oldschool

Level 42
Verified
A question was raised on Wilders about Windows Defender Sandbox recently and it got me thinking: Has WD sandbox been incorporated into Tamper Protection? M$ as usual provides little documentation and the two official sources I know of are these: Tamper Protection and Windows Defender Sandbox. They are very general explanations and I can find no other current official explanation about them.

Previously, when WD Sandbox was enabled you would see this

1575666253651.png



I was curious so I enabled WD Sandbox on my system and here is what I see

Capture.PNG Clearly the names are not the same in these two images.

I understand some of WD's processes have new names in 1903+ and this only complicates things more in terms of finding answers to my question. Any Windows gurus are free to offer there expertise or opinions.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
MS admitted that Sandbox is important to prevent exploiting WD. They were very excited about it. So, if it worked flawlessly it would be already implemented by default like for example Tamper Protection. Furthermore, the developer of the application that changes some important WD settings must be cautious, because the application can be easily flagged by MS as a HackTool and quarantined (as ConfigureDefender some time ago). This could a probable scenario if MS would choose to make WD Sandbox a default feature.
There is no rush for H_C users in the home environment because exploiting WD requires first to bypass H_C restrictions.
WD Sandbox is most important in enterprises because they usually use vulnerable systems with vulnerable software. After exploiting the vulnerabilities (easy task), the malware can exploit WD, too(y).
 

oldschool

Level 42
Verified
There is no rush for H_C users in the home environment because exploiting WD requires first to bypass H_C restrictions.
WD Sandbox is most important in enterprises because they usually use vulnerable systems with vulnerable software. After exploiting the vulnerabilities (easy task), the malware can exploit WD, too

This was my general sense about using the sandbox with H_C, and a close reading of MS' original announcement points toward this feature as prescribed for enterprises.