLocalDB"

 

The app I'm working on doesn't work on Windows Sandbox because of this.

 

 

Brass Contributor

OK. I enabled Sandbox and rebooted but I can't find the sandbox executable to run or a link in the "Start" menu.

Copper Contributor

Internet Explorer has become better than before, but it needs more speed and attention to additions 

1d141ac1498f32a2da05f3a1ec392ad2

 

@MrJasim Internet explorer??! its development stopped years ago

@Edward_B when you search for Sandbox in Windows search, you won't find it?

Copper Contributor

Is it normal for the main system to drop in performance when Windows Sandbox is enabled in the settings?

@Ziggg No, not when Sandbox is not running and just enabled.

how are you experiencing the drop in performance? do you see CPU,RAM,Disk usage by a certain executable or system?

Copper Contributor

@HotCakeX While testing memory in AIDA64 and Linx noticed this.

How Linux noticed performance drop caused by Windows Sandbox?!

Copper Contributor

@HotCakeX  LinX not Linux 

Copper Contributor

i have windows 19042 but i dont have sandbox, can someone help?

 

Copper Contributor

Bonjour, j'avais le sandbox jusque hier où j'ai remarqué que je ne l'avais plus, il n'est plus non plus dans systeme32..  Où peut-on télécharger le .exe ? svp

Version history
Last update:
‎Dec 12 2022 11:07 AM
Updated by: