Windows Defender Antivirus gets sandbox function

Windows Defender Antivirus protects Windows 10 computers from malware. In the future, Microsoft also wants to better protect the antivirus software itself.

Windows Defender Antivirus is the antivirus software that Microsoft ships with Windows 10. In order to do its job and fight malware, the security software has relatively high permissions. This in turn makes them a potential target for attacks and thus a risk. Microsoft now wants to counteract this by making the Windows Defender antivirus run in a sandbox in the future.

In the future, if you check your Windows 10 system for malware with Windows Defender Antivirus, the program should run in an environment isolated from the actual system. Previously, vulnerabilities in antivirus software could theoretically have been used to arbitrarily execute code. Although this has not yet been observed, reports about security vulnerabilities have always been responded to quickly and all problems have been fixed.

With the new sandbox function, such attacks when scanning files should now be limited to the isolated environment, explains the Windows Defender team in the Microsoft Secure Blog. A spillover to the Windows system is not possible. This makes Windows Defender Antivirus the first complete antivirus solution with these sandbox functions.

The step is a direct response to feedback from the security industry and security researchers. To ship Windows Defender Antivirus into a sandbox environment was very complex. Because the functionality or performance should not suffer from the increased security either.

Manual activation possible

Microsoft wants to roll out the new functionality to Windows Insiders first in order to gather feedback for further refinement. If you enjoy trying it out, you can also manually activate the sandbox mode for your Windows Defender antivirus. For this purpose, a system variable must be converted in the command line (cmd.exe) with admin rights using the command “setx /M MP_FORCE_USE_SANDBOX 1”. Prerequisite for this is Windows 10 version 1703 or later.