Windows Defender set to become more secure with sandbox mode

Windows Defender extension for Chrome

Microsoft is working on making Windows Defender, the built-in antivirus tool in Windows 10, more secure with a new mode that allows it to run within a sandbox, a feature that’s been present in many of its competitors.

By running in a sandbox, Windows Defender will operate separately from the rest of your PC, so hackers and malicious files cannot gain access to your vital files via the software.

The move follows Microsoft explaining in a blog post that due to the nature of Windows Defender, which needs to have access to your whole system to scan it for viruses, "Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’s content parsers that could enable arbitrary code execution.”

Obviously, a security tool that is itself a security liability isn’t much use, which is why Microsoft will be implementing the sandbox mode. “Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm,” explains the blog.

When can I get it?

The addition of a sandbox mode brings Windows Defender into line with other anti-virus software which has sandboxing tools.

If you rely on Windows Defender to protect your PC, then you’ll probably be keen to get the feature as soon as possible. At the moment, Microsoft has brought the feature to early versions of Windows 10 for people using the Windows Insider program. 

This is so that Microsoft can monitor the effectiveness, and potential impacts to system performance, of the new feature before making it available to everyone.

However, Microsoft has also made it possible for non-Windows Insiders to enable the feature. To do so, type in ‘Command Prompt’ in the Start menu search bar, then right-click ‘Command Prompt’ and select ‘Run as administrator’. Then, type in the following command and press enter:

setx /M MP_FORCE_USE_SANDBOX 1

You’ll then want to restart your PC.

With Windows Defender coming installed for free with Windows 10, huge amounts of people around the world will be relying on it to keep them safe, so we’re pleased to see Microsoft is working hard on making sure the software offers advanced security features like this.

Via Neowin