Windows Sandbox is a full VM with all the advantages that brings, like most definitely a stronger security boundary around it, as well as all the disadvantages, like not properly sharing RAM and GPU access.
You also can't make a Windows Sandbox persistent in any way which makes the feature entirely useless for most uses cases I can think of. Don't understand the decision.
You can more or less get around this by using shared folders and logon commands on the .wsb configuration file [1].
For example, suppose you want to sandbox your torrent client. You can create a .wsb file to give the sandbox access to the torrent client application folder as well as your downloads folder, and specify a logon command like "C:\Shared\Torrent client\torrent.exe". When you click the .wsb file, a sandbox will spawn and the torrent client will automatically start, but it will only have access to the two folders you shared, not all the filesystem. And once you close it, the sandbox will be wiped, but the data on the shared folders will remain.
This can work for many programs, especially portable applications, games, and other software that doesn't interact with the broader OS. Just by sharing the program folder, you can get "persistence" in a way.
> Context menus issues. If context menus are not displayed
Windows right click context menus are pita. I don’t know but for some applications I could never make them work. Case in point I struggle with recently: Windows Explorer > open a Windows Terminal in the current folder. I can do it if I right click the folder itself but once I open the folder and I right click the empty space inside there it doesn’t work (but I can open a Powershell there to make it even more confusing). Wasted so many hours on that but never could make it work.
In Windows Explorer you can write "cmd" (without quotes) in the address bar to open a command prompt in the current directory.
Similarly you can write "powershell" (without quotes) to open a powershell window in the current directory.
Also there is the shortcut Ctrl+L to move input focus to the address bar.
My understanding is that Sandbox runs on top of Hyper-V. Is it a VM? Is it some kind of native Windows container? Why can you only run one instance at a time?
It's a VM plus lightweight guest OS to leverage the host resource as much as possible, so can be thought as a container (but not as independent as typical containers, the guest OS should be synchronized with the host OS). And I think multiple sandbox instances can coexist.
Ah! Sorry for the confusion, you are right that there can be at most one Windows Sandbox running at a time. But Windows Sandbox is based on Windows Containers [1] which can coexist (Defender already uses the same technology, so this must be true), and it seems that the single instance limitation of Sandbox is more or less artificial [2]. I haven't yet seen a third-party attempt to emulate Sandbox but it looks in principle possible.
Kata containers, gvisor?
Or if you want GUI application sandboxed then I've heard of people assembling VM filesystems on the fly and booting up a VM in qemu/kvm, but idk if that's available in a neat package.
