Enable Windows Defender Sandbox in Windows 10

Windows Defender Secuirty Center Icon Big

Windows Defender is the built-in security solution in Windows 10. It provides basic protection against threats. Earlier versions of Windows like Windows 8.1, Windows 8, Windows 7 and Vista also had it but it was less efficient previously as it only scanned spyware and adware. In Windows 8 and Windows 10, Defender is based on the Microsoft Security Essentials app which offers better protection by adding full blown protection against all kinds of malware. Recently, Microsoft made it possible to run Windows Defender Antivirus in a sandbox.

The sandbox feature is available in Windows 10 version 1703 and above, but it is disabled by default. Microsoft describes the feature as follow:

Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm. This is part of Microsoft’s continued investment to stay ahead of attackers through security innovations. Windows Defender Antivirus and the rest of the Windows Defender ATP stack now integrate with other security components of Microsoft 365 to form Microsoft Threat Protection. It’s more important than ever to elevate security across the board, so this new enhancement in Windows Defender Antivirus couldn’t come at a better time.


The goal for the sandboxed components was to ensure that they encompassed the highest risk functionality like scanning untrusted input, expanding containers, and so on. At the same time, we had to minimize the number of interactions between the two layers in order to avoid a substantial performance cost.

To enable Windows Defender Sandbox in Windows 10, do the following.

  1. Open an elevated command prompt.
  2. Type or copy-paste the following command:
  3. Restart Windows 10.
  4. The sandbox feature is now enabled.


The setx command is a console tool that can be used to set or unset user and system environment variables. In the general case, the syntax is as follows:

setx variable_name variable_value - set an environment variable for the current user.

setx /M variable_name  variable_value - set an environment variable for all user (system-wide).

Type setx /? in a command prompt to see more details about this tool.

How to disable Windows Defender Antivirus Sandbox

  1. Open the Control Panel.
  2. Navigate to the following applet:
    Control Panel\System and Security\System

  3. Click the "Advanced System Settings" link on the left. In the next dialog, you will see the Environment Variables... button in the bottom of the Advanced tab.Click it.
  4. The Environment Variables window will appear on the screen.
  5. Under System variables, remove the variable named MP_FORCE_USE_SANDBOX.
  6. Restart the OS.

That's it.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

4 thoughts on “Enable Windows Defender Sandbox in Windows 10”

  1. Hi i have problems with those Sandbox and wants to deactivate it.

    Have you for me the adjust instruction how to do.

    I have the following problems with my notebook since activation.

    1 Slower internet.
    2 Small increase in CPU load 2/4% I have a powerful CPU 7e gen I7.
    3 Problem with shutdown my computer. Only possible to press the on/off button for 6 sec.

    Hope full you have the solution for my problem.

  2. hi i have a problem since i enabled windows defender sandbox a service called MsMpEng.exe started running and it uses a lot of ram but when i want to disable , stop , remove it i get access denied i am in the administrator account . i tried removing MP_FORCE_USE_SANDBOX variable but it nothing changed i tried everything

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.