RunFence
Windows-native isolation · No virtual machines · No drivers

Fence every app in its own account.

RunFence is a Windows app isolation tool that launches each app under a dedicated local account, so browser data, wallets, credentials, and personal files stay separated from the rest of your desktop.

Download for Windows See it in action
No password prompts Encrypted vault Source-available
0 drivers
No kernel hooks. No interception layer.
1‑click
Launch under another account, no UAC typing
AES‑256‑GCM
Local credential vault, Argon2id KDF
Native accounts
Windows enforces the boundary, not a third-party layer
The problem

Your Windows account is one big bag.

Every app you run sees the same Documents folder, the same browser cookie jar, the same SSH keys, the same wallet files. One compromised process, one curious AI agent, one shady app — and everything in that bag is reachable.

Without RunFence

Everything reads everything.

A single Windows account. Any process you launch can open any file under your profile.

browser.exe
claude.exe
untrusted.exe
Cookies
Source
SSH keys
With RunFence

Each app stays in its lane.

One account per app. The OS — not a third-party driver — enforces the boundary.

browser.exe
claude.exe
untrusted.exe
Cookies
Source
SSH keys
Real workflows

Pick what you want to fence.

The same launch flow works for any of these. Set it up once, forget about it, and let Windows do the enforcement.

video
Featured · For developers

Run Claude Code without giving it the rest of your machine.

Run Claude Code with --dangerously-skip-permissions in a dedicated local account so it only sees the project folders you explicitly allow. That keeps sensitive files and unrelated browser sessions out of reach.

  • No access to SSH keys
  • No access to browser sessions
  • No access to wallets or personal files
  • Per-project ACL rules — agent only touches what you whitelist
For crypto users

Keep wallet files away from everything else.

Run your wallet under its own account. Wallet files and private keys stay isolated from unrelated processes, browser sessions, and casual app access — even if something else on your machine goes sideways.

  • Wallet account cannot read your main profile
  • Other apps cannot read your wallet account
  • Optional Internet block + per-host allowlist
  • Launch from the tray with credentials handled for you
For risky browsing

Separate sensitive sessions from everything you click on.

Separate passwords, cookies, and history so other apps cannot reach your browser session. If the browser is exploited, the attack stays in that account and cannot reach your wallets, SSH keys, or personal files.

  • Other apps cannot read the browser's cookies, history, or saved passwords
  • If the browser is exploited, the attack stays in that account
  • Wallets, SSH keys, and personal files are out of reach
  • Use any browser — no extensions required
For admin tools

Launch elevated apps without typing the password every time.

Launch specific apps with administrator rights without repeated UAC prompts or typing credentials every time. The credentials live in the encrypted vault and apply only to the apps you opt in.

  • No runas /savecred — those credentials are usable by any app on the machine and Windows tends to forget them
  • No system-wide UAC weakening
  • Per-app, per-account scoped
  • Credentials encrypted in the local vault, only used for the app you opted in
For unfamiliar software

Try untrusted software in a fenced account.

Run unfamiliar apps under a restricted account that cannot reach your documents or personal credentials. Add AppContainer or low-integrity mode for an extra layer when the app supports it.

  • Account cannot read your main user profile
  • Optional Internet block per account, with per-host allowlist exceptions
  • Optional AppContainer / low-integrity
  • Delete the account when you're done — ACL cleanup is automatic
RunFence main window with application list
Feature set

Built for daily use, not for theatre.

The GUI covers app isolation, account management, firewall controls, shortcuts, and safety checks — all without leaving your desktop.

Application isolation without virtualization

Each app runs under a real Windows account, with the OS enforcing the boundary rather than a third-party interception layer.

Launch from the tray under another account

Store the account once, then run the app without entering the password every time.

Encrypted credential vault

Store account passwords locally with DPAPI, AES-256-GCM, and Argon2id-based key derivation. No credentials leave the machine.

Per-app internet blocking

Block Internet, localhost, or LAN for the account running the app, and keep custom allowlist exclusions for destinations that still need access.

Startup security scanner

Detect risky write access to auto-run locations such as startup folders, registry run keys, services, scheduled tasks, and more.

Account ACL Manager

Set deny or allow rules for folders, drives, and AppContainer SIDs. Clean up ACL entries automatically when accounts are deleted.

Shortcuts and tray launching

Launch isolated apps from the desktop, Start Menu, or any folder without opening the main window first.

Cross-user drag and drop

Move files between windows owned by different accounts with a lightweight bridge and hotkeys.

Optional stronger sandboxing

Use AppContainer or low-integrity mode when the application can work within tighter restrictions.

How it works

Four steps. Then forget about it.

Create a dedicated account, define the access it should have, and launch the app through RunFence. Future launches need no password.

01

Create an isolated account

Use a dedicated local Windows account for the app you want to contain.

02

Grant only required access

Use the ACL manager to allow specific folders, shared data, or special app paths.

03

Launch from RunFence

Run the app from RunFence while it handles the account credentials.

04

Keep the workflow simple

Use shortcuts, tray launch, Explorer context menu integration, and cross-user file transfer when you need them.

Compare

Why native Windows accounts beat driver-based sandboxes.

RunFence relies on Windows account isolation instead of a third-party layer that has to intercept behavior in the middle.

Capability RunFence Driver-based sandbox
Kernel driver required No Yes
Interception layer None Bypass vectors exist
Performance Native Degraded
Enforcement model Windows account boundaries Third-party driver
FAQ

Practical questions before you start.

Can I share files between my main account and an isolated one?
Use a shared folder with explicit permissions or the built-in cross-user drag-and-drop bridge for ad-hoc transfers.
Can an isolated app read my personal files?
Standard Windows user folders — Documents, Downloads, Desktop, AppData, and similar — are inaccessible to other accounts by default. For paths outside those defaults, use the Account ACL Manager to add explicit rules.
Does RunFence work with games?
It depends on the launcher and anti-cheat system. Some launchers need elevation to install games, and the game itself then runs under the isolated account. Steam is the only major launcher that can itself be installed without elevation.
Do I need Pro or Enterprise edition of Windows?
Home edition works, but Pro is recommended. RunFence relies on standard local accounts and ACLs, which exist on every Windows 10+ SKU — Pro adds finer policy controls some users find useful.
Will my passwords leave the machine?
No. Account passwords are stored locally with DPAPI, AES-256-GCM, and Argon2id-based key derivation. License validation is local; there is no server-side phone-home.

Stop sharing one account with everything you run.

Download the release and set up the accounts you need for wallets, browser isolation, and tools like Claude Code.

Free Evaluation use, no time limit
Per-machine license
Download latest release
Windows 10+ · ~5 MB
View pricing Source