security
SANDBOX DETECTION
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
Context Rail
Tags and Themes
On This Page
Sandbox Detection Feature
Overview
The sandbox detection module identifies containerized and virtualized runtimes and feeds that signal into the runtime tamper-response pipeline.
Current implementation status:
- API implemented: IsSandboxed, DetectSandboxType, GetSandboxIndicators
- Platform detectors implemented: Windows, Linux, macOS
- Runtime enforcement integrated in bytecode execution path (runner.Run pre-execution)
- Telemetry integrated: sandbox_detected counter and audit event
API
IsSandboxed() bool
Returns true when detection confidence is greater than or equal to the built-in threshold (currently 70).
if security.IsSandboxed() {
// High-confidence sandbox/container/vm signal
}
DetectSandboxType() (string, int)
Returns the most likely environment type and confidence in [0, 100].
Behavior:
- Returns ("none", 0) when no signal is present
- Confidence is clamped to [0, 100]
- Type is the highest-scoring class for current platform heuristics
sandboxType, confidence := security.DetectSandboxType()
if confidence >= 70 {
log.Printf("detected %s (%d%%)", sandboxType, confidence)
}
GetSandboxIndicators() []string
Returns normalized, deduplicated indicator strings used by the detector.
for _, indicator := range security.GetSandboxIndicators() {
log.Println(indicator)
}
Implemented Detection Signals
Linux
Container and VM heuristics currently include:
- Marker files: /.dockerenv, /run/.containerenv, /proc/xen
- Environment markers: KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT
- Cgroup markers from /proc/1/cgroup and /proc/self/cgroup: docker, containerd, podman, libpod, crio, kubepods, lxc, systemd patterns
- CPU markers from /proc/cpuinfo: hypervisor, kvm, qemu, vmware, virtualbox, xen
- DMI markers from /sys/class/dmi/id/*: vmware, virtualbox, kvm/qemu, xen, hyper-v fingerprints
Potential types include: Docker, Container, Kubernetes, LXC, systemd-nspawn, VM, KVM/QEMU, VMware, VirtualBox, Xen, Hyper-V
Windows
VM/sandbox heuristics currently include:
- Driver/library file markers: vmmouse.sys, vmhgfs.sys, VBoxMouse.sys, VBoxGuest.sys, xenbus.sys, SbieDll.dll
- Environment markers: SANDBOXIE, CUCKOO, VBOX_INSTALL_PATH
- Process markers from tasklist: vmtoolsd.exe, vmwaretray.exe, vboxservice.exe, vboxtray.exe, xenservice.exe, qemu-ga.exe, sbiectrl.exe, sandboxiedcomlaunch.exe
Potential types include: VMware, VirtualBox, Xen, KVM/QEMU, Sandboxie, Cuckoo
macOS
Virtualization/sandbox heuristics currently include:
- Environment markers: APP_SANDBOX_CONTAINER_ID, DYLD_INSERT_LIBRARIES, COLIMA_HOME
- Application/file markers: /Applications/VMware Fusion.app, /Applications/VirtualBox.app, /Applications/Parallels Desktop.app, /Applications/UTM.app, /Users/Shared/Parallels, /opt/homebrew/bin/colima
- Process markers from ps -axo comm: vmware-vmx, vboxservice, vboxclient, prl_tools, qemu-system, colima
Potential types include: macOS App Sandbox, Colima, VMware Fusion, VirtualBox, Parallels, UTM, QEMU
Runtime Enforcement Integration
Sandbox detection is enforced in runner.Run at pre-execution stage, after decode and after anti-debug pre-execution check.
Current flow:
- Signature verification
- Anti-debug pre-decode
- Decode/decrypt
- Anti-debug pre-execution
- Anti-sandbox pre-execution
- VM run
On sandbox detection:
- Event recorded: sandbox_detected
- Base error: ErrSandboxDetected
- Response policy resolved by existing tamper policy mechanism
Default response behavior:
- Secure mode: terminate
- Compat mode: warn
- Override via runtime setting (warn|delay|terminate)
Telemetry
Sandbox detection contributes to security telemetry snapshot/export:
- sandbox_detected
Audit stream integration (when runtime setting=1):
- event=sandbox_detected stage=
Telemetry export file is controlled by:
- runtime setting
Testing
Relevant tests:
- security package sandbox API contract and telemetry coverage
- runner package anti-sandbox policy behavior (secure terminate, compat warn)
Run:
go test ./security ./runner
Known Limitations
- Heuristic coverage is intentionally lightweight and may miss sophisticated environments.
- False positives are possible in legitimate virtualized/containerized deployments.
- Some signals depend on process/file visibility and OS permissions.
- Confidence scores are heuristic, not cryptographic guarantees.
Future Enhancements
- Cloud metadata-based environment detection.
- Additional sandbox frameworks and emulator fingerprints.
- Policy controls specific to sandbox events (separate from debugger/integrity policies).
- Configurable confidence threshold for IsSandboxed.