Configure Windows Sandbox as Virtual Machine to Test Malicious Applications

bardimin pic

Written by Bardimin

On June 2, 2022
Home » Blogs » Windows » Configure Windows Sandbox as Virtual Machine to Test Malicious Applications

Sandbox provides a lightweight and secure environment for running applications.

that you install in the Windows Sandbox environment will run separately from its host.

Sandbox is temporary, all files and applications you install will be deleted when you close it.

Minimal requirements to run Windows Sandbox

  • Windows 10 Pro, Enterprise, or Education build 18305 or Windows 11 (Windows Sandbox is not currently supported on Windows Home editions)
  • AMD64 or (on Windows 11 Build 22483) ARM64 architecture
  • Virtualization capability enabled in BIOS
  • At least 4 GB RAM (8 GB recommended)
  • At least 1 GB of free disk space (SSD recommended)
  • At least two CPU cores (four cores with hyperthreading recommended)
windows sandbox

Windows Sandbox Installation

1. Enable Virtualization in BIOS.

You can check in the Task Manager whether the Virtualization capability is active in the BIOS.

Open “ Performance > CPU ” and see the description at the bottom as in the following image:

check virtualization

2. Install Windows Sandbox

Open “ Turn Windows Features on or off ”, then scroll down and check the “Windows Sandbox” option as follows.

add windows sandbox

How to Use Windows Sandbox

To use Windows Sandbox as a place to test malicious applications, you can do:

  1. Copy the file you are going to test to Windows Sandbox.
  2. Install or run the file to experiment.
  3. When finished, close Windows Sandbox. You will get a notification that all changes you make will be discarded and permanently deleted.

Configure Windows Sandbox

By default, Windows Sandbox has minimal features. You can add the features you need by creating a configuration file. The Windows Sandbox configuration file is in XML format and is associated with the Sandbox via the .wsb file extension.

To activate the configuration file, you can do it by right-clicking on the configuration file, then you select ” Open with > Windows Sandbox “.

open sandbox config

The configuration you can do in Windows Sandbox

  • vGPU (virtual GPU): Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use the Windows Advanced Rasterization Platform (WARP).
  • Networking: Enable or disable access in the sandbox.
  • Mapped folders: Share folders from hosts with read or write permissions. Note that exposing the hosts' directory can allow malicious software to affect the system or steal data.
  • Logon command: Command that is executed when Windows Sandbox starts.
  • Audio input: Shares the host's microphone input to the sandbox.
  • Video input: Shares the host's input into the sandbox.
  • Protected clients: Puts the -enhanced on the RDP session to the sandbox.
  • Printer redirection: Share printer from host to sandbox.
  • redirection: Shares the host's with a sandbox so text and files can be pasted back and forth.
  • Memory in MB: The amount of memory, in megabytes, to be assigned to the sandbox.

Example Configuration:

Create a configuration file that allows Windows Sandbox to read the download from a host with “read-only” access. Copy the following code into Notepad and save it with the name “ downloads.wsb ”.

<Configuration>
  <VGpu>Disable</VGpu>
  <Networking>Disable</Networking>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Users\Public\Downloads</HostFolder>
      <SandboxFolder>C:\Users\WDAGUtilityAccount\Downloads</SandboxFolder>
      <ReadOnly>true</ReadOnly>
    </MappedFolder>
  </MappedFolders>
  <LogonCommand>
    <Command>explorer.exe C:\users\WDAGUtilityAccount\Downloads</Command>
  </LogonCommand>
</Configuration>

Latest Articles

How to Know When Your Password Was Last Changed on Windows

How to Know When Your Password Was Last Changed on Windows

One easy method to ensure the security of user accounts is to enforce policies that require periodic password changes. One way to prompt users to change their passwords is to notify them when their passwords are about to expire. While it may not always be necessary,...

17 Tips and Tricks for Customizing Windows via Registry

17 Tips and Tricks for Customizing Windows via Registry

Before you edit or modify the Windows registry, back up from that registry. Fatal errors in changing the registry can cause the operating system to not run normally. In some cases, registry damage can only be repaired by reinstalling the operating system and resulting...

Portable BloatyNosy 0.80 – Debloat and Customize Windows 11

Portable BloatyNosy 0.80 – Debloat and Customize Windows 11

BloatyNosy is a free app that lets you remove the built-in junk apps in Windows that improve your Windows performance. The application is available in portable and installer versions. If you are looking for a free Debloat tool, then you might need to try BloatyNosy...

The sequence of Windows boot processes from zero to ready

The sequence of Windows boot processes from zero to ready

Have you ever wondered how exactly the Windows boot process happens? What processes happen in the background when you press the power button until Windows is ready for you? If yes, then you are in the right place. In this article, Bardimin will explain how all these...

Redirect and Block URLs with HOSTS File on Windows

Redirect and Block URLs with HOSTS File on Windows

Redirect and Block URLs you can easily on Windows. Just by adding the IP of a website, you can redirect or block it. Of course, this is very useful to limit the access of your employees or children from accessing websites that you do not allow. Your Windows PC has...