Enable : Windows 11 Sandbox

If you happen to have windows 11 installed, then you can use the new Windows Sandbox Mode, This is a safe environment that essentially starts a virtual machine in Windows 11, where you can play around with settings and suspicious executable to see what they do.

The purpose of a sandbox is that if you execute data or content in that sandbox, it doesn’t affect the host which in this case is your windows 11 installation, this will therefore essentially work like a hypervisor running on top of Windows.

Check virtualization on CPU

First, you need to check that your CPU supports virtualization, and that is in enabled in the BIOS The quickest way to do this is start task manager, and then once they click on the performance icon the choose the CPU and ensure that "Virtulisation" is  enabled as below:

Start Powershell in evelated mode

Yes, you will need to start powershell in administator mode, to complete search for it off the start menu, then right click the icon and choose run as administrator as below:

Install Windows Sandbox

Once you have your Powershell as an admin then you need to enter  the following command:

Enable-WindowsOptionalFeature -Online -FeatureName "Containers-DisposableClientVM" -All

That should look like this:

This will then being the install as you an see below, this will take a moment....

Once completed you will need to restart your device for this to work as this, like many things, requires a reboot.

Reboot : Windows Components Update

When you reboot Windows you will first get it updating components on the way down that includes the Windows Sandbox components, then once it reboots it will configure the service on the way back up, this does not take long.

Windows Sandbox

Once you have logged into Windows 11 after the restart, from the start menu search for Windows Sandbox, you should now see an entry for that like this, you have the option of running it from the side bar or the main menu, here you will see the optionf for "open" and "run as administrator"

Give this a moment to start and you will see this rather boring splash screen:

Then you it starts you will get a desktop in a deskop, you can see the Sandbox as I have changed the wallapaper and enabled dark mode to make it stand out more:

When you exit the Sandbox you get a message to tell you all data will be lost as you would expect, however notice that the wallpaper is back to the normal wallpaper....

Isolated Disk from my System Disk?

Yes, this disk is isolated from the main drive as you an see my Window 11 intallation is 240gb in size and as you can see the Sandbox is 40gb which means I would imagine it will be using a VHD that will be mounted for this purpose.

What about Networking in the Sandbox?

Well if this was a Sandbox then it would make sense not to have networking enabled or give you a private address that cannot talk the internet, so lets confirm that with Powershell an ipconfig:

Can I copy files to and from Sandbox?

Well with a drag and drop now you cannot, it does not let you, but if you use Ctrl+C then click in the sandbox window and press Ctrl+V you can indeed copy files between the two which means you still need to be careful.....

Host file came from Host machine (which is now on the Sandbox)
Sandbox file came from the Sandbox machine (which is now on the host)

The image below shows this as an example:

Exercise caution in Commands

This means if you have malware for example that is zipped up and password proctected so its not going anywhere and you copy this from the host machine to the sandbox machine, then for testing in the Sandbox you unzip the file, all is good you are in the sanbox right?

Well yes you are, but the problem is has you can copy files ot the Host if you Ctrl+V with the host window selected these files will be copied to the host, which is the device on your network, which could be the problem.

Handy idea, be careful when using Sandbox

While, yes this is a good idea, it is not a good idea that is is very easy to copy potentially infected and malicious files to your host OS with the wrong key combination in the wrong window.