Using Windows Sandbox to examine suspected links

IT admins might encounter from time to time an email that is suspected to be a phishing email and contains links to unfamiliar web pages and URLs, or contains suspicious attachments.

In these situations, it is better to use a secure environment where you can navigate to a link or open a file without the risk of contaminating your own device with a malware which might reside on the target website or the suspected file itself.

We suggest to use Microsoft Sandbox as a secure virtualized tool to run inquiries of suspicious links and files:

  • Follow Microsoft guidelines to install Microsoft Sandbox.
  • Copy-paste any suspicious URLs into the Edge browser embedded in the sandbox and navigate to them there.
    Potentially further investigate the page using the browser's Inspect context menu option.
  • Copy-paste any suspicious attachment into the Sandbox desktop and open it there.
  • Be careful not to mix the environments and remember to shut down the sandbox after the inspection.

Warning: inspection in a sandbox is a good tool to get more info on a suspicious URL and/or file, but be aware it is not a 100% guarantee to detect malicious malware as some malware will avoid running and stay inactive while in a virtual environment.

0 out of 0 found this helpful



Article is closed for comments.