The feature Sandbox available in Windows 10 preview version is very intersting for us who uses a web browsing VM.
The Sandbox feature or disposable VM is a Windows 10 container running on your Windows laptop and gives you the opportunity to launch a temporarily VM if you want to test something or just use it to browse internet to avoid infecting your machine (see the “note” later in this post because bad things can still happen) .
When you close the application all files are removed and possible malware will die.
You might want to test the feature on a VM, which will basically be running VM on a VM (nested).
If you open features you will see that the feature is grayed out and you won’t be able to enable it that way however you can enable the service with DISM.
But when you launch Sandbox it will complain.
To solve this you have to make a change on the VM CPU where you want to run Sandbox.
The only thing you have to do is enabling “Expose Virtualization Extensions”
Set-VMProcessor -VMName Windows10Prev -ExposeVirtualizationExtensions $true
On the VM side
Enable the feature using GUI or PowerShell and restart.
dism /online /enable-feature Containers-DisposableClientVM
Launch Sandbox app
This feature is perfect instead of using and manage a VM for this kind of work.
Launch Sandbox as any other applications
Note: You will still have access to resources on the network. Therefore malware can still execute and do bad things. But they will not survive a reboot of the Sandbox but they might have already replicate themselves to another system.
You can reach other systems via RDP.
If you have your host enrolled to WD ATP, and you isolate the host, the Sandbox will still be available
The AV Engine doesn’t seem to be running either
But regardless of the “Note” it’s still a very interresting feature and it will help a lot
When you exit the application you will be prompted that all data will be lost
