Understanding Antivirus Sandbox limitations

The most advanced antiviruses fight against malware with different techniques, like signature-based detection and heuristic analysis. In case those two are bypassed by the malware, there is still the Sandbox environment which executes the malware in a safe environment in order to detect suspicious behaviours.

Let us now suppose that a malware in some way fools the AV Sandbox avoiding runnig the malicious code.

At this stage, is the malware the winner by executing the malicious code in the system?

Is the AV capable of doing something outside the Sandbox, or it is impossible to detect the malware at this stage??