Windows Defender Antivirus becomes the first complete antivirus solution to run in a sandbox to provide you better security

Mady Marinescu, from the Windows Defender Engineering team, in an official blog post announced that the Windows Defender Antivirus can now run in a sandbox to provide you extra security layer. With this development, its the first Antivirus solution which can run in a sandbox.

To know more about this capability and to learn how to enable this feature in Windows 10, continue reading this post.

Why to run Windows Defender in a sandbox?

Sandbox is a security mechanism for separating running programs to prevent bugs and exploit code from spreading from one process to the other. Security Researchers had identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus content parser that could enable arbitrary code execution. That was the reason to make it more secure from the attackers to prevent execution of vulnerable code.

Running the Windows Defender Antivirus inside a secure sandbox ensures that the malicious executions become limited to an isolated environment in case of a compromise. This new capability will ensure that the rest of the system stays protected from harm in an unlikely event.

According to Microsoft:

Putting Windows Defender Antivirus in a restrictive process execution environment is a direct result of feedback that we received from the security industry and the research community. It was a complex undertaking: we had to carefully study the implications of such an enhancement on performance and functionality. More importantly, we had to identify high-risk areas and make sure that sandboxing did not adversely affect the level of security we have been providing.

How to enable Windows Defender to run in a sandbox?

Microsoft is now in the process to enable this capability of Windows Defender Antivirus to the Windows Insiders. If you are an insider, you can now start experiencing the same. Once the feature is enabled, you can now see a content process MsMpEngCP.exe running alongside with the antimalware service MsMpEng.exe.

If you are using Windows 10 version 1703 or later, you can also enable this feature by changing a machine-wide environment variable and then restarting the system. To enable the Windows Defender Antivirus to run inside a secure Sandbox, follow the below mentioned steps:

1. Go to Start and type cmd.
2. Right-click on Command Prompt and from the context menu, select Run as administrator. Make sure that, you have administrative privileges on that system.
3. Now, inside the command prompt, type the following command and hit enter:

   setx /M MP_FORCE_USE_SANDBOX 1

4. You will now see a message: SUCCESS: Specified value was saved.
5. Restart your system for the changes to take effect.