Repackaging in Windows Sandbox

The program allows you to use Windows Sandbox environment to perform monitoring. Sandbox is a lightweight Windows desktop environment to run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.

Windows Sandbox provides a clean environment for monitoring that follows the repackaging best practices. Sandbox has the following features:

  • Is a part of Windows. Sandbox is a Windows feature available starting from Windows 10 and above.
  • Clean environment. Every time Sandbox is started, it runs a clean, brand-new Windows installation.
  • Isolation. Sandbox uses virtualization, so all changes made in Sandbox are isolated from the host that runs Sandbox.
  • Automatic cleanup. When you close Sandbox, all changes made in Sandbox are discarded.

How to Enable Sandbox

A machine running Sandbox should meet the following requirements:

  • Run Windows 10 build 18305 or later Windows versions. Sandbox isn’t available on the Windows Home edition.
  • A machine should have AMD64 or ARM64 architecture.
  • A machine should have enabled hardware virtualization capabilities.
  • 4GB of RAM minimum.
  • 1GB of free disk space.
  • 2 CPU cores minimum.

To enable Sandbox you need to enable hardware virtualization capabilities in BIOS settings. After enabling virtualization you need to open Windows Program and Features and click Turn Windows features on or off. In the list of features you need to find and enable Windows Sandbox and reboot the machine.

Sandbox Usage

When you use Sandbox for monitoring the program runs Sandbox automatically, copies the specified installation file to Sandbox to repackage it there. You need to open Sandbox and follow installation steps there. At the end of installation the program extracts monitoring results from Sandbox and generates a package.

Sandbox environment isn’t an identical analog of the regular OS. Some Windows features aren’t available in Sandbox and it may influence software installations. Some installations fail to deploy in Sandbox, so that they cannot be repackaged in Sandbox environment. If a repackaged installation cannot be deployed in Sandbox, you can try to repackage it on a virtual machine, for example.

Using Sandbox for monitoring is a good option because you don’t need to prepare environment, it provides a clean environment out of the box, but Sandbox has functional limitations and some installations fail to deploy in Sandbox. Using a virtual machine for repackaging is an alternative option that doesn’t have Sandbox limitations, but allows using clean environment quickly and easily. This option is described in the next chapter.