&logo=powershell)
Windows Sandbox profile (.wsb) that opens a fresh sandbox, sorts out proxy and TLS bootstrap, installs Eigenverft.Manifested.Package from PSGallery, and leaves you in PowerShell with Invoke-Package and the rest of the tooling surface.
- Download the profile: Eigenverft.Manifested.Sandbox.wsb (right-click the link, Save link as). To browse the file on GitHub first, open profile/Eigenverft.Manifested.Sandbox.wsb and use Raw, then save.
- Optionally edit proxy and startup values in the file (see Customize).
- Double-click the
.wsbon a PC that has Sandbox enabled. - When PowerShell opens, run what you need, for example
Get-PackageVersionandInvoke-Package -DefinitionId ....
Open the .wsb and find these four variables at the start of LogonCommand:
$dprx='http://test.corp.com:8080'
$duprx=''
$c='Get-PackageVersion'
$i='PackageManagement','PowerShellGet','Eigenverft.Manifested.Package'| Setting | Default | Purpose |
|---|---|---|
$dprx |
http://test.corp.com:8080 |
Manual proxy hint when discovery needs it |
$duprx |
'' |
Prefill proxy username |
$c |
Get-PackageVersion |
Command run in the new window after bootstrap |
$i |
PackageManagement, PowerShellGet, Eigenverft.Manifested.Package |
Modules installed from PSGallery during bootstrap |
Example post-bootstrap command:
$c='Get-PackageVersion; Invoke-Package -DefinitionId SevenZip,DotNetSdk10,NodeRuntime,CodexCli; Get-PackageState'This .wsb is a convenience profile for dev and testing, not a locked-down malware-analysis box.
You usually need some path for content in and results out: Networking, MappedFolders, ClipboardRedirection, or a mix. Networking stays on here because bootstrap, proxy setup, and package download depend on it.
MappedFolders is commented out by default. If you turn it on, use a dedicated staging folder and keep <ReadOnly>true</ReadOnly> unless you really need write-back. Writable mappings expose host files to whatever runs in the sandbox.
ClipboardRedirection, PrinterRedirection, AudioInput, VideoInput, and VGpu are optional conveniences. Turn off what you do not need. ProtectedClient is on as a small extra hardening step; it can get in the way of some host interactions.
If startup asks for a manual proxy, the resolved profile is saved here:
%LOCALAPPDATA%\Programs\ProxyAccessProfile\ProxyAccessProfile.clixml
Export-Clixml keeps the PSCredential bound to that sandbox user for the life of the VM. That helps if you restart tools inside the same sandbox. Closing the sandbox deletes the VM and the file.
Important: If you typed proxy credentials and later want to run suspicious or unknown payloads in the same sandbox, delete ProxyAccessProfile.clixml first (path above). Starting a fresh sandbox is tighter still if you no longer need the stored proxy state.
The .wsb embeds compressed Initialize-ProxyCompact and Initialize-Bootstrap. Readable source: Eigenverft.Manifested.Drydock, file Eigenverft.Manifested.Drydock.ProxyAware.ps1. Initialize-ProxyAccessProfile in that file is the long-form version of the same proxy logic. Eigenverft.Manifested.Package carries the same compact helpers for regenerating the base64 block in the .wsb; do not edit that blob by hand unless you are rebuilding it from Package.
Windows 10/11 Pro, Enterprise, Education, or similar (1903+), virtualization enabled, 4 GB RAM, 1 GB free disk, 2 CPU cores, Windows Sandbox feature enabled.
Invoke-Package, endpoints, depots, and definitions live in Eigenverft.Manifested.Package. The .wsb only installs that module inside the sandbox.
On a normal Windows machine without Sandbox:
Install-Module Eigenverft.Manifested.Package -Scope CurrentUser -Repository PSGallery
Import-Module Eigenverft.Manifested.Package
Get-PackageVersionCorporate TLS/proxy: Package README, Corporate first install.
This repo is profile-only now. The old module, CI, and bootstrappers are in archive/. PSGallery Eigenverft.Manifested.Sandbox stays published for compatibility; new work uses Package. Snapshots: src archive, workflows archive.
MIT. See LICENSE.
.wsbprofile: this repoInvoke-Package/ engine: Eigenverft.Manifested.Package