Microsoft Made Windows Sandbox for Running Risky Executables

Microsoft shipped Windows 10 with a number of protection mechanisms built in such as Windows Defender and SmartScreen. But if there's an executable you need to run and are a little suspicious of what it will do, beyond relying on a security suite, there's no way to run it in isolation without first installing a virtual machine. That's changing, though.

This week Microsoft announced a new Windows feature called Windows Sandbox. Microsoft describes it as a "lightweight desktop environment tailored for safely running applications in isolation." It basically does the job of a virtual machine, but is a default part of Windows 10. However, it will only be made available to users running Windows 10 Pro or Enterprise editions, which is a shame.

Sandbox is a virtual machine, but it doesn't require a separate operating system be installed to use it. Microsoft uses the existing copy of Windows 10 already installed and creates a new lightweight version of it running in isolation. Microsoft calls this a "dynamic base image" and it only requires 100MB of storage space to work. The Sandbox version of Windows is a self-contained unit, so anything that runs inside it can't impact your desktop or laptop, which means if an executable is malicious it's trapped. When Sandbox is closed, the isolated instance of Windows is wiped and a fresh one created next time you use it.

This is a great new feature for Windows, and one that could benefit all users, but for some reason Microsoft saw fit to restrict its availability to the more expensive versions of Windows 10. Why not let Home users have access to it if they have a PC powerful enough? It would certainly be a marketing win for Microsoft as well as allowing all Windows 10 users to more easily avoid having their machines infected with a virus or some other nasty forms of malware.

If you do run Windows 10 Pro or Enterprise, expect Sandbox to become available with build 18305 or newer. Running it requires virtualization capabilities be enabled in your PC's BIOS, that the system has at least 4GB of RAM (8GB recommended), 1GB of free storage space, and at least two CPU cores (4 with hyperthreading recommended).

This article originally appeared on