Advice Request Windows Sandbox - Strange Behavior??

Please provide comments and solutions that are helpful to the author of this topic.

M

Mjolnir

Level 2
Thread author
Verified
Jul 4, 2019
69
Last night I decided to enable windows sandbox on my computer running windows 10 pro education. When the sandbox launched all of the news feeds were in Chinese and there were Chinese characters down by the task bar next to the temperature display. I"m in U.S. and do everything in English. After a few seconds two security alerts popped up - 1. stating that Windows Defender was turned off, and 2. stating that browser protection was turned off. I quickly closed the Sandbox - and all Defender functions were still on running normally. Is this normal for the Sandbox to connect to all Chinese news feeds and Defender functions to be disabled on first launch of the sandbox?
 
Last edited:
  • Like
  • Wow
  • Sad
Reactions: Nevi, Jack, simmerskool and 5 others
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,607
I just enabled Windows Sandbox on win10 pro, I also read an ms article linked to me by oldschool. I did not see the Chinese noted above. Question: to me so far, the isolation seems strong, but I'm not finding folks suggesting to surf the internet from the sandbox, and I'm wondering, why? unless I'm missing something really obvious. :unsure: For the past 3 days, I read email from sandbox, clicked links, and did most things online from the sandbox, thinking the real system is isolated. If I enable the vpn on win10, the browser in the sandbox shows it is also going thru the vpn. Some years ago, I ran VMware workstation, and I'm somewhat familiar with comodo firewall (cruelsister settings for containment), & shadow defender, etc. If I'm surfing in the sandbox, isn't win sandbox providing similar protection, or perhaps an added layer of security?? It was easy to install, and let's me install another browser. No slowdowns. Perhaps the downside is user cannot really change any ms default sandbox system settings from what I can tell. I guess the connection is not isolated as it seems win10 and sandbox share the same connection but is that in itself problematic?? (I am not a network engineer) PS I just found a youtube video, and the problem is shared connection, eg, sandbox could run a worm and infect other pc on network. I was able to install WVSX in sandbox, and it acts like it's working. Any insights or further concerns would be appreciated.

additional insight perhaps or correction: user can do some tweaks to the sandbox thru a configuration file with info found I think at ms, but I don't have the link right now.
 
Last edited:
  • Like
Reactions: oldschool, Nevi, Gandalf_The_Grey and 2 others
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,607
oldschool said:
That is correct.

I haven't used WS is quite some time and I've never taken the time to try to set up as per documentation.
Click to expand...
FWIW a youtuber has a video about using sandbox, and basically said use it the way I'm using it with the caveat about shared network connection, and make sure you're in the sandbox, ie, don't confuse it with real OS. As to the latter, I have 2 monitors, so easy for me to know which is which, as for shared network connection, I'm still thinking thru that. :unsure:
 
  • Like
Reactions: Nevi and Venustus
F

ForgottenSeer 95367

simmerskool said:
but I'm not finding folks suggesting to surf the internet from the sandbox, and I'm wondering, why?
Click to expand...
The Microsoft sandbox is not a popular feature. Not much interest. And what enthusiasm and interest there was initially for the sandbox was lost due to Microsoft not fixing problems in a timely manner (sandbox networking problems have been an ongoing deal breaker). Typical Microsoft, sabotaging its own products.

Enthusiasts are fickle and lose interest easily and quickly.

That;s why.
 
Last edited by a moderator:
  • Like
  • Applause
Reactions: Venustus, Nevi, simmerskool and 1 other person
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,607
Furyo said:
The Microsoft sandbox is not a popular feature. Not much interest. And what enthusiasm and interest there was initially for the sandbox was lost due to Microsoft not fixing problems in a timely manner (sandbox networking problems have been an ongoing deal breaker). Typical Microsoft, sabotaging its own products.

Enthusiasts are fickle and lose interest easily and quickly.

That;s why.
Click to expand...
I've been away so was wondering why there was not interest, then I used sandbox for a few days and the problems with networking became obvious to me. Thanks!
 
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
The main idea with Windows sandbox is a good basic one, but because of some slowness issues and also being too complex for normal home users it never caught on and attracted enough. Personal haven't tested it since they released it and other options with VMs already exists and works as they should.

I wonder if the OP @Mjolnir was able to solve the reported issue, but he/she hasn't been online since May. 🤷‍♂️
 
  • Like
Reactions: Venustus, simmerskool, harlan4096 and 1 other person
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,607
upnorth said:
The main idea with Windows sandbox is a good basic one, but because of some slowness issues and also being too complex for normal home users it never caught on and attracted enough. Personal haven't tested it since they released it and other options with VMs already exists and works as they should.

I wonder if the OP @Mjolnir was able to solve the reported issue, but he/she hasn't been online since May. 🤷‍♂️
Click to expand...
fwiw my first and recent experience, windows sandbox was easier to setup than VMWare or Virtualbox (from my recollection of those). I may go back to VMWare. What I saw with win sandbox, it seems like ms limits what you can edit in terms of network apps, all my sandbox traffic got networked thru ms dns in california, which I found a tad odd as I use UniFi routers that use their dns, not my isp. UniFi works fine with my vpn in win10 but ms seemed not to like either UniFi or any vpn in sandbox and seemed like it broke my connection somehow. When I closed sandbox and used it again next day, it was working again with ms dns and edits to MS Edge do not take hold. I am not a network engineer so could have been my blunders, but sandbox connection did not seem normal to me. Basically I gave up after 2d use of win sandbox, but may use it sparingly in some situations, but not as a daily layer of surfing protection. I think user might be sacrificing privacy for enhanced feeling of secuirty which may not exist. And I could be clueless. I read some but not all of earlier posts.

oldschool said:
If you really feel the need for sandboxing to surf safely, the best way is with Edge Application Guard and not Windowns Sandbox.
Click to expand...
not sure what I'm feeling :unsure: just testing a few things since my vmware is not running, but thanks, I will check out Edge Application Guard. (y)

oldschool said:
If you really feel the need for sandboxing to surf safely, the best way is with Edge Application Guard and not Windowns Sandbox.
Click to expand...
"funny" story: Application Guard was already enabled on my win10, default is off, and I have no recollection of having enabled it, but ok... I open MS Edge, select New AG Window, new window opens with indications it is running AG. But... as soon as I start to use it, the Edge AG window crashes, implodes, disappears... Hunting down why here. MS Defender is not win10 AV, but best I can tell aspects of it are running running background, ie available to the system, my running registered AV is ESET, so I sent an email to ESET tech support to see if that could be the problem. I suspect that ESET is not the problem, once I hear what they say, I'll know more. Ugh
 
  • Like
Reactions: Venustus
F

ForgottenSeer 95367

simmerskool said:
not sure what I'm feeling :unsure: just testing a few things since my vmware is not running, but thanks, I will check out Edge Application Guard. (y)
Click to expand...
Creating permanent VMs using Hyper-V with snapshot functionality is a lot more flexible and fully featured, especially if security or testing is your objective.

Windows Sandbox is for fast-and-dirty quick setups and runs that will not be saved, just like Sandboxie but with an extremely limited functionality.

Edge Application Guard is secure, but lots of users do not like that password manager is blocked, copy-paste is blocked, etc. They can enable the copy-paste but that just defeats the security Edge Application Guard provides. Most users want lazy security = not secure.
 
Last edited by a moderator:
  • Like
Reactions: Gandalf_The_Grey and Venustus

Similar threads

simmerskool
AI Assist Windows Sandbox vs VMware security
Replies
3
Views
433
AI-Powered Dedicated Forum
Bot
Bot
Cleo
    • Like
Advice Request pfSense, OPNsense, Neutrino
Replies
1
Views
119
ChromeOS & Linux
Bot
Bot
A
Advice Request Need to escape tracking
Replies
29
Views
1,338
General Security Discussions
aftech
A

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top