Windows Defender which is the built-in anti-malware tool of Microsoft Windows 10 has got an upgrade to run inside an ultra-secure sandbox environment. This is the first complete antivirus software that can run in a sandbox.
Sandboxing is a software management strategy that isolates applications from critical system resources and other programs and makes it run in a safe environment. It provides an extra layer of security that prevents any harmful applications from affecting your system. If a sandboxed application gets compromised, this technique prevents its damage from spreading outside the closed area.
Antivirus scan all parts of a computer for malicious code with high privilege and so it has become a major target for attackers. Numerous vulnerabilities were found in anti-malware tools including Windows Defender, in past years. This allowed the hackers to gain complete control of the system. This is one of the main reasons why sandboxing an antivirus tool was necessary.
When a sandbox mode is added to the Windows Defender, even if an attacker or a malicious app exploit a flaw in Defender and compromises the antivirus engine, the damage won’t be able to reach out to other parts of the system. The attack would have failed.
In their blog post Microsoft reported that “Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’ content parsers that could enable arbitrary code execution. Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm.”
Implementing sandboxing in Windows Defender was a challenge as the process had the capability to cause performance degradation and required a number of fundamental changes.
This initiative by Microsoft is however a great one which has raised the bar on security for commercial antivirus and anti-malware solutions out there.
How to Turn On Sandbox Feature in Windows Defender Antivirus
Currently, Windows Defender running on Windows 10, version 1703 (also known as the Creators Update) or later, support the sandbox feature. However it is not enabled by default, so you need to turn on the feature by running the following command on your system:
- Open Start and Search for “CMD” or “Command Prompt”
- Right Click on it and select “Run as administrator.”
- Type: “setx /M MP_FORCE_USE_SANDBOX 1” and then press ENTER
- Restart your computer.
If you want to undo this change, run the same command by replacing the “1” with a “0,” and reboot your PC once again. If you face problems while booting your PC, try booting into Safe Mode and then running the command.
Microsoft is gradually rolling out a Windows Insider preview supporting the sandboxing feature in Defender Antivirus, and the feature is expected to be available soon widely.