Home windows 10 Might 2019 Replace (model 1903) included a brand new characteristic known as the Home windows Sandbox that means that you can safely run purposes in isolation from the remainder of the working system.
If you launch the Home windows Sandbox, it would hearth up an remoted light-weight desktop surroundings that’s separate out of your important Home windows set up, and all of the software program with its related recordsdata are completely deleted if you go away the session or shut the Sandbox window..
This implies you’ll be able to run untrusted software program, scripts, malicious recordsdata and adware with out the worry of impacting your regular Home windows set up.
With a purpose to make it extra helpful for customers, Microsoft means that you can specify create configuration recordsdata that modify the performance of the Sandbox.
On this information we’ll clarify methods to create a configuration file after which use it to launch the Home windows Sandbox.
Create Home windows Sandbox configuration file (.wsb)
To create a Home windows Sandbox configuration file, you’ll use a textual content editor reminiscent of Notepad to enter the configuration choices, or directives, you want to use after which save that file with the .wsb extension.
When creating Home windows Sandbox config recordsdata, you may make as many as you need and save them beneath descriptive names in order that you understand what duties they carry out. You may then launch the Home windows Sandbox utilizing a selected configuration file by double-clicking on the .wsb configuration file.
For instance, you’ll be able to see a folder of various Home windows Sandbox configuration recordsdata under, with every performing a distinct process.
To create a Home windows Sandbox configuration recordsdata, you’ll do the next:
- Open Notepad.
- Enter your configuration choices.
- Save the file as a .wsb file.
When saving the file, you’ll be able to it any title, reminiscent of mapped-malware-folder.wsb, however it should finish with a .wsb extension.
When making a configuration file, the file should begin with the tag and finish with . Between these two tags, we’ll add our numerous configuration directives.
The next sections will introduce you to the varied configuration choices that we are able to use in a Home windows Sandbox file. Then we’ll wrap it up all collectively right into a configuration file that disables community however nonetheless means that you can switch recordsdata via a mapped folder.
Allow or disable networking
When testing a malware pattern, the an infection could contact a distant host or carry out another undesirable community conduct. Due to this fact, it could be helpful to disable networking within the Home windows Sandbox.
To do that, we use the Networking directive as proven under.
When utilizing this directive, we are able to enter two values; Disable to disable networking and Default to allow it.
Allow or disable the vGPU
The Home windows Sandbox by default will use a digital hardware GPU so as to improve efficiency.
Should you want to use software program rendering as an alternative, you’ll be able to disable the vGPU through the use of the next configuration directive.
This choices helps the Disable worth, which disables the vGPU, or Default, which allows it.
For almost all of customers, the vGPU shouldn’t be disabled as software program rendering will probably be a lot slower.
Map a folder for transferring recordsdata
The Home windows Sandbox means that you can map folders out of your Host Home windows (your regular Home windows set up) in order that they’re accessible within the Sandbox.
To do that, you want to use the MappedFolder directive to specify the folder on the host you want to make accessible within the Home windows Sandbox.
This directive is as follows:
path to the host folder
The ReadOnly worth may be set to True or False. If set to true, then recordsdata can’t be modified within the folder from the Sandbox. Should you set it to false, although, then the Sandbox can modify these recordsdata.
For example, should you wished to share the D:Packages folder with the intention to entry its contents file within the Sandbox, however not modify them, you’ll use the next directive.
When these folders are shared within the Sandbox, they are going to be positioned on the Desktop beneath the C:usersWDAGUtilityAccountDesktop folder.
It must be famous that should you map a folder from the Host to the Sandbox and set ReadOnly to false, then these recordsdata may be modified by any applications operating within the Sandbox.
The Home windows Sandbox additionally helps the flexibility to routinely execute a command when the Sandbox is began utilizing the directive.
command to be invoked
For instance, should you wished to routinely open File Explorer after the Home windows Sandbox begins, you should use the next directive.
Placing all of it along with a pattern configuration file
Now that we all know all the directives that we are able to use in a Home windows Sandbox configuration file, let’s create a pattern for example how we are able to use them.
As an instance you’re utilizing the Home windows Sandbox to check recordsdata that you simply assume could also be malware. These recordsdata are saved in your Home windows pc beneath the C:Malware-Samples folder and also you need the folder to be accessible within the Sandbox.
On the similar time, you’re involved that the samples could make malicious networking calls, so we wish to disable networking when utilizing them.
Lastly, we wish the shared Malware-Samples folder to open routinely if you launch the Sandbox.
To do that, we create the next configuration file that shares the C:Malware-Samples folder with the Sandbox, disables networking, after which routinely opens the Malware-Samples folder within the Sandbox.
As you’ll be able to see, utilizing a Home windows Sandbox configuration file makes the characteristic way more helpful and in a position to be custom-made for quite a lot of functions.
Sooner or later, we hope Microsoft continues to develop on the configuration that may be added in order that this characteristic may be much more helpful.