SearchLight

Level 10
Verified
I came across this article today, and was intrigued by the hardening suggestion:

Windows Defender Antivirus can now run in a sandbox - Microsoft Security

Has anyone else tried doing this? Very simple to activate, noticed no slow downs. Considering the bum rap over the years WD received, I figure every little bit helps it, and therefore me. So now I am running WD (Sandboxed).

Thoughts? Thanks.
 
Last edited:

Stopspying

Level 10
So anything WD does while sandboxed needs confirmation that you wish this to be permanent if you choose to take it out of sandbox mode?

If so, I can see that as causing problems. I'm sure I could easily forget that three days ago WD flagged up some suspicious behaviour and accidently enable something that I didn't wish to happen.
 

security123

Level 23
Verified

RoboMan

Level 30
Verified
Content Creator
Malware Tester
So anything WD does while sandboxed needs confirmation that you wish this to be permanent if you choose to take it out of sandbox mode?
No, not really.

It must be understood that this isn't a sandbox like the one you're used to (Sandboxie, Comodo). This isn't a sandbox for your files and programs.

This is a sandbox for Windows Defender itself.
  • What does this mean? Sandbox is meant to isolate Defender's processes from the rest of the system.
  • Why? Because in order to protect you, Defender processes are high risk, elevated (permissions) processes, processes which, injected by malware, could be used for catastrophe.
Therefore, Windows Defender's Sandbox will isolate important antivirus proccesses from the rest of the system.

From HowToGeek:
Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’s content parsers that could enable arbitrary code execution. While we haven’t seen attacks in-the-wild actively targeting Windows Defender Antivirus, we take these reports seriously…

Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm.
 

ErzCrz

Level 6
Verified
Is it possible to run windows defender with a third party firewall and disable windows firewall?Thks
You can run WD with any firewall. It should automatically disable itself wen you install the 3rd party firewall your using. I suppose it depends on your needs. WD's Firewall does the job for the most part though for a time I ran Comodo firewall with cruelister settings and manually set IPv6 filter rules. But yes, you can run it with any firewall. I have noticed in some instances windows firewall remains enabled running passively in the background which I think has something to do with windows 10 own security but I've never had issue when both were running together, the Security Centre will indicate which firewall is being actively used.
 

blueblackwow65

Level 19
Verified
Thks for the information guys ,does windows update service need to be put to automatic when using WD? I have windows update service to disable,as I do my own updates every couple of weeks, i hate the auto part of it when it surprises you to restart windows.
 

security123

Level 23
Verified
Thks for the information guys ,does windows update service need to be put to automatic when using WD? I have windows update service to disable,as I do my own updates every couple of weeks, i hate the auto part of it when it surprises you to restart windows.
You shouldn't disable automatic updates. Never.
You have also control over the restart so that's no problem
 

Stopspying

Level 10
You shouldn't disable automatic updates. Never.
You have also control over the restart so that's no problem
I disabled Windows automatic updates after I had Win 10 2004 forced on me and it messed my PC up so badly I had to re-install 1909 and then use Macrium Reflect to install a backup of 1909 from earlier in the day when MS nuked my OS.
I know what you say about never disabling automatic updates is sensible, but I didn't really have that time spare to sort out the disaster MS left me with, so after my experience I'm not letting them do that again, or even have a chance.
 

ErzCrz

Level 6
Verified
The sandbox is good for defending Windows Defender itself against abuse. But it is still a beta feature, and we don't know if, and how much, it hinders Windows Defender from protecting our computers.
I'm presuming it's using the same AppContainer which it's done with any MS Store apps since win 10 came out. There's an additional 45mb of memory used when sandboxed but it so far as I can tell, still protects the system as normal. I don't have detailed knowledge but so far so good at this end.

1596559379018.png
 
Top