[Oct 30, 2018]
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.
Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area.
Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers.
The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system.
That’s why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an attacker or a malicious app exploiting a flaw in Defender compromises the antivirus engine, the damage can’t reach out to other parts of the system.
Cyber Security Tips:
How to Turn On Sandbox Feature in Windows Defender Antivirus
– For now, Windows Defender running on Windows 10, version 1703 (also known as the Creators Update) or later, support the sandbox feature, which is not enabled by default, but you can turn the feature on by running following command on your system:
- Open Start and Search for “CMD” or “Command Prompt”
- Right Click on it and select “Run as administrator.”
- Type: “setx /M MP_FORCE_USE_SANDBOX 1” and then press ENTER
- Then restart your computer, that’s it.
– Microsoft is gradually rolling out a Windows Insider preview supporting the sandboxing feature in Defender Antivirus, and the feature will soon become widely available, though it is not sure when this will happen.