Enable Windows Defender Sandbox in Windows 10

Windows Defender is the built-in security solution in Windows 10. It provides basic protection against threats. Earlier versions of Windows like Windows 8.1, Windows 8, Windows 7 and Vista also had it but it was less efficient previously as it only scanned spyware and adware. In Windows 8 and Windows 10, Defender is based on the Microsoft Security Essentials app which offers better protection by adding full blown protection against all kinds of malware. Recently, Microsoft made it possible to run Windows Defender Antivirus in a sandbox.

Defender 17650 WSL

The sandbox feature is available in Windows 10 version 1703 and above, but it is disabled by default. Microsoft describes the feature as follow:

Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm. This is part of Microsoft’s continued investment to stay ahead of attackers through security innovations. Windows Defender Antivirus and the rest of the Windows Defender ATP stack now integrate with other security components of Microsoft 365 to form Microsoft Threat Protection. It’s more important than ever to elevate security across the board, so this new enhancement in Windows Defender Antivirus couldn’t come at a better time.

...

The goal for the sandboxed components was to ensure that they encompassed the highest risk functionality like scanning untrusted input, expanding containers, and so on. At the same time, we had to minimize the number of interactions between the two layers in order to avoid a substantial performance cost.

To enable Windows Defender Sandbox in Windows 10, do the following.

  1. Open an elevated command prompt.
  2. Type or copy-paste the following command:
    setx /M MP_FORCE_USE_SANDBOX 1
  3. Restart Windows 10.
  4. The sandbox feature is now enabled.

Note:

The setx command is a console tool that can be used to set or unset user and system environment variables. In the general case, the syntax is as follows:

setx variable_name variable_value - set an environment variable for the current user.

setx /M variable_name  variable_value - set an environment variable for all user (system-wide).

Type setx /? in a command prompt to see more details about this tool.

How to disable Windows Defender Antivirus Sandbox

  1. Open the Control Panel.
  2. Navigate to the following applet:
    Control Panel\System and Security\System

    windows-10-system-properties

  3. Click the "Advanced System Settings" link on the left. In the next dialog, you will see the Environment Variables... button in the bottom of the Advanced tab. windows-10-advanced-system-properties Click it.
  4. The Environment Variables window will appear on the screen. windows-10-environment-variables
  5. Under System variables, remove the variable named MP_FORCE_USE_SANDBOX.
  6. Restart the OS.

That's it.

3 thoughts on “Enable Windows Defender Sandbox in Windows 10

  1. Shyam Reddy

    Good one Sergey! Thank you

    Reply
  2. Lex Adam NL

    Hi i have problems with those Sandbox and wants to deactivate it.

    Have you for me the adjust instruction how to do.

    I have the following problems with my notebook since activation.

    1 Slower internet.
    2 Small increase in CPU load 2/4% I have a powerful CPU 7e gen I7.
    3 Problem with shutdown my computer. Only possible to press the on/off button for 6 sec.

    Hope full you have the solution for my problem.

    Reply
    1. Sergey Tkachenko Post author

      You can disable it by removing the environment variable as described in the article.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *