Windows Sandbox - DeveloPassion

# Windows Sandbox Windows Sandbox (WSB) is a disposable, hypervisor-isolated desktop environment built into Windows 10/11 Pro, Enterprise, and Education editions. It launches in seconds, runs a full Windows desktop in a separate kernel, and wipes everything on close. It is Microsoft's answer to "I want to test this random `.exe` without burning a VM." The defining trick: WSB is not a regular VM. It uses [[Hyper-V]] for kernel-level isolation, but it does **not** ship a Windows image. Instead, it boots from a dynamically constructed image assembled from the host's already-installed Windows files — making it closer to a [[Containerization|container]] than to a traditional virtual machine. ## Architecture: container–VM hybrid - **Dynamic Base Image** — most Windows OS files are immutable; the sandbox shares them directly with the host. Only the small mutable subset is shipped as a pristine package: 30 MB compressed → 500 MB on disk after install. No second copy of Windows. - **Direct map memory sharing** — when `ntdll.dll` (and other binaries) load inside the sandbox, the sandbox is mapped to the same physical memory pages as the host's copy. No duplication, no leakage of host secrets. - **Dynamic memory reclamation** — host can reclaim sandbox memory under pressure, like it would from a process. Traditional VMs allocate statically and can't give it back. - **WDDM GPU virtualization** — graphics inside the sandbox compete with host apps for the real GPU (requires WDDM 2.5+). Falls back to WARP CPU-rendering on incompatible systems. - **Battery pass-through** — the sandbox sees the host battery state and tunes power accordingly. - **Hardware-rooted isolation** — runs on the Microsoft hypervisor with a separate kernel; the host kernel is not exposed. The result: VM-grade isolation with container-grade footprint and start time. ## Default behavior - Networking: **on** (via Hyper-V default switch — exposes guest to internal network) - Clipboard redirection: **on** - Audio input: **on**, video input: **off** - vGPU: **on** (non-Arm64) - Printer redirection: **off** - Memory cap: **4 GB** - Single instance only — no parallel sandboxes from the GUI - Closing the window deletes all software, files, and state. No persistence across sessions (reboots *within* a session do persist, since Windows 11 22H2) ## Configuration: `.wsb` files Sandboxes are declared as XML in `.wsb` files. Double-click to launch. This makes one-off sandboxes reproducible and scriptable. ```xml <Configuration> <vGPU>Disable</vGPU> <Networking>Disable</Networking> <MappedFolders> <MappedFolder> <HostFolder>C:\Suspicious</HostFolder> <SandboxFolder>C:\Users\WDAGUtilityAccount\Desktop\Suspicious</SandboxFolder> <ReadOnly>true</ReadOnly> </MappedFolder> </MappedFolders> <LogonCommand> <Command>C:\Users\WDAGUtilityAccount\Desktop\Suspicious\run.cmd</Command> </LogonCommand> <MemoryInMB>8192</MemoryInMB> <ProtectedClient>Enable</ProtectedClient> <ClipboardRedirection>Disable</ClipboardRedirection> </Configuration> ``` Configurable knobs: `vGPU`, `Networking`, `MappedFolders` (with read-only flag), `LogonCommand`, `AudioInput`, `VideoInput`, `ProtectedClient` (runs sandbox inside AppContainer for an extra isolation boundary, restricts copy/paste), `PrinterRedirection`, `ClipboardRedirection`, `MemoryInMB` (auto-bumped to 2048 minimum). Default sandbox user is `WDAGUtilityAccount`. ## CLI (`wsb`, Windows 11 24H2+) A command-line interface turns the sandbox into something scriptable from CI, automation, or AI agents: - `wsb start [--config "<XML>"]` — launches a sandbox, returns its ID - `wsb list` — running sandboxes (table or `--raw` JSON) - `wsb exec --id <id> -c <cmd> -r <ExistingLogin|System>` — run a command inside (no stdout capture; requires active session for user context) - `wsb share --id <id> -f <host> -s <sandbox> [--allow-write]` — mount a folder after launch - `wsb connect --id <id>` — RDP into the sandbox window - `wsb stop --id <id>` — terminate - `wsb ip --id <id>` — get the sandbox IP This collapses a long-standing gap: pre-CLI, the only way to drive WSB was the GUI launcher and a `LogonCommand`. ## When to reach for it - Detonating untrusted installers, email attachments, or random `.exe` files - Browsing sketchy URLs without polluting the host browser profile - Testing software that "totally won't" leave registry keys / scheduled tasks behind - Per-project dev environments (different Python/Node versions, isolated dependency trees) - Quick reproductions where spinning up a real VM is overkill Not the right tool for: long-running workloads, anything you want to keep, multi-VM scenarios, or Windows Home users (use [[Docker]] / a real VM / [[Linux Containers (LXC)]] instead). ## Limitations - Pro/Enterprise/Education only — **not on Windows Home** - Single sandbox at a time from the GUI - Networking on by default — easy footgun for malware analysis (always disable in `.wsb` for that use case) - No process I/O capture from `wsb exec` — fire-and-forget only - `MappedFolders` with write enabled persist after the sandbox is destroyed - Sandbox window size is not configurable ## Open source surface - The sandbox engine itself ships with Windows and is closed-source - The [microsoft/Windows-Sandbox](https://github.com/microsoft/Windows-Sandbox) GitHub repo is [[MIT License|MIT]]-licensed and hosts community add-ons, sample `.wsb` files, GUI utilities (e.g., "Run in Sandbox" context menu, PyWinSandbox), and issue tracking — not the core code ## References - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/ - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions - https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot - https://github.com/microsoft/Windows-Sandbox ## Related - [[Hyper-V]] - [[Containerization]] - [[Docker]] - [[Linux Containers (LXC)]] - [[MIT License]]