Microsoft’s anti-malware tool, Windows Defender, can now run within a sandbox on Insider builds of Windows. The software maker said its product is the first complete anti-virus solution which can run in a sandbox, which consequently raises the bar for security. The firm said the procedure to sandbox Windows Defender was complex and that it had to take into account performance and functionality considerations. Researchers and partners are now being asked for feedback before the update is made broadly available.
While Microsoft said that it is in “the process of gradually enabling” the feature for Windows Insiders, it does offer a way to force-enable the feature on Windows 10, version 1703 and above. In order to enable the feature, Microsoft says you should run the following command and restart the machine:
setx /M MP_FORCE_USE_SANDBOX 1
The Redmond-based firm decided to implement the feature after researchers inside and outside the company identified ways to take advantage of vulnerabilities in Windows Defender’s content parsers that allowed arbitrary code execution. With Windows Defender being put in a sandbox, hackers will no longer be able to damage the system as Defender is locked up inside an isolated environment.
Going forward, Microsoft said it will continue working on new anti-tampering defences for Windows Defender. Additionally, it plans to announce new measures in the near future. If you’d like to read more about Windows Defender sandboxing, be sure to read Microsoft’s extensive blog post on the matter.