Advice Request Questions: Windows Defender Sandbox and Tamper Protection - Have they now been combined? Will MS include default WD sandboxing?

[oldschool]

A question was raised on Wilders about Windows Defender Sandbox recently and it got me thinking: Has WD sandbox been incorporated into Tamper Protection? M$ as usual provides little documentation and the two official sources I know of are these: Tamper Protection and Windows Defender Sandbox. They are very general explanations and I can find no other current official explanation about them.

Previously, when WD Sandbox was enabled you would see this

I was curious so I enabled WD Sandbox on my system and here is what I see

Clearly the names are not the same in these two images.

I understand some of WD's processes have new names in 1903+ and this only complicates things more in terms of finding answers to my question. Any Windows gurus are free to offer there expertise or opinions.

 

[Mjolnir]

are you using home or an enterprise version?

 

[oldschool]

are you using home or an enterprise version?

Windows Pro 1909.

Edit: Oops. Now I see the two processes from image #1 running in Task Manager > Details.

 

[Andy Ful]

WD Tamper Protection seems to protect the registry changes which could invalidate WD. I did not find any connection with sandboxing.

 

[oldschool]

I did not find any connection with sandboxing.

Someone asked if you had thought of including this feature in H_C and ConfigureDefender. My reply was that this feature is experimental, or at least not rolled out to all users, and that MS has been silent on the feature for 1+ years since original announcement. What is your take?

 

[Andy Ful]

MS admitted that Sandbox is important to prevent exploiting WD. They were very excited about it. So, if it worked flawlessly it would be already implemented by default like for example Tamper Protection. Furthermore, the developer of the application that changes some important WD settings must be cautious, because the application can be easily flagged by MS as a HackTool and quarantined (as ConfigureDefender some time ago). This could a probable scenario if MS would choose to make WD Sandbox a default feature.
There is no rush for H_C users in the home environment because exploiting WD requires first to bypass H_C restrictions.
WD Sandbox is most important in enterprises because they usually use vulnerable systems with vulnerable software. After exploiting the vulnerabilities (easy task), the malware can exploit WD, too.

 

[oldschool]

There is no rush for H_C users in the home environment because exploiting WD requires first to bypass H_C restrictions.
WD Sandbox is most important in enterprises because they usually use vulnerable systems with vulnerable software. After exploiting the vulnerabilities (easy task), the malware can exploit WD, too

This was my general sense about using the sandbox with H_C, and a close reading of MS' original announcement points toward this feature as prescribed for enterprises.