Virtualization Windows Windows Server

Use Windows Sandbox as a security feature in Windows


Windows Sandbox is a useful and important feature that can help you to test an application in an isolated environment without touching the host OS or configuring a VM for a Sandbox. The only disadvantage with Windows Sandbox VM is that its previous state does not survive a reboot and which means it cannot be used for the installation of some software that needed a reboot to complete installation. Make the software or website available for testing in the Sandbox by opening it directly in the Windows Sandbox and once the Sandbox is closed everything is lost and you have to start all over again. In this article, I will be showing you how to use Windows Sandbox as a security feature in Windows 10 and 11.

You may want to know How to Configure Windows Sandbox and if you want to read more on virtual environments then read these: 3 Ways to Convert VMware VMs to Hyper-V, How to install Oracle VirtualBox on a Mac device, How to set up a VM via PXE boot on a Generation 1 VM, Enable HyperV on Windows: How to install Windows 11 on HyperV

Windows Sandbox as a security feature

The Windows Sandbox relies on the host environment for many things like using the same internet and also having the same default Microsoft Edge internet browser. A sandbox is temporary. That is, when it’s closed, all the software and files and the state are deleted. Every time, a new instance of sandbox is launched.

Software and applications installed on the host aren’t directly available in the sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the OS (environment).

Launch the OpenPhis Webpage

We shall be opening a URL from the website OpenPhish which contains Phishing websites.


To confirm they are truly phishing websites, I will open one of the websites on my two systems that are protected with Bitdefender and TrendMicro respectively and we will see the response on this website.

Please see How to Improve Website Response Using Traffic Manager, how to fix Error: Response code 50, LDAP insufficient access, how to fix Error: Response code 50, LDAP insufficient access, How to enable or disable Windows Defender Credential Guard. lastly, see how to fix “The executor requires OSType=windows, but Docker Engine supports only OSType=linux“.

View BitDefender Response

1: This is a system protected by Bitdefender and the response.


View TrendMicro Response

2. This is a system protected by TrendMicro and the response


3. But we may want to check what exactly is on the website. The best place to do that is on Windows Sandbox. This is isolated from the host OS.

The image below shows the phishing website. Whatever you do on this website in this Windows Sandbox will not have any effect on your host environment.


Let us assume you don’t have a BitDefender or TrendMicro installed on your system. You need to protect your system from being infected, this is where Windows Sandbox will come into play.

4. I will be downloading a malicious software from this Website and installing it on the Windows Sandbox. It makes sense to know that you will be notified that the file is malicious and can decide if you want to go ahead with the installation. You will not be afraid to install this file simply because you are in a Sandbox environment.

To make use of this Windows Sandbox to test an application. You are not sure of the performance and effect on your Windows Operating System. So the best thing to do is to isolate the installation using Windows Sandbox.


Here is a YouTube video demonstrating how to test the authenticity of websites and applications.

I hope you found this blog post on how to use Windows Sandbox as a security feature in Windows interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x