How to use “Windows Sandbox”

A new feature called Windows Sandbox was recently introduced in Windows Insider Build of Windows 10. In this articles we will look at how to install it and what it does.

When security researchers and malware hunters want to test software they usually spin up a new Windows Virtual Machine or use a isolation tool like Sandboxie to do their analysis. Microsoft has just announced a new builtin tool called “Windows Sandbox” that gives you a lightweight, isolated desktop environment without installing Hyper-V or downloading VHD files.

Windows Sandbox lets you run untrusted or potentially malicious software in an kernel isolated environment. In the sandbox, the executing application has no access to the host operating system or filesystem. When the sandbox is closed all files and state are permanently deleted. Under the hood, Windows Containers are used to power the sandbox.

Windows Sandbox takes up much less space than a full hyper-v vm of Windows. When the feature is enable the base Windows 10 container is only 100MB. Windows Sandbox is not a full virtual machine but an isolated kernel that leverages Intel VT or AMD-V cpu extensions, it can be compared to Linux KVM.

How to enable Windows Sandbox

I first tested Windows Sandbox on a Surface Pro 4 running Windows Insider Build 18305. I could not get it to run on build 18305, after launching WindowsSandbox.exe nothing would happen and the process would end silently.

After upgrading to build 18309, I was able to successfully run and test Windows Sandbox and continue writing this article. more to come…

References

• Insider Build 18305 announcement
• Technical Details of Windows Sandbox