How to use “Windows Sandbox”

How to use “Windows Sandbox”

A new feature called Windows Sandbox was recently introduced in Windows Insider Build of Windows 10. In this articles we will look at how to install it and what it does.

When security researchers and malware hunters want to test software they usually spin up a new Windows Virtual Machine or use a isolation tool like Sandboxie to do their analysis. Microsoft has just announced a new builtin tool called “Windows Sandbox” that gives you a lightweight, isolated desktop environment without installing Hyper-V or downloading VHD files.

Screenshot of running Windows Sandbox

Windows Sandbox lets you run untrusted or potentially malicious software in an kernel isolated environment. In the sandbox, the executing application has no access to the host operating system or filesystem. When the sandbox is closed all files and state are permanently deleted. Under the hood, Windows Containers are used to power the sandbox.

Windows Sandbox takes up much less space than a full hyper-v vm of Windows. When the feature is enable the base Windows 10 container is only 100MB. Windows Sandbox is not a full virtual machine but an isolated kernel that leverages Intel VT or AMD-V cpu extensions, it can be compared to Linux KVM.

How to enable Windows Sandbox

Time needed: 5 minutes

Follow these detailed steps to enable Windows Sandbox.

  1. Make sure you are running Windows 10 Pro or Enterprise, build 18305 or newer

  2. Click Start and type “turn win” and launch Turn Windows Features on or off

    Or you can navigate to Settings > Apps > Apps & Features > Program and Features > Turn Windows Features on or off

    Start | Windows Features

  3. Check the box next to Windows Sandbox and click OK

    enable windows sandbox

  4. Click Start and type “windows sandbox” to launch the tool

I first tested Windows Sandbox on a Surface Pro 4 running Windows Insider Build 18305. I could not get it to run on build 18305, after launching WindowsSandbox.exe nothing would happen and the process would end silently.

After upgrading to build 18309, I was able to successfully run and test Windows Sandbox and continue writing this article. more to come…


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.