This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.


This Article Applies to:

  • Avast Business Hub


Sandbox is a virtualization tool in Avast Business Antivirus that allows you to browse the web or run applications in a virtual, safe environment that is completely isolated from the rest of your PC's system. This feature is useful when you want to run suspicious or untrusted applications without risk.

When you run an application in Sandbox, all necessary files are always copied to Sandbox storage where they can be modified as needed without affecting the original files. Any new files created during virtualization are also saved to Sandbox storage. Sandbox storage is a file space completely isolated from the rest of your system and other Sandboxes. By default, Sandbox storage is created in the same drive as the original file.

Sandbox is not available for macOS devices.


To access Sandbox settings:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Click the Settings tab, then Antivirus
  4. Expand the Sandbox section

The available configuration options will be split into five tabs:

  • Sandbox storage
  • Web browsers
  • Virtualized processes
  • Privacy
  • Internet access

Sandbox Storage Tab

Within this tab, you can specify where Sandbox storage is created, choosing either the same drive as the modified file or a different location.

Web Browsers Tab

The settings available here are designed to improve the sandboxed browser's performance. You can:

  • Choose whether trusted downloaded files will be saved outside of Sandbox
  • Exclude certain browser features from virtualization so that they are not deleted after closing Sandbox
  • Cache virtualized files for web browsers only, and delete all other virtualized files

Exclusions can be applied to browser bookmarks, history, and/or cookies. If you, for example, exclude browsing history from virtualization, it will remain available when the browser is opened outside of Sandbox.

If you enable maintenance (caching only browser files), you will have the additional option to schedule automatic Sandbox storage cleanup.

Virtualized Processes Tab

In this section, you can set up a list of applications and/or folders that will automatically run in Sandbox.

To add apps or folders to the list:

  1. Click + Add process name to add the app path(s)or + Add folder name to add the folder path(s)
    • When a folder path is added, every app opened from that folder will be sandboxed.
  2. In the dialog, enter the path(s), then click Add process name/Add folder name

Privacy Tab

Within this tab, you can specify which locations can or cannot be accessed by virtualized applications. You can select from the listed preset locations or specify the locations manually. This provides an additional layer of protection, as the selected locations will be completely invisible to virtualized apps.

To add custom locations to the list:

  1. Click + Add location
  2. Enter the path(s)
  3. Choose whether the access to the location will be allowed or blocked
  4. Click Add location

Internet Access Tab

Here, you can specify whether to allow all/specific virtualized apps to access the internet or block internet access for all virtualized applications.

To allow internet access to specified apps only:

  1. Click + Add application
  2. Enter the app path(s)
  3. Click Add application

Ticking the Web browsers checkbox above the list will allow browser apps to access the internet.

Adding Sandbox Exclusions

If needed, you can add Sandbox exclusions through the Antivirus exclusions settings of a selected policy's Exclusions tab. These exclusions will only apply when Sandbox is used to virtualize potentially infected files, and will ensure the specified locations are not brought into the virtualized environment.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.

Overriding Policy Settings

Via the Services tab of a device, you can override its policy configuration for Sandbox by ticking the Manually customize settings inherited from policy checkbox under Antivirus and then toggling the component on/off.

To learn more about policy overrides, see Overriding Inherited Policy Settings.