Windows Defender Antivirus can run in a sandbox on Windows 10, from version 1703 onwards.
What does this mean;
By place of Windows Defender Antivirus inside a sandbox, Microsoft makes it very difficult for malware developers to gain access to critical system features, as sandboxed programs are isolated from the rest of the system, having extremely limited access to μνήμη and minimal disk resources.
Activating a restricted process environment for Windows Defender Antivirus is a decision Microsoft took when too many security researchers described the antivirus solution as a program that can be used for attacks!
Windows Defender Antivirus uses administrator and system privileges to be able to constantly monitor and destroy malicious attacks, making it an ideal target for attackers who want a simple way to obtain administrator privileges in the victim's system.
With Windows Defender Antivirus running in a sandbox like default Windows antivirus solution, Microsoft wants to be sure that those who manage to exploit security holes in Windows Defender will not be able to gain system or administrator privileges.
Windows Defender Antivirus and the rest of Windows Defender's Stack ATP are integrated with other Microsoft 365 security components to form the new Microsoft Threat Protection.
Although Microsoft only opens the feature of Windows Defender Antivirus for those enrolled in the Windows Insiders program, other Windows 10 users can enable the feature with a command in the command line.
Open a command line window with Administrator rights (in Windows search type cmd and in icon which will appear, right click and open as administrator). When the window opens type the following command and press Enter:
setx / M MP_FORCE_USE_SANDBOX 1
That was when you just added another security feature to your system!
Watch the Microsoft video
https://www.youtube.com/watch?v=Xy3MOxkX_o4
___________________________
- Windows Disable unnecessary services
- Malware: Why reuse the code
- Windows 10 October 2018 the failure of telemetry