Run untrusted content safely with Windows Sandbox
Published May 14 2024 12:10 PM 6,737 Views

As a developer, your work often involves experimenting with various libraries, frameworks, tools and sometimes testing unknown files or executables. But let's face it – accessing unfamiliar files or repos can sometimes feel like tiptoeing through a minefield. You do not know if they are safe or potential malware. What if I told you there's a way to explore new files without risking your host OS!

 

Windows Sandbox (WSB) provides a lightweight desktop environment to safely run applications in isolation from the host OS. Think of it as your digital playground – a safe, isolated environment where you can test and debug apps, explore unknown files, or experiment with tools without risking your host OS. A Windows Sandbox is disposable. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application.

 

How can you view or run untrusted content using Windows Sandbox?

 

  1. First, refer to the instructions provided in our documentation to determine if your device meets the requirements and learn how to install Windows Sandbox.

 

  1. There are multiple ways to share files between the host and the sandbox:
    • Option A - Drag and Drop files: Launch 'Windows Sandbox' by locating and selecting 'Windows Sandbox' on the Start menu or searching for 'Windows Sandbox'. With Clipboard redirection enabled by default, you can easily copy files from the host and paste them into the Windows Sandbox window. This is the simplest way to view your untrusted files and apps in your sandbox. This approach makes a copy within Sandbox, which can take a while depending on the size of the folder.
    • Option B - Map Folders before launching Sandbox: Create a folder, say 'sandbox-assets', on your host OS containing all files to be tested or viewed in Windows Sandbox. Any files or tools that you will need in the sandbox will need to be placed in this folder before launching the sandbox. You will then use a configuration file to map the 'sandbox-assets' folder your host to the 'sandbox-assets' folder in the sandbox.
    • The configuration file below shows how to share a folder from the host desktop to the sandbox desktop. In this example the file is shared with read-only permissions. Windows Sandbox will not be able to write to the folder, providing an additional layer of security.
<Configuration>
<MappedFolders>
   <MappedFolder>
     <HostFolder>%USERPROFILE%\Desktop\sandbox-assets</HostFolder>
<SandboxFolder>%USERPROFILE%\Desktop\sandbox-assets</SandboxFolder> <ReadOnly>true</ReadOnly> </MappedFolder> </MappedFolders> </Configuration>

Save the config file with a .wsb extension. To use the configuration file, double-click it to launch your custom configured Windows Sandbox. This should launch a sandbox with the folder 'sandbox-assets' with read-only access on the desktop with all the files you pasted.

 

Kavya_Nagalakunta_2-1715712902476.png

 

  1. When you're finished experimenting, close the sandbox. A dialog box will prompt you to confirm the deletion of all sandbox content. Select "Ok" to confirm.

 

Learn more about Windows Sandbox and provide feedback

  • To learn more about Windows Sandbox and its functionality, check out our documentation.
  • Checkout our Windows Sandbox GitHub repo to share your projects that leverage Windows Sandbox, file feature requests or report issues.
  • You can also file a bug in Feedback Hub. There is a dedicated option in Feedback Hub to file "Windows Sandbox" bugs and feedback. It is located under "Security and Privacy" subcategory "Windows Sandbox".

 

We look forward to you using this feature and receiving your feedback!

2 Comments
Co-Authors
Version history
Last update:
‎May 14 2024 12:10 PM
Updated by: