Comment by andersa
2 days ago
Sadly, Windows cannot do that. Every installed program has full disk access by default. It's very, very difficult to make it not so.
2 days ago
Sadly, Windows cannot do that. Every installed program has full disk access by default. It's very, very difficult to make it not so.
Windows has had that feature for 9 years. https://learn.microsoft.com/en-us/defender-endpoint/controll...
This is implemented the wrong way around. Each program should only have access to its own folders by default, with it being possible to grant additional access. Also, I don't believe Endpoint stuff is included in the normal Windows license.
https://learn.microsoft.com/en-us/windows/security/applicati...
Microsoft has refused to allow any kind of persistence of these sandboxes making them absolutely worthless. Such a waste of an otherwise good feature.
Windows Sandbox is not for persistent apps
AppContainer (e.g. used in uwp or msix)
Can you configure that as a user for an unsafe program you want to run such as an online game? I think not.
Maybe it isn't built-in, but most Windows user I've worked with, including myself, have been using Sandboxie for probably two decades at this point, probably hard to find any Windows software that is more ubiquitous than Sandboxie in developer circles.
Sandboxie is essentially a giant pile of fragile hacks on top of a Windows API that does not want to be used this way. Does it seem like it works most of the time? Sure. Has it had bypasses? Also yes. I've used it in the past but I don't truly trust it.