Windows Sandbox

Earlier this week I got the chance to finally update one of my desktops to Windows 10 1903. This is the big update that will be coming out very soon for Microsoft Windows users. Since I run an MSDN professional account I have access to the build earlier than most.

One of the new security features that I am actually excited about using is Windows Sandbox. Windows Sandbox is a security feature in Windows 10 1903. Its a sandbox. It allows you to install software that you may not need to use full time on your pc. I like it because it lets me install what I want…then at the end of the day I can shut down my sandbox and the next time I launch it will be back to square one.

This article provides a really nice over view of Windows Sandbox and how to enable it:

One thing I have noticed is the fact I can ping the Windows Sandbox from my host.

This is currently the only problem I see with sandbox. This issue can easily be remediated with the following PowerShell command to block any incoming traffic back to your host:

New-NetFirewallRule -DisplayName “Deny Inbound Traffic from Windows Sandbox” -Direction Inbound -LocalAddress 172.17.217.219 -Action Block -Enabled True

This IP is probably subject to change so as you spin up your sandbox so you may need to update your firewall rule that you have created. It appears the Windows Sandbox uses the default switch in hyper-v which is definitely shared with the host. If you decide to do something like execute some malware for analysis inside of Windows sandbox you will definitely want to further isolate your host from the sandbox by blocking all incoming traffic from the Windows Sandbox IP.

I’m very excited about this feature. It makes a nice pairing with Windows Defender Application Guard.