Windows Defender Antivirus can run in a sandbox on Windows 10, from version 1703 onwards.
What does this mean;
By place of Windows Defender Antivirus within a sandbox, Microsoft makes it very difficult for malware developers to access critical system features as sandboxed programs are isolated from the rest of the system with extremely limited access to memory and minimal disk resources .
Activating a restricted process environment for Windows Defender Antivirus is a decision Microsoft took when too many security researchers described the antivirus solution as a program that can be used for attacks!
Windows Defender Antivirus uses administrator and system privileges to be able to constantly monitor and destroy malicious attacks, making it an ideal target for attackers who want a simple way to obtain administrator privileges in the victim's system.
With Windows Defender Antivirus running sandbox as the default Windows antivirus solution, Microsoft wants to be sure that those who manage to take advantage of Windows Defender security flaws will not be able to acquire system or administrator rights.
Windows Defender Antivirus and the rest of Windows Defender's Stack ATP are integrated with other Microsoft 365 security components to form the new Microsoft Threat Protection.
Although Microsoft only opens the Windows Defender Antivirus feature for Windows Insiders, other Windows 10 users can also enable the feature with a command prompt.
Open a command-prompt window with Administrator permissions (in Windows search, write cmd and the icon to display, right-click and open as administrator). When the window opens, type the following command and press Enter:
setx / M MP_FORCE_USE_SANDBOX 1
That was when you just added another security feature to your system!
Watch the Microsoft video