The integrated Windows 10 antivirus, Windows Defender, was initially introduced to give only basic PC protection, becoming today one of the most reliable antivirus even in comparison with the more expensive commercial suites.
Therefore, with the latest versions, important functions have been added in the security settings of Windows 10, including anti-ransom protection and exploit protection (unknown threats).
The latest news is that of being able to run Windows Defender in a sandbox, which allows you to isolate the antivirus from the system and make direct attacks against the malware detection engine ineffective. In other words, if even an attacker or malware compromises the antivirus engine, the rest of the system would still be safe. This feature of Windows Defender is, for the moment, unique in the panorama of security programs, absent in all paid (or free) antivirus products.
READ ALSO: Create a Sandbox where to run dangerous programs
Running Windows Defender Antivirus in a sandbox therefore ensures that, in the unlikely event of an action against the antivirus itself, the consequences are limited to the isolated environment, protecting the rest of the system from problems .
The Windows Defender antivirus process that analyzes downloaded files and other content will be executed, if you activate sandbox mode, with very few permissions, making any attack that exploits bugs or vulnerabilities of the process fail. To ensure that performance does not decrease, interactions between the sandbox and the preferred antivirus process are therefore minimized, so that these interactions can only be performed at key times, when the impact on performance is not significant.
This function of the Sandbox in Windows Defender therefore seems to give a further level of security to the PC protection program, even if it is not yet enabled in Windows 10, because it is still being tested. For the moment, therefore, you must activate it manually using a command on the prompt, taking into account that, if you encounter operating problems in Windows 10 and programs, you must immediately deactivate it (in my case it had absolutely no negative consequences).
To enable this feature today, then open a command prompt window or PowerShell as an administrator (press the Windows-X keys together to make it quick), run the following command and restart your PC:
setx / M MP_FORCE_USE_SANDBOX 1
This command works on Windows 10, since version 1703 and gives the result: OPERATION SUCCESSFUL: specified value saved .
If you want to cancel this change, run the same command, replacing "1" with "0" and restart the PC again:
setx / M MP_FORCE_USE_SANDBOX 0
If you experience problems while booting your PC for some reason, try booting in safe mode and then run the command to disable the sandbox.
After enabling the Windows Defender sandbox, a new special process called MsMpEngCP.exe will be found in the task manager, in conjunction with the standard antimalware process MsMpEng.exe .
READ ALSO: How to use the "Windows Defender" antivirus
Therefore, with the latest versions, important functions have been added in the security settings of Windows 10, including anti-ransom protection and exploit protection (unknown threats).
The latest news is that of being able to run Windows Defender in a sandbox, which allows you to isolate the antivirus from the system and make direct attacks against the malware detection engine ineffective. In other words, if even an attacker or malware compromises the antivirus engine, the rest of the system would still be safe. This feature of Windows Defender is, for the moment, unique in the panorama of security programs, absent in all paid (or free) antivirus products.
READ ALSO: Create a Sandbox where to run dangerous programs
Running Windows Defender Antivirus in a sandbox therefore ensures that, in the unlikely event of an action against the antivirus itself, the consequences are limited to the isolated environment, protecting the rest of the system from problems .
The Windows Defender antivirus process that analyzes downloaded files and other content will be executed, if you activate sandbox mode, with very few permissions, making any attack that exploits bugs or vulnerabilities of the process fail. To ensure that performance does not decrease, interactions between the sandbox and the preferred antivirus process are therefore minimized, so that these interactions can only be performed at key times, when the impact on performance is not significant.
This function of the Sandbox in Windows Defender therefore seems to give a further level of security to the PC protection program, even if it is not yet enabled in Windows 10, because it is still being tested. For the moment, therefore, you must activate it manually using a command on the prompt, taking into account that, if you encounter operating problems in Windows 10 and programs, you must immediately deactivate it (in my case it had absolutely no negative consequences).
To enable this feature today, then open a command prompt window or PowerShell as an administrator (press the Windows-X keys together to make it quick), run the following command and restart your PC:
setx / M MP_FORCE_USE_SANDBOX 1
This command works on Windows 10, since version 1703 and gives the result: OPERATION SUCCESSFUL: specified value saved .
If you want to cancel this change, run the same command, replacing "1" with "0" and restart the PC again:
setx / M MP_FORCE_USE_SANDBOX 0
If you experience problems while booting your PC for some reason, try booting in safe mode and then run the command to disable the sandbox.
After enabling the Windows Defender sandbox, a new special process called MsMpEngCP.exe will be found in the task manager, in conjunction with the standard antimalware process MsMpEng.exe .
READ ALSO: How to use the "Windows Defender" antivirus
