Virtualization software like Sandboxie, Time Freeze, Shadow Defender etc. intercept anything that would be written to the protected drive partition(s), and instead writes it to a VHD [Virtual Hard Disk]. Then when Windows or software goes to read from the protected drive(s), the virtualization software determines whether the requested data is on the real, physical drive, or has been written to the VHD, redirecting the request for data as needed. When the system is restarted the records of what was stored on that VHD are deleted, presenting the user with a clean slate so-to-speak.
Malware that detects it's running in a virtualized environment may remain dormant, based on the idea that someone may be trying to monitor the malware to determine how it works. Or it may try to move beyond that virtualized environment, or it may not detect anything & just do its thing normally. Those normal operations may include spreading beyond the infected device, &/or stealing any information it can find. What it can't do is stay present on the protected drive(s), starting & running every time Windows starts & runs -- to survive it has to be stored somewhere else, e.g. a unprotected drive partition, in the bios storage etc.
Windows Defender Application Guard or System Guard requires a bit more explanation...
The CPU doesn't read from disk directly -- code is loaded 1st into system memory, then part of that is copied to the CPU's own memory, & then finally acted upon. Both the system & CPU memory are divided up into sections that are supposed to be isolated and protected, so that a malware app for example can't get access to what a banking app has stored in memory when you're using it.
Sections of a CPU's memory cache store data that the CPU may [or may not] need next. Security researchers have figured out how to break down some of the walls that are supposed to keep sections of memory isolated & protected, including those speculative sections of the CPU cache. Fixes that try to prevent exploits from accessing those sections of CPU memory cache also effect the way that they work, and when that speculative cache isn't working as originally designed, the CPU becomes less efficient, and slower, as with the Spectre patches.
What Microsoft, together with Intel, AMD etc. is working on, are ways to better isolate & protect what's stored in memory. Virtualization-based Security (VBS) walls off the individual section of memory than an app would use. But Windows does that now -- maybe just not well enough. What's different is that VBS uses hardware virtualization tech combined with stricter security-based restrictions, so that even if a malware app gets on your system, & manages to get run, the effects from running that malware are limited, because its processes are sort of encapsulated in this virtualized container in memory. Meanwhile every other process is similarly encapsulated, making it harder to access.
docs[.]microsoft[.]com/en-us/windows-hardware/design/device-experiences/oem-vbs
That all said, please bear in mind that it's pretty complex work for Microsoft to get VBS working, & vulnerabilities may well exist that just haven't been found yet -- the vulnerabilities that allow Spectre to work have been around for years & years. It also needs specific hardware features to run, may have issues with non-compliant drivers, and may impact performance etc.
