Windows Defender is the built-in security solution in Windows 10. It provides basic protection against threats. Earlier versions of Windows like Windows 8.1, Windows 8, Windows 7 and Vista also had it but it was less efficient previously as it only scanned spyware and adware. In Windows 8 and Windows 10, Defender is based on the Microsoft Security Essentials app which offers better protection by adding full blown protection against all kinds of malware. Recently, Microsoft made it possible to run Windows Defender Antivirus in a sandbox.
The sandbox feature is available in Windows 10 version 1703 and above, but it is disabled by default. Microsoft describes the feature as follow:
Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm. This is part of Microsoft’s continued investment to stay ahead of attackers through security innovations. Windows Defender Antivirus and the rest of the Windows Defender ATP stack now integrate with other security components of Microsoft 365 to form Microsoft Threat Protection. It’s more important than ever to elevate security across the board, so this new enhancement in Windows Defender Antivirus couldn’t come at a better time.
The goal for the sandboxed components was to ensure that they encompassed the highest risk functionality like scanning untrusted input, expanding containers, and so on. At the same time, we had to minimize the number of interactions between the two layers in order to avoid a substantial performance cost.
To enable Windows Defender Sandbox in Windows 10, do the following.
- Open an elevated command prompt.
- Type or copy-paste the following command:
setx /M MP_FORCE_USE_SANDBOX 1
- Restart Windows 10.
- The sandbox feature is now enabled.
The setx command is a console tool that can be used to set or unset user and system environment variables. In the general case, the syntax is as follows:
setx variable_name variable_value - set an environment variable for the current user.
setx /M variable_name variable_value - set an environment variable for all user (system-wide).
Type setx /? in a command prompt to see more details about this tool.
How to disable Windows Defender Antivirus Sandbox
- Open the Control Panel.
- Navigate to the following applet:
Control Panel\System and Security\System
- Click the "Advanced System Settings" link on the left. In the next dialog, you will see the Environment Variables... button in the bottom of the Advanced tab. Click it.
- The Environment Variables window will appear on the screen.
- Under System variables, remove the variable named MP_FORCE_USE_SANDBOX.
- Restart the OS.