How to Safely Test Suspicious Software with Windows Sandbox

Overview

Windows Sandbox is a built‑in lightweight virtualization feature in Windows 10 and Windows 11 Pro/Enterprise (64‑bit). It creates a temporary, isolated Windows instance on each launch, runs on top of Hyper‑V, and discards all changes when the session ends.

Key technical characteristics

Full process isolation – all sandbox processes run in a separate Hyper‑V VM; they cannot affect the host OS.

Container‑style performance – the VM uses a shared kernel and a filtered driver stack, which makes start‑up and runtime overhead lower than a full VM.

Disposable environment – each launch creates a fresh Windows image; on shutdown the VM state is discarded.

No additional software download – the feature is enabled through Windows Features; the binaries are part of the OS.

Selective resource sharing – clipboard, network (NAT), and file drag‑and‑drop are automatically enabled, while device access (USB, GPU) is blocked by default.

System requirements

Windows 10 Pro/Enterprise 1511 or later, or Windows 11 Pro/Enterprise (64‑bit).

CPU with virtualization extensions (Intel VT‑x or AMD‑V) and SLAT support.

At least 4 GB RAM (8 GB recommended) and 1 GB free disk space.

Hyper‑V feature enabled (including “Virtual Machine Platform”).

Enabling the feature

Open Control Panel → Programs and Features → Turn Windows features on or off , check Windows Sandbox , and click OK.

Alternatively, enable via PowerShell:

Enable-WindowsOptionalFeature -Online -FeatureName "Containers-DisposableClientVM"

Reboot the system to apply the changes.

After reboot, launch “Windows Sandbox” from the Start menu or run WindowsSandbox.exe.

Typical usage workflow

Copy or drag the target executable/file from the host into the sandbox window.

Run the program inside the sandbox; use the shared clipboard or network as needed.

When testing is complete, close the sandbox – the VM is discarded and all changes are lost.

Common scenarios

Executing untrusted binaries or scripts without risking host infection.

Validating Windows configuration changes, group‑policy settings, or software installers.

Isolating short‑lived development or build steps.

Opening suspicious documents (e.g., Office files, PDFs) in a safe environment.

Limitations

No GPU acceleration; graphics performance is limited to software rendering.

Cannot access USB devices, external drives, or physical network adapters directly.

Only available on Pro and Enterprise editions; Home edition does not include the feature.

Conclusion

Windows Sandbox provides a quick, built‑in mechanism for creating a disposable, isolated Windows environment. It requires no third‑party software, leverages Hyper‑V for security, and is suitable for testing untrusted code, validating configurations, or performing one‑off tasks.