• $ USD
  • € EUR

How to Bury Risk in the Sand? Configure Windows Sandbox for malware analysis

In life, there are some risks worth taking, but running a suspicious app on your computer is not one of them. Recognizing this, Microsoft created Windows Sandbox to allow users to safely execute potentially hazardous software that they have downloaded without any lasting impact on their PC.

Half app, half virtual machine, Windows Sandbox creates an isolated, temporary desktop environment in which “sandboxed” software can run separately from the host machine. Because the sandbox is temporary, all the software and files and the state are deleted when the sandbox is closed.

The environment is secured using hardware-based virtualization for kernel isolation, which relies on Microsoft’s hypervisor to run a separate kernel that isolates Windows Sandbox from the host. For optimal efficiency, Windows Sandbox uses integrated kernel scheduler, smart memory management and virtual GPU.

Windows Sandbox is useful when you are in a situation which requires a clean installation of Windows, but don’t want to set up a virtual machine. It’s also a handy tool to pull out of the box when you want to test some legitimate software but have concerns about its compatibility with your other applications.

Using a sandbox can protect your machine from malware. If you were to run a piece of ransomware in a sandbox, the files inside the sandbox would probably be encrypted but your primary operating system would remain untouched.

But while malware executed within the sandbox cannot directly access the drives of the primary operating system, it can still communicate with other devices on your network. Because of this, Windows Sandbox is unable to provide network-level isolation.

When correctly configured, the Windows Sandbox on Windows 10 PRO or Windows 10 Enterprise (versions 19.04 or later) can be used  to analyze malware. But only if the CPU virtualization is enabled in your computer’s BIOS.

Watch the full video to find out how to correctly install and configure Windows Sandbox.

Ready to take really advanced action? First, take the pentesting training with Paula J.

Founder & CEO, Microsoft Regional Director, MVP, MCT

Paula is a world-class Cybersecurity Expert with over 19 years of experience in the field. She is often a top-rated speaker at the world biggest conferences as her unique stage presence is always well-received among diverse audiences. To top it all, she has the access to the source code of Windows!

All articles by Paula

You may also be interested in:

How can we help you?

Suggested searches

    Search history

      Popular searches:

      Not sure what course to look for?

      Mobile Newsletter Form