How to Customize Windows Sandbox Configurations in Windows 10

Windows 10 May 2019 Update (version 1903) included a new feature called the Windows Sandbox. When you launch it, it will create an isolated lightweight desktop environment that is separate from your main Windows install, and allows you to safely run applications in that isolated environment.

In addition, when you leave the session or close the Sandbox window, all the software with its associated files will be permanently deleted. This means that you can run untrusted software, scripts, malicious files and adware without the fear of impacting your normal Windows installation.

What Features Make Windows 10 Pro the OS for PC Enthusiasts

This post introduces Windows Sandbox and makes a guess on how Microsoft makes Windows 10 Pro the OS for PC enthusiasts.

Read More

In order to make the Windows Sandbox environment meet the actual needs of users, Microsoft allows you to create configuration files that modify the functionality of the Sandbox. As for how to create a configuration file and then use it to launch the Windows Sandbox, please read the following content.

Guide on Creating Windows Sandbox Configuration Files

When creating Windows Sandbox configuration files, you can make as many as you want through the following steps:

Step 1: Open a text editor like Notepad.

Step 2: Enter the configuration options or directives you wish to use. Please note that the configuration file should start with the <Configuration> tag and end with </Configuration>. Between these two tags, you can add various configuration directives. The structure is shown as follows:

<Configuration>

<directive></directive>

…

</Configuration>

Step 3: Save the configuration files as .wsb files and give them descriptive names, for example, mapped-malware-folder.wsb. Through these descriptive names, you can know what tasks they perform.

Step 4: Launch the Windows Sandbox by double-clicking on a specific configuration file.

There are various configuration options that you can use in a Windows Sandbox file, please read the following content to know how to use them.

Windows Sandbox No Hypervisor Was Found – Here’s How to Fix

Is there an error showing no hypervisor was found while running Windows Sandbox in Windows 10? Don’t panic, as this post gives effective ways to fix this error.

Read More

Disable Networking

When testing a malware sample, the infection may contact a remote host or perform some other unwanted network behavior. To solve this problem, testing it in the Windows Sandbox without networking may be useful.

To disable networking, you should use the following directive:

<Networking>Disable</Networking>

To enable the Networking again, you should replace Disable with Default.

Disable the vGPU

The Windows Sandbox will use a virtual hardware GPU by default to increase performance. However, if you want to use software rendering instead, you can disable the vGPU through the following configuration directive:

<VGpu>Disable</VGpu>

If you want to enable the vGPU again, you should replace Disable with Default.

Map a Folder for Transferring Files

The Windows Sandbox allows you to map folders from your Host Windows (your normal Windows installation) so that they are accessible in the Sandbox. To do this, you just need to use the MappedFolder directive to specify the folder on the host that you wish to make accessible in the Windows Sandbox.

This directive structure is as follows:

<MappedFolder>

<HostFolder>path to the host folder</HostFolder>

<ReadOnly>value</ReadOnly>

</MappedFolder>

The ReadOnly value can be set to True or False. Value True means that files in the folder cannot be modified from the Sandbox, while the value False means that the Sandbox can modify these files.

Finally, when these folders are shared in the Sandbox, they will be located on the Desktop under the C:usersWDAGUtilityAccountDesktop folder.

LogonCommand

The Windows Sandbox also supports the ability to automatically execute a command after the Sandbox is started. To do that, you should use the <LoginCommand> directive below:

<LogonCommand>

<Command>command to be invoked</Command>

</LogonCommand>

For example, if you wanted to automatically open File Explorer after the Windows Sandbox starts, you should write explorer.exe between tag <Command> and tag </Command>.

Create a Sample Configuration File

In this section, I will create a sample to illustrate how to use these directives together. Suppose you are using the Windows Sandbox to test files stored on your Windows computer under the C:Malware-Samples folder to see whether they are malware, what configuration options or directives should you use?

First, you may be concerned that the samples may make malicious networking calls, so you want to disable networking when using them. Second, you should make the folder available to the Sandbox. Finally, you may want to make the folder open automatically when you launch the Sandbox.

To do that, you may need to create a configuration file as follows:

<Configuration>

<Networking>Disable</Networking>

<MappedFolders>

<MappedFolder>

<HostFolder>C:Malware-Samples</HostFolder>

<ReadOnly>true</ReadOnly>

</MappedFolder>

</MappedFolders>

<LogonCommand>

<Command>explorer.exe C:usersWDAGUtilityAccountDesktopMalware-Samples</Command>

</LogonCommand>

</Configuration>

How to Use Windows 10 as a Virtual Machine - A Step-by-Step Guide

How to use Windows 10 as a virtual machine? This post takes VirtualBox and VMware Workstation for example to show the detailed steps and gives some useful tips.

Read More