Windows Defender can protect itself from attacks using its own sandbox. Here’re the steps to allow Windows Defender sandbox in Windows 10.
Windows Defender are now able to run inside a sandbox providing you with better security and reliability. Actually, Windows Defender is the first antivirus to operate in a sandboxed environment. However, you have to manually let the Windows Defender sandbox feature.
Steps to Enable Windows Defender Sandbox in Windows 10
These are the steps to show on Windows Defender sandbox in Windows 10.
Open the Start menu.
Search for “cmd”.
Right-click on “Command Prompt” and choose the “Run as administrator” option.
In the Command Prompt, copy and paste the below command and press “Enter”.
setx /M MP_FORCE_USE_SANDBOX 1
As soon as you execute the command, Windows can make the required changes. If the process is really a success you will notice the “SUCCESS: Specified value was saved” message.
Verify Windows Defender Sandbox Status
As the command prompt doesn’t give any sensible message to show you when the Windows Defender is running in a sandbox, we are going to use Process Explorer, a portable application from Microsoft. You can imagine Process Explorer as Task Manager on steroids.
Download Process Explorer and open it up. Check out the process list you should see MsMpEngCP.exe running alongside the MsMpEng.exe antimalware service process.
Disable Defender Sandbox
As mentioned before, the Windows Defender secure sandbox is really a new feature that’s still in testing. So, in case your product is behaving oddly after enabling the Secure Sandbox then you need to probably disable it for the moment.
To disable Windows Defender sandbox, all you need to do is execute the below command and restart the body. Within the command, all we did is replace 1 within the above command with 0.
setx /M MP_FORCE_USE_SANDBOX 0
Windows Defender Can Now Run Inside a Sandbox, But Why?
Becoming an antivirus, Windows Defender must run using the highest privileges to scan, detect, and take away all infections. Windows Defender has its own user account in Windows 10.
Given that Windows defender runs with the maximum permissions, some clever attacker can craft malware that can compromise Windows Defender and infect the machine. Since Windows Defender has got the highest privileges, the attack surface would be bigger and worse.
By running Windows Defender inside a sandbox, even if the Windows Defender is compromised or includes a bug inside it, the malware couldn’t affect the system. It stays within the sandbox. The best thing is, according to Microsoft, the Windows Defender secure sandbox feature is implemented with no performance drop or loss.