Tallan Blog

Tallan’s Experts Share Their Knowledge on Technology, Trends and Solutions to Business Challenges

Testing Suspicious emails using Windows Sandbox

Co-workers often forward me emails when they are unsure if it is a valid email or something malicious. As one of the IT managers, I need to evaluate these emails in a safe environment. The tool I use for this is Windows Sandbox.

Windows Sandbox was added as a feature to Windows 10 with the May 2019 Update (version 1903). Every time you start Sandbox, it creates a Virtual Machine with a clean install of Windows 10. When you shut it down, the image is erased. This makes it an ideal environment for testing untrusted applications, links, and emails.

To enable Windows Sandbox, first make sure you have the minimum requirements:

  • Windows 10 Pro or Enterprise, version 1903.
  • Hardware virtualization enabled in your BIOS
  • At least 2 CPU cores
  • 4 GB of memory
  • 1 GB of available disk space

Once the minimum requirements are met, click Start, then find ‘Turn Windows Features On or Off”. Select the Windows Sandbox feature and click Ok. Reboot when prompted.

Windows Features

To use Windows Sandbox, click Start, search for the Windows Sandbox icon and click on it. A new VM will start. Depending on your hardware, it will take between a few seconds and a minute or two.

Windows Sandbox Icon

For testing emails, I use the included Microsoft Edge browser to open Outlook Web Access. Then I can access the questionable email and evaluate it. If there’s a link involved, I can open the link without fear of lasting virus infections. In many cases, they are phishing emails that lead to fake login screens. Once I see such a login screen, I can confirm that the email is not legitimate and let the end-user know. Make sure not to enter any credentials beyond your initial OWAW login.

You can also copy & paste files (but not drag/drop) from your physical machine into the Sandbox VM. This makes it easy to test questionable software applications. You could even install your preferred anti-virus application in the Sandbox for testing websites or applications.

Once you are done testing within the VM, click the top right X to close it. Lastly, click Ok in the confirmation window, and the VM will be permanently erased.

Close Windows Sandbox


Learn more about Tallan or see us in person at one of our many Events!

Share this post:

No comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

\\\