I don't really understand what you mean!? In my test everything was sandboxed/contained and there was no malware escaping the sandbox so the VM was totally protected
I was using the default sandbox settings (no limit)
I never use any restriction for the containment because if I want to monitor the behavior of a sandboxed process to determine if it's safe or unsafe, I must let it run unrestricted. Any restriction will cause a program to malfunction
