The question is a bit confusing, but I will do my best to answer.
Executing any untrusted code in privileged mode is unlikely to be “safe” in the sense that most people understand this. However, you guessed it right, you can use something like a virtual machine to mitigate the actions that an untrusted process can take in this environment. This is the principle on which modern "hypervisors" work - access to hardware (or memory) is carried out using some "software or hardware" monitor.
However, if you take this approach, most likely, a formal check of the virtual machine is very desirable. Otherwise, it seems likely that the malware might find a way to escape from the virtual machine or force the virtual machine to behave in undesirable ways.
, , . ( ), .