Beware the perils of Windows Sandbox

Windows 10 version 1903

Microsoft has just released the next major update to Windows 10, which brings us up from version 1809 to 1903. The update will be rolled out in stages, so it may not be available to you yet. You can check your Windows Update settings for availability.

Version 1903 introduces several new features and enhancements, such as Start Menu improvements, a new Light theme, finer control over update deployment and many more (see this Microsoft article for details). However, the new feature I want to talk about it the Windows Sandbox, a quasi-virtual environment for securely testing unknown software.

Windows Sandbox

In their article, Microsoft describes Windows Sandbox as an “Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device”. Just Google “Windows Sandbox” and you’ll find plenty of articles that describe how to install and use it.

My main concern with Microsoft’s statement is that it’s a little misleading and Windows Sandbox users may be putting their networks at risk. If you’re planning to use Windows Sandbox you should be aware of what protections it can and cannot provide.

Windows Sandbox is not completely isolated

Windows Sandbox runs as a virtual machine and it’s contents are destroyed when you shut it down. This is great if you need to test some legitimate software, but are concerned about compatibility with other applications or it breaking your system in some other way.

When it comes to untrusted software Windows Sandbox can provide some security. For example, if you were to run a piece of Ransomware inside the sandbox, it would probably begin to encrypt files inside the sandbox, leaving your primary operating system safe. Just shut down Windows Sandbox and the Ransomware and its changes are gone and forgotten.

However, it is important to note that Windows Sandbox doesn’t provide network-level isolation. So while malware executed within the sandbox cannot directly access the C: drive of the primary operating system, it can still communicate with other devices on your network. For example, if you were to execute malware containing a worm virus inside the sandbox, it can still scan your network for vulnerable systems and spread to other systems from there.

Windows Sandbox has limited malware protection

It is important to note that your main antivirus software doesn’t run inside Windows Sandbox. Instead, you’re relying on Windows Defender to protect you from malware. While that’s better than nothing, you may not have the benefit of behavioural analysis and other features that your primary antivirus software provides to help protect against zero-day attacks.

For example, if you receive a file via email and are unsure that it’s safe, you can use Windows Sandbox to test it. However, if the file contains a new virus, you could inadvertently be risking the security of your main system as well as the rest of the network.

Even if the malware doesn’t spread from inside the sandbox, it’s possible the unsafe software appears to have run correctly, providing a false sense of security to the person testing it.

Testing Windows Sandbox isolation

After upgrading to Windows 10 version 1903, and enabling the Windows Sandbox feature, I performed a couple of simple tests to see how “isolated” it really was. Here’s what I found:

  1. Windows Defender SmartScreen prevented me from downloading an EICAR malware test file from, however it did not prevent me from downloading the zipped version.

  2. I was able to unzip the EICAR test file on the desktop without any warnings, but Windows Defender did display a warning when I tried to execute it, since it matches a know malware signature. No warning would be displayed for a zero-day attack.

  3. I ran IPCONFIG and confirmed that Windows Sandbox runs inside it’s own subnet. However, it is able to route outside of it’s subnet, using NAT (network address translation) on the host operating system, to obtain Internet access. NAT prevents network devices from initiating access to the Windows Sandbox, but not vice versa.

  4. Using TRACERT and was able to determine the subnet in which the primary operating system was running.

  5. I was able to download and run Advanced IP Scanner from inside the sandbox. I scanned the primary operating system’s subnet (from step 4) and was able to identify a number of other devices on the network and which ports were open. This is how malware run inside Windows Sandbox can spread to other vulnerable systems.


While Windows Sandbox does provide some protection against unknown software, it is not a completely isolated environment and, therefore, needs to be used with caution. It is mostly suitable for testing known safe software in an isolated environment.

If you genuinely need to test potentially malicious software, you’d be much better off deploying a Hyper-V Virtual Machine running Windows 10 and ensure that it is disconnected from the network before you run it.


Domenic has consulted to Australian businesses of all sizes for over 20 years, delivering end-to-end IT solutions.  He has expertise in Information Security, Remote Access and Desktop Management, in addition to traditional cloud and on-premises infrastructure solutions.