Configure Windows Sandbox as Virtual Machine to Test Malicious Applications

2 June 2022

Home » Blogs » Windows » Configure Windows Sandbox as Virtual Machine to Test Malicious Applications

Sandbox provides a lightweight and secure environment for running applications.

Software that you install in the Windows Sandbox environment will run separately from its host.

Sandbox is temporary, all files and applications you install will be deleted when you close it.

Minimal requirements to run Windows Sandbox

  • 10 Pro, Enterprise, or Education build 18305 or 11 ( Sandbox is not currently supported on Windows Home editions)
  • AMD64 or (on Build 22483) ARM64 architecture
  • Virtualization capability enabled in BIOS
  • At least 4 GB (8 GB recommended)
  • At least 1 GB of free disk space ( recommended)
  • At least two cores (four cores with hyperthreading recommended)
TOP TUTORIALS:  How to Clear Font Cache and Rebuild Font Cache in Windows 11
windows sandbox

Windows Sandbox Installation

1. Enable Virtualization in BIOS.

You can check in the whether the Virtualization capability is active in the BIOS.

Open “ Performance > ” and see the description at the bottom as in the following image:

check virtualization

2. Install Windows Sandbox

Open “ Turn Windows Features on or off ”, then scroll down and check the “Windows Sandbox” option as follows.

add windows sandbox

How to Use Windows Sandbox

To use Windows Sandbox as a place to test malicious applications, you can do:

  1. Copy the file you are going to test to Windows Sandbox.
  2. Install or run the file to experiment.
  3. When finished, close Windows Sandbox. You will get a notification that all changes you make will be discarded and permanently deleted.
TOP TUTORIALS:  Easy Ways to Remove OneDrive in Windows 11

Configure Windows Sandbox

By default, Windows Sandbox has minimal features. You can add the features you need by creating a configuration file. The Windows Sandbox configuration file is in XML format and is associated with the Sandbox via the .wsb file extension.

To activate the configuration file, you can do it by right-clicking on the configuration file, then you select ” Open with > Windows Sandbox “.

open sandbox config

The configuration you can do in Windows Sandbox

  • vGPU (virtual ): Enable or disable the virtualized . If vGPU is disabled, the sandbox will use the Windows Advanced Rasterization Platform (WARP).
  • Networking: Enable or disable access in the sandbox.
  • Mapped folders: Share folders from hosts with read or write permissions. Note that exposing the hosts’ directory can allow malicious software to affect the system or steal data.
  • Logon command: Command that is executed when Windows Sandbox starts.
  • Audio input: Shares the host’s microphone input to the sandbox.
  • Video input: Shares the host’s webcam input into the sandbox.
  • Protected clients: Puts the security-enhanced settings on the session to the sandbox.
  • Printer redirection: Share printer from host to sandbox.
  • redirection: Shares the host’s with a sandbox so text and files can be pasted back and forth.
  • Memory in MB: The amount of memory, in megabytes, to be assigned to the sandbox.
TOP TUTORIALS:  How to switch to Classic Context Menu Windows 11

Example Configuration:

Create a configuration file that allows Windows Sandbox to read the download folder from a host with “read-only” access. Copy the following code into Notepad and save it with the name “ downloads.wsb ”.

    explorer.exe C:\users\WDAGUtilityAccount\Downloads


Submit a Comment