According to Tom, its creator, Ren'py is already sandboxed: it can access only the folder where the .exe is and the one where the saves are stored (...\AppData\Roaming\Renpy\THE_GAME_NAME). But a bad guy could have hacked or injected some malware in the .exe or in the "renpy" or "lib" folders. So what to do?
A solution is: do what people do when a game doesn't run on their OS (because of lack of libraries). Visit the official Ren'py site, download the SDK and create a new project. This will have a folder, "game", and iirc a file, "log.txt": replace that folder with the one of the same name you have downloaded from here, then launch the project.
The VM solution is safer,
ça va sans dire.
Edit: did you look for a solution on the official
You must be registered to see the links
? Probably there is already one. Or, if you post there, chances are that Tom himself will answer.