Microsoft Windows Defender Antivirus can now run in a sandbox

Windows originally integrated anti-virus security software, it is very tasteless, but after years of evolution, Windows Defender Antivirus is very mature now, functional features and security protection are in place, in the top of many authoritative evaluations.

For some time, the Microsoft has been working to run its own anti-virus software Windows Defender in a sandbox. Basically, this is not a straightforward process, because programs in a sandbox can use many functions of the computer only with great restrictions. Nevertheless, Microsoft has now announced that the Defender is now equipped with a sandbox mode.

Windows Defender is a security software deeply integrated into the system. Its permissions are very high, and it can reach the bottom of the system.

Sandboxing is a practice of running applications in a restricted security environment that restricts code access granted to applications.

After Windows Defender is placed in the sandbox, it can create an “isolated” environment. Even if the malware can attack Windows Defender, it will not be able to obtain advanced system privileges or steal sensitive information.

To achieve this goal, Microsoft has separated the antivirus program into two components. In addition to the “MsMpEng.exe”, which still needs many permissions for the real-time backup of the computer, there is the process “MsMpEngCP.exe”, which is responsible for scanning and represents the new sandbox.

Although the success has just been released, activation of a sandbox option should have already worked with Windows 10 version 1703. In the latest insider preview, the mode is tested and turned on without any action by the user.

In addition, Windows Defender ATP (Advanced Threat Protection) is also being integrated into Microsoft 365 to form a complete Microsoft Threat Protection.

Moreover, all non-Insider users can manually enable Sandbox Mode. First, the PowerShell must be started with admin rights. Subsequently, the command “setx / M MP_FORCE_USE_SANDBOX 1” should be sent. At the end of the process, a reboot of the computer is necessary.

Of course, it is possible to disable the option again. For this, the same command must be executed with the digit “0” at the end. With the next major Windows 10 update expected in spring 2019, the Defender sandbox is expected to be automatically available to all users of the operating system.