M1048: Application Isolation and Sandboxing
Application Isolation and Sandboxing refers to the technique of restricting the execution of code to a controlled and isolated environment (e.g., a virtual environment, container, or sandbox). This method prevents potentially malicious code from affecting the rest of the system or network by limiting access to sensitive resources and critical operations. The goal is to contain threats and minimize their impact. This mitigation can be implemented through the following measures:
Browser Sandboxing:
- Use Case: Implement browser sandboxing to isolate untrusted web content and prevent malicious web pages or scripts from accessing sensitive system resources or initiating unauthorized downloads. - Implementation: Use browsers with built-in sandboxing features (e.g., Google Chrome, Microsoft Edge) or deploy enhanced browser security frameworks that limit the execution scope of active content. Consider controls that monitor or restrict script-based file generation and downloads commonly abused in evasion techniques like HTML smuggling.
Application Virtualization:
- Use Case: Deploy critical or high-risk applications in a virtualized environment to ensure any compromise does not affect the host system. - Implementation: Use application virtualization platforms to run applications in isolated environments.
Email Attachment Sandboxing:
- Use Case: Route email attachments to a sandbox environment to detect and block malware before delivering emails to end-users. - Implementation: Integrate security solutions with sandbox capabilities to analyze email attachments.
Endpoint Sandboxing:
- Use Case: Run all downloaded files and applications in a restricted environment to monitor their behavior for malicious activity. - Implementation: Use endpoint protection tools for sandboxing at the endpoint level.
Analyst context for executives and security teams
Application isolation and sandboxing is a containment control: it assumes some web content, attachments, downloads, applications, or virtualized workloads may be hostile and limits what they can touch. For leaders, its value is not that it prevents every compromise, but that it can reduce blast radius when users browse the web, open files, run high-risk applications, or operate containerized/virtualized services.
Executive priority
Prioritize this mitigation where exploitation or untrusted content could interrupt operations, expose credentials, or enable lateral movement. The ATT&CK relationships connect it to initial access, execution, privilege escalation, credential access, lateral movement, and stealth techniques, including drive-by compromise, client exploitation, public-facing application exploitation, HTML/SVG smuggling, IPC abuse, and escape-to-host scenarios. Executives should ask whether isolation is consistently applied to browsers, email attachments, downloaded files, high-risk applications, and container/virtualized workloads—and whether exceptions are governed and auditable.
Technical view
ATT&CK provides no detection text for M1048, so validation should focus on control presence, enforcement, and escape paths rather than a single analytic. SOC and IR teams should verify that browser sandboxing, attachment detonation, endpoint sandboxing, and application virtualization are deployed where intended; that generated/downloaded files from HTML or SVG content are inspected or restricted; and that container or virtualized workloads maintain separation from hosts. For Windows environments, relationship context makes COM/DCOM, DDE, and other IPC abuse relevant when assessing whether isolation boundaries actually prevent code execution or lateral movement from affecting the broader host or network.
Likely telemetry
- Browser security and download events, especially script-driven file generation or downloads from HTML/SVG content
- Email security gateway or attachment sandbox verdicts and detonation logs
- Endpoint protection events for downloaded files, sandbox execution, blocked behaviors, and process containment
- Application virtualization or sandbox policy enforcement logs
- Container, virtualization, and host security logs showing boundary violations, privileged operations, or attempted escape behavior
Detection direction
- Confirm that telemetry proves sandboxing is active, not merely licensed or configured in policy.
- Tune for suspicious file creation and downloads initiated by browser-active content, including HTML and SVG use cases noted in the mitigation description and relationships.
- Correlate sandbox alerts with endpoint and identity activity to determine whether contained content led to execution attempts, credential access attempts, or lateral movement indicators.
- Review false positives from legitimate automation, browser downloads, email workflows, IPC-heavy applications, and development/container operations before escalating.
- Test common blind spots: encrypted or password-protected attachments, files generated client-side in the browser, unmanaged browsers, user-approved downloads, isolated applications with excessive host access, and container/VM configurations that weaken host separation.
Mitigation priorities
- Start with the highest-volume untrusted content paths: browsers, email attachments, and downloaded files.
- Use application virtualization or controlled execution for high-risk or business-critical applications where compromise of the host would create material operational risk.
- For public-facing, containerized, or virtualized workloads, validate isolation boundaries, least privilege, and separation from the underlying host.
- Restrict or monitor script-based file generation and downloads commonly associated with HTML smuggling, as described by ATT&CK.
- Document exceptions, ownership, and compensating controls so isolation can support audit evidence and incident response decisions.
Analyst notes and limits
This is a mitigation object, not a technique, so the take is control-oriented. The relationship set shows broad applicability across exploitation, smuggling, IPC abuse, lateral movement, credential access, stealth, and escape-to-host behaviors. Coverage decisions should be risk-based: where untrusted code enters, where applications are exposed, and where isolation failure would affect critical operations.
ATT&CK does not specify platforms or detection guidance for M1048 itself. Platform context comes only from related techniques, so local architecture, tool configuration, telemetry availability, and control testing are required before making coverage claims.
Application Isolation and Sandboxing
Application Isolation and Sandboxing refers to the technique of restricting the execution of code to a controlled and isolated environment (e.g., a virtual environment, container, or sandbox). This method prevents potentially malicious code from affecting the rest of the system or network by limiting access to sensitive resources and critical operations. The goal is to contain threats and minimize their impact. This mitigation can be implemented through the following measures:
Browser Sandboxing:
- Use Case: Implement browser sandboxing to isolate untrusted web content and prevent malicious web pages or scripts from accessing sensitive system resources or initiating unauthorized downloads. - Implementation: Use browsers with built-in sandboxing features (e.g., Google Chrome, Microsoft Edge) or deploy enhanced browser security frameworks that limit the execution scope of active content. Consider controls that monitor or restrict script-based file generation and downloads commonly abused in evasion techniques like HTML smuggling.
Application Virtualization:
- Use Case: Deploy critical or high-risk applications in a virtualized environment to ensure any compromise does not affect the host system. - Implementation: Use application virtualization platforms to run applications in isolated environments.
Email Attachment Sandboxing:
- Use Case: Route email attachments to a sandbox environment to detect and block malware before delivering emails to end-users. - Implementation: Integrate security solutions with sandbox capabilities to analyze email attachments.
Endpoint Sandboxing:
- Use Case: Run all downloaded files and applications in a restricted environment to monitor their behavior for malicious activity. - Implementation: Use endpoint protection tools for sandboxing at the endpoint level.
How security teams should use this page
Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.
Techniques used
This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.
| Domain | ID | Name | Relationship / procedure |
|---|---|---|---|
| Enterprise | T1190 | Exploit Public-Facing Application | Application isolation will limit what other processes and system features the exploited target can access. |
| Enterprise | T1027.006 | HTML Smuggling Sub-technique | Use Browser Extensions or Built-in Security Tools that: - Monitor JavaScript API calls such as `Blob`, `URL.createObjectURL,` and `msSaveOrOpenBlob` - Intercept and analyze HTML5 `download` attributes for suspicious payload generation - Alert or block behaviors that match known HTML smuggling patterns (e.g., blob-to-disk payload construction) Apply Content Security Policy (CSP) headers to: - Restrict inline JavaScript and dynamic script generation - Disallow downloads from unauthorized sources or blob URIs - Prevent cross-origin resource sharing (CORS) abuse commonly used in smuggling chains Enable or enforce enterprise browser security controls, such as: - Endpoint's Network Protection and Attack Surface Reduction (ASR) rules, which can block Office and browser processes from creating child processes or writing to disk in suspicious ways - Google Chrome Enterprise Policies, which can control file download behavior, restrict extensions, and isolate risky browsing environments Deploy browser sandboxing solutions that can isolate JavaScript execution environments and enforce behavioral policy restrictions |
| Enterprise | T1611 | Escape to Host | Consider utilizing seccomp, seccomp-bpf, or a similar solution that restricts certain system calls such as mount. In Kubernetes environments, consider defining Pod Security Standards that limit container access to host process namespaces, the host network, and the host file system.CitationKubernetes Hardening Guide |
| Enterprise | T1189 | Drive-by Compromise | Browser sandboxes can be used to mitigate some of the impact of exploitation, but sandbox escapes may still exist.CitationWindows Blogs Microsoft Edge SandboxCitationArs Technica Pwn2Own 2017 VM Escape Other types of virtualization and application microsegmentation may also mitigate the impact of client-side exploitation. The risks of additional exploits and weaknesses in implementation may still exist for these types of systems.CitationArs Technica Pwn2Own 2017 VM Escape |
| Enterprise | T1068 | Exploitation for Privilege Escalation | Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist. CitationArs Technica Pwn2Own 2017 VM Escape |
| Enterprise | T1559 | Inter-Process Communication | Ensure all COM alerts and Protected View are enabled.CitationMicrosoft Protected View |
| Enterprise | T1021.003 | Distributed Component Object Model Sub-technique | Ensure all COM alerts and Protected View are enabled.CitationMicrosoft Protected View |
| Enterprise | T1559.001 | Component Object Model Sub-technique | Ensure all COM alerts and Protected View are enabled.CitationMicrosoft Protected View |
| Enterprise | T1210 | Exploitation of Remote Services | Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist. CitationArs Technica Pwn2Own 2017 VM Escape |
| Enterprise | T1559.002 | Dynamic Data Exchange Sub-technique | Ensure Protected View is enabled.CitationMicrosoft Protected View |
| Enterprise | T1027.017 | SVG Smuggling Sub-technique | Browser sandboxes can be used to mitigate some of the impact of exploitation, but sandbox escapes may still exist. |
| Enterprise | T1203 | Exploitation for Client Execution | Browser sandboxes can be used to mitigate some of the impact of exploitation, but sandbox escapes may still exist. CitationWindows Blogs Microsoft Edge Sandbox CitationArs Technica Pwn2Own 2017 VM Escape Other types of virtualization and application microsegmentation may also mitigate the impact of client-side exploitation. Risks of additional exploits and weaknesses in those systems may still exist. CitationArs Technica Pwn2Own 2017 VM Escape |
| Enterprise | T1212 | Exploitation for Credential Access | Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.CitationArs Technica Pwn2Own 2017 VM Escape |
| Enterprise | T1211 | Exploitation for Stealth | Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist. CitationArs Technica Pwn2Own 2017 VM Escape |
All related ATT&CK context
Object version and sync metadata
The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .
Imported snapshots across ATT&CK releases (1)
| Release | Bundle imported | Object version | Modified | Status | Raw hash |
|---|---|---|---|---|---|
| 19.1 | 1.3 | Current bundle | 9f05e9ef2936… |
Mirrored ATT&CK source object
The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.
External references and citations
MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.
-
[1]
mitre-attack M1048Open source URL
Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.