Microsoft just released their first Windows 10 (19H1) Build of 2019 as they continue moving towards the seventh feature updates release in the March/April 2019 time frame.

This is a critical release for the Redmond software company as they continue to deal with the challenges around the April and October 2018 Update feature updates from last year. Much of the focus in 19H1, the code name for this upcoming feature update, has been on fit and finish of the existing feature set and user interface.

However, in Build 18305 which was the final build made available to testers in 2018, they did introduce a new feature called Windows Sandbox.

Unfortunately, myself and many Windows Insiders were unable to try out the feature because of the release of a critical  Internet Explorer security patch for a vulnerability that took that release to Build 18305.1003. That patch caused Windows Sandbox to stop working and thus interfered with any opportunity to test and explore the feature. Build 18309 remedies that situation and now testers like myself are able to dive in and poke around Windows Sandbox.

In a nutshell, Windows Sandbox is an OS level version of Windows Defender Application Guard (WDAG) which allows you to run Microsoft Edge in a virtualized environment that is separate from your main operating system. On hardware that supports virtualization, you can use WDAG to visit questionable websites and be protected against any malicious software that might be present on those sites.

Windows Sandbox works under that same concept but adds the ability to executer questionable software in a safe environment that will not impact the host operating system.

Just like with WDAG, Windows Sandbox is not something everyone might need to use and will likely be more welcomed by security researchers and others who look into malicious software as part of their normal job description. I imagine some enthusiasts might jump in there as well using Windows Sandbox, but caution should be observed at all times. Ultimately, Windows Sandbox is a tool to provide a safe clean environment for these types of activities but still require the grey matter between your ears to be used appropriately.

I have spent some time poking around Windows Sandbox in Windows 10 (19H1) Build 18309 and these are my initial observations:

  • Windows Sandbox is not installed by default so you must go to Turn Windows features on or off in the legacy Control Panel and the scroll down to Windows Sandbox to install the feature. Your system will likely require a reboot afterwards.
  • If you run virtual machines using Hyper-V on Windows 10 then you know even on the fastest systems start-up is slow. Windows Sandbox is starting up a clean version of Windows 10 every time it is started because that same environment is deleted when Windows Sandbox is closed down after a session. Of course, that is keeping potentially malicious data from your host system even in a cached directory so ultimately this is an aspect of Windows Sandbox’s security model.
  • Unfortunately, when you start up an instance of Windows Sandbox, it appears that the several inbox games are also installed in the virtual environment along with Netflix based on entries in the Start Menu. This is a waste of resources for Windows Sandbox because you are not going to be spinning up an instance to play games or stream videos. This area should be cleaned up and only the minimal inbox apps installed that are related to security aspects of the virtual environment. Note: I attempted to open several of these apps from the Start Menu but many would not start for some reason. This could be related to issues around early development or a feature but if there is no intent to run them why even place the shortcuts on the Start Menu to begin with? Something to keep an eye on for sure.
  • The Windows Sandbox version of Windows 10, which is based on the build you have installed so Windows Sandbox is Build 18309 on devices that just installed Build 18309, is locked down and not activated in this release. I suspect the lock down aspect is part of its security profile and just like games and Netflix are not needed, many of these settings are not critical to the purpose behind Windows Sandbox. Even if you were to run the Activation Troubleshooter, after closing Windows Sandbox following a session that activation would disappear since nothing is kept from the virtual environment for security reasons. Label this as designed.
  • While there are some Microsoft Store apps installed in Windows Sandbox, the Microsoft Store itself is not present in this release. 
  • Windows Sandbox also uses a locked down theme and does not inherit the theming of the host system.
  • You can expand Windows Sandbox to full screen just like you can with virtual machines running in Hyper-V.
  • The time zone in Windows Sandbox is set to International Date Line West (UTC -12) so expect to see a different system time in Sandbox compared to the host OS.
  • An alert pops up once Windows Sandbox is ready to go that indicates virus and threat protection is turned off however, Defender is not available in Windows Sandbox from what I can tell. Not sure about this except to say Windows Sandbox is already setup as a sandbox for protecting the host system so this may also be by design.
  • I did attempt a restart of my instance of Windows Sandbox but it eventually had an unexpected container crash. Again, this might be an early issue or maybe it is not meant to be restarted. Another one we will have to keep an eye on.
  • I tried Windows Update but it also failed – I suspect the Windows Sandbox instance you are running picks up its security updates from the host system and therefore is likely up to date with security and cumulative updates.
  • Since Windows Sandbox is a temporary environment all data is lost when you close it down. Of course, due to the nature of a sandbox, data that is in there stays there and is deleted when the instance is closed. That also means you can not move data out of Windows Sandbox otherwise your host system would be at risk. This means take screenshots and other observations as you are working with questionable software to have for later.

I have had Windows Sandbox open on an original Surface Book running Windows 10 (19H1) Build 18309 since I started writing this article. I just checked Task Manager and it is currently using no CPU and just 261MB of memory as it is running. 

Windows Sandbox - Windows 10 (19H1) Build 18309 and Task Manager
Windows Sandbox and Task Manager in Windows 10 (19H10 Build 18309

Windows Sandbox in Windows 10 (19H1) Build 18309 Screenshots

Inline Feedbacks
View all comments