Create a sandbox to isolate a process on Windows 11, 10, 8.1, 8 or 7 - Windows - Tutorials

On Windows 10 and 11, Microsoft offers you a sandbox system built into Windows 10 and 11.
However, if you are still running Windows 7, 8, 8.1 or another older version of Windows, here's how to create sandboxes using third-party software : Sandboxie Plus.

Install Sandboxie Plus
Launch a program in a Sandbox using Sandboxie Plus
Sandbox content
Delete a sandbox
See the contents of the registry used by the sandbox

1. Install Sandboxie Plus

Sandboxie software exists in 2 versions : Sandboxie and Sandboxie Plus.
Both versions are free, but the "Plus" version offers more features than the other version.

Download "Sandboxie Plus" and launch the downloaded file.
The installation wizard will offer you :

Install Sandboxie-Plus on this computer : install Sandboxie Plus on your computer
Extraction all files to a directory for portable use : extract the Sandboxie Plus files to use this software in a portable version (for example : from an USB key)

Then, you can also choose to :

Create a desktop icon : create a desktop shortcut
Start when Windows starts : start Sandboxie automatically when Windows starts
Add Run Sandboxed : add a "Run Sandboxed" option in the contextual menu (right-click menu) in the file explorer to be able to launch a program directly in a Sandbox created with Sandboxie Plus.

2. Launch a program in a Sandbox using Sandboxie Plus

Once Sandboxie Plus is installed (or extracted), you will find a "DefaultBox" sandbox created by default.
To run a program in this sandbox, right-click on this "DefaultBox" sandbox and click on : Run -> Run Program.

In the "[#] Run Sandboxed - DefaultBox [#]" window that appears, click on : Browse.

Select the program you want to launch in this sandbox.
It will therefore be executed on your computer, but its execution will be isolated from the system.

For this tutorial, we are going to install the famous "Notepad++" text editor in the sandbox.

Check the "Run As UAC Administrator" box if the program to be run needs administrator rights, then click OK to launch the program in the sandbox.

A User Account Control (UAC) window appears for the "Start.exe" program (which is part of the "Sandboxie Plus" software).
Click on Yes.

When you hover your mouse over a window of a program running in a sandbox, a yellow frame will appear around the edges of the window.
In addition, you will see the "[#]" characters appear at the beginning and at the end of the name of the window concerned.

The Notepad++ installation wizard appears.

Note that you can observe the behavior of the program launched in the sandbox from the Sandboxie Plus window.

As you can see, Notepad++ is installed and by default opens its "change.log" file located in the folder : C:\Program Files (x86)\Notepad++.

3. Sandbox content

As you can see, the "notepad++.exe" process is running and it's installed in the folder "C:\Program Files (x86)\Notepad++ (if you look on the previous image).

However, if you look in the "C:\Program Files (x86)" folder of your computer, you will not find the "Notepad++" folder.

To see the content of your sandbox, right click "Explore Content" on your sandbox.

As you can see, your sandbox contains 2 folders and 2 files :

"drive" folder : contains the folders and files that the program has tried to create or modify on your partitions
"user" folder : contains the folders and files that the program has tried to create or modify in the user directories (my documents, downloads, AppData, ...) for the current user (current) and all users (all)
"DONT-USE" file : text file indicating that the current folder is a working folder created by Sandboxie
"RegHive" file : contains the data created or modified in the registry by the programs executed in the sandbox

If you go to the "drive\C\Program Files (x86)" folder, you will find the "Notepad++" folder created by the Notepad++ installation wizard that we launched in the sandbox.

This shows that the execution is isolated from the system since the program cannot create files directly in the standard folders (Program Files, Windows, ...). However, your anti-virus can still detect malicious files that the program launched in the sandbox would have created.
If you really want to completely isolate a program's execution, use virtualization software like VirtualBox, but this will require more system resources (CPU and RAM).
If necessary, follow our "Learn to virtualize machines with VirtualBox" course.

If you right click on the "notepad++.exe" file, you will see that it's located in the "C:\Sandbox\win10\DefaultBox\drive\C\Program Files (x86)\Notepad++" folder.