How to Bury Risk in the Sand? Configure Windows Sandbox for malware analysis

In life, there are some risks worth taking, but running a suspicious app on your computer is not one of them. Recognizing this, Microsoft created Windows Sandbox to allow users to safely execute potentially hazardous software that they have downloaded without any lasting impact on their PC.

Half app, half virtual machine, Windows Sandbox creates an isolated, temporary desktop environment in which “sandboxed” software can run separately from the host machine. Because the sandbox is temporary, all the software and files and the state are deleted when the sandbox is closed.

The environment is secured using hardware-based virtualization for kernel isolation, which relies on Microsoft’s hypervisor to run a separate kernel that isolates Windows Sandbox from the host. For optimal efficiency, Windows Sandbox uses integrated kernel scheduler, smart memory management and virtual GPU.

Windows Sandbox is useful when you are in a situation which requires a clean installation of Windows, but don’t want to set up a virtual machine. It’s also a handy tool to pull out of the box when you want to test some legitimate software but have concerns about its compatibility with your other applications.

Using a sandbox can protect your machine from malware. If you were to run a piece of ransomware in a sandbox, the files inside the sandbox would probably be encrypted but your primary operating system would remain untouched.

But while malware executed within the sandbox cannot directly access the drives of the primary operating system, it can still communicate with other devices on your network. Because of this, Windows Sandbox is unable to provide network-level isolation.

When correctly configured, the Windows Sandbox on Windows 10 PRO or Windows 10 Enterprise (versions 19.04 or later) can be used  to analyze malware. But only if the CPU virtualization is enabled in your computer’s BIOS.

Watch the full video to find out how to correctly install and configure Windows Sandbox.

Want to get advanced in cybersecurity? We’re about to start the course which is all about teaching skills relevant to the current cybersecurity threat landscape. Stay on top of the security game and check the current discount here.

30-day Windows Security Crash Course