Running Windows Sandbox in a VM

The feature Sandbox available in Windows 10 preview version is very intersting for us who uses a web browsing VM.

The Sandbox feature or disposable VM is a Windows 10 container running on your Windows laptop and gives you the opportunity to launch a temporarily VM if you want to test something or just use it to browse internet to avoid infecting your machine (see the “note” later in this post because bad things can still happen) .

When you close the application all files are removed and possible malware will die.

sandbox-disposable

You might want to test the feature on a VM, which will basically be running VM on a VM (nested).

If you open features you will see that the feature is grayed out and you won’t be able to enable it that way however you can enable the service with DISM.

But when you launch Sandbox it will complain.

To solve this you have to make a change on the VM CPU where you want to run Sandbox.

The only thing you have to do is enabling “Expose Virtualization Extensions”

Set-VMProcessor -VMName Windows10Prev -ExposeVirtualizationExtensions $true
powershell set exposevirtualizationextensions to true

On the VM side

Enable the feature using GUI or PowerShell and restart.

dism /online /enable-feature Containers-DisposableClientVM


Launch Sandbox app

windows 10 disposable vm

This feature is perfect instead of using and manage a VM for this kind of work.

Launch Sandbox as any other applications

Note: You will still have access to resources on the network. Therefore malware can still execute and do bad things. But they will not survive a reboot of the Sandbox but they might have already replicate themselves to another system.
You can reach other systems via RDP.
If you have your host enrolled to WD ATP, and you isolate the host, the Sandbox will still be available

The AV Engine doesn’t seem to be running either

But regardless of the “Note” it’s still a very interresting feature and it will help a lot

When you exit the application you will be prompted that all data will be lost

sandbox exit





Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.