Appearance
Visual Studio
Validate Visual Studio (Devenv) behaviors under the Secure Sandbox.
Objectives
- Enforce network controls for NuGet and other extensions.
- Verify debugger isolation.
- Prevent data exfiltration via clipboard and drag-drop.
- Ensure file system writes (build artifacts) are contained.
Preconditions
- Windows target with Turbo Launcher and Secure Sandbox.
- Visual Studio installed.
Controls Under Test
runtime.networking.egressDefaultAction.runtime.files.contexts.runtime.dataMotion.rules[]withchannel: "clipboard"|"dragDrop".- Process isolation settings.
Test Scenarios
| ID | Canonical ID | Scenario | Procedure | Expected Outcome |
|---|---|---|---|---|
| SCEN-APP-VISUAL-STUDIO-01 | NET-EGRESS-01 | NuGet Restore | Manage NuGet packages. | Traffic traverses proxy; blocked if package source not allowlisted. |
| SCEN-APP-VISUAL-STUDIO-02 | HARD-PROCESS-02 | Debugger Attach | Attempt to attach debugger to host process. | Isolation: Cannot see or attach to host processes. |
| SCEN-APP-VISUAL-STUDIO-03 | HARD-HOST-03 | Build Artifacts | Run a build generating binaries. | Artifacts written to sandbox/overlay; not visible on host unless path mapped. |
| SCEN-APP-VISUAL-STUDIO-04 | DM-CLIP-01 | Clipboard Outbound | Copy code; paste to host. | Denied/processed per policy. |
| SCEN-APP-VISUAL-STUDIO-05 | DM-DRAG-01 | Drag-Drop Outbound | Drag file to host. | Blocked per policy. |
Evidence Requirements
networkevents: destination, action.fileOpevents: write attempts.dataMotionevents:channel,actionfor clipboard/dragDrop.processevents.
