: Is Windows Sandbox a possible vulnerability?
: Is Windows Sandbox a possible vulnerability?
I'm working on Windows 11 Pro, Version 23H2, OS build 22631.5840. My power supply is a Corsair RM1000x 1000W unit. It was purchased new three years ago. My storage setup includes an HP SSD S650 with 960GB capacity and 171GB free space, a Samsung SSD 990 EVO 2TB with 1.33 TB free, a SandDisk Ultra 3D NVMe 1TB with 48GB free, and a Western Digital 500GB Sn550 NVMe with 132GB free. I also have a 500 GB Maxone external HDD connected via USB. I'm using an Ethernet connection. The sandbox file configuration follows the specified settings: VPGU with "EnableVendorExtensions", networking is enabled (internet disabled only when necessary), audio input is off, video input is on, ProtectedClient is off, printer redirection is off, clipboard redirection is on, and memory is set to 30,000MB. I've performed multiple Eset home security scans since this issue occurred. The scan covers all drives, operating memory, boot sectors/UEFI, WMI database, and system registry.
I've shared updates about this on various platforms. I haven't found any solutions or answers.
I use Windows Sandbox to run programs or open applications that pass virus checks, but I'm still uncertain. I never intentionally launch malware. I always turn off the internet when testing. About two weeks ago, I opened it as usual and logged in with a non-personal account that didn't contain any sensitive data. When closing the session, I noticed random search queries (some in Russian) appeared in the Windows search history. Some looked suspicious, like searches for "team viewer," while many others seemed harmless.
After closing the sandbox and logging back into my desktop account, I deleted the account, and the confirmation message was in Russian. This strongly suggests someone accessed it without any intention to cause harm and then logged out. I removed the sandbox base image and reinstalled everything related to sandboxing that I could find. Still, new searches kept appearing in a fresh sandbox. I wouldn't share this if my main operating system had obvious malware, as I'd expect that would be the issue.
I've used Wireshark and observed no unusual activity that makes sense. I've run numerous Eset scans and found absolutely no malicious behavior. Each new sandbox shows only a strange stream of search queries in different languages. It appears Windows Sandbox is fully exposed to the internet, with searches changing dramatically each time. I did encounter one sandbox earlier this year that behaved similarly but disappeared after a restart.
I only mentioned "vulnerability" in the title because I've seen similar complaints on forums and received messages from users reporting identical issues on basic systems—even fresh Windows 10 and 11 installations. If this was on my network or an info-stealer, why would it target containers specifically without stealing data over time?
Update your post with complete hardware details and operating system specifics.
PSU: voltage, model, wattage, age, condition (original, build, refurbished, used).
Disk drive(s): brand, model, capacity, current usage percentage?
List of all connected peripherals.
Network type: wired or wireless?
Windows Sandbox: status and configuration?
Any AV or malware scans performed?
In Task Manager, check for unknown or unexpected applications running at startup or otherwise detected. Also review the Task Scheduler for any triggered processes.
Inspect the Hosts file for potential redirect entries.
Examine the router logs (if available and enabled) for relevant information.
Identify anyone else with access to your computer or network, or those who could connect physically or wirelessly to your ISP connection.
The origin of the item you opened before everything changed is unclear, but understanding it might help clarify the situation.
I'm trying to understand what you mean by your statements. The Windows Sandbox always starts with a clean slate every time you open it. All data inside is wiped out when you close it, nothing remains.
You mention something about logging into a non-serious account with no personal information. Could you clarify which account this was? Did you access the sandbox through the Edge browser that comes with it? How did you end the sandbox? Usually I just click the red X in the top-right corner—there’s no need to use the Power button or Shutdown from the Sandbox menu, although you can restart the sandbox without deleting everything (just for apps that require a restart during installation). Are these Russian-looking searches showing up in the Recents list in the Search Window, or are they appearing elsewhere? If so, where exactly?
You also say you deleted the base image and reinstalled everything related to sandbox as much as possible. The Windows Sandbox is turned on and off through the 'Turn Windows Features On and Off' dialog in the standard Programs & Features control panel. Your reference to "deleting the base image" doesn’t seem to fit with how the Windows Sandbox works.
You ask if these are new searches appearing in a fresh sandbox, but that’s not possible—the entire Windows Sandbox is erased when you close it. Only the Restart option preserves data (see https://learn.microsoft.com/en-us/window...s-sandbox/). Are you certain you’re referring to the built-in Windows Sandbox and not a different third-party sandbox?
I'm confident about this. Perhaps the details were too general. I use a local account on my PC. I started using the Edge web browser inside a sandbox and entered a maxon.com login. During the session, only Edge was active. After closing the sandbox via the X button at the top, the search results always showed recent entries. When I mentioned deleting the base image and related files, I meant the folder named "Containers" which contains another folder called 'BaseImages'. This directory is located at C:\ProgramData\Microsoft\Windows\Containers. There was a discussion on the Microsoft forums suggesting this, stating that the base image file "sandbox.vhdx" is stored there and that it might have been compromised somehow. I have definitely uninstalled and reinstalled sandbox multiple times through the Windows features menu since this issue arose, trying to resolve it.
I updated my original post with more details. I checked my task scheduler, autoruns, procmon, and wireshark, finding nothing unusual and surprisingly low activity. I plan to review my router settings and logs tonight. To be honest, for a few minutes after exiting the sandbox, I began browsing Reddit for related information and received a warning about being blocked by network security, advising me to log in with an account. Interestingly, I could still view the initial posts on these Reddit threads, but only when clicking on results from Google rather than starting from the homepage. Also, it might be relevant that I started using sandboxie-plus last night after my original post. Leaving it alone, I revisited Reddit (without using sandboxie, just running it in the background briefly) to keep searching, and was completely blocked by their network security—this time without being prompted to log in with an account. It happened only once, and I can't reproduce it now, so I'm not sure what it was about. Also, I share this network with family members.
This is where unusual searches originate, which is what I would anticipate. If you encounter them both within and beyond the Sandbox, the likely culprit is the account in question.
The Sandbox remains a separate, isolated setup, yet inside it functions as a standard Windows system. Accessing a compromised site or downloading malware will manifest its impact exclusively within the Sandbox. When anomalies appear both inside and outside, the problem likely lies elsewhere.
Can you share a reference to the Microsoft guidance on removing those containers?
The initial guidance came from the advice to remove the folder. I'm still unsure about the guidelines for linking websites, as these often point to Microsoft and YouTube. The YouTube video simply demonstrates a similar issue in a sandbox environment.
The guidance provided isn't from Microsoft itself but from an 'independent advisor' on a Microsoft forum. I would file this with Microsoft.