Advice Request Running Windows Defender in its own Sandbox?

Please provide comments and solutions that are helpful to the author of this topic.

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I came across this article today, and was intrigued by the hardening suggestion:

Windows Defender Antivirus can now run in a sandbox - Microsoft Security

Has anyone else tried doing this? Very simple to activate, noticed no slow downs. Considering the bum rap over the years WD received, I figure every little bit helps it, and therefore me. So now I am running WD (Sandboxed).

Thoughts? Thanks.
 
Last edited:

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
So anything WD does while sandboxed needs confirmation that you wish this to be permanent if you choose to take it out of sandbox mode?

If so, I can see that as causing problems. I'm sure I could easily forget that three days ago WD flagged up some suspicious behaviour and accidently enable something that I didn't wish to happen.
 
F

ForgottenSeer 85179

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
So anything WD does while sandboxed needs confirmation that you wish this to be permanent if you choose to take it out of sandbox mode?
No, not really.

It must be understood that this isn't a sandbox like the one you're used to (Sandboxie, Comodo). This isn't a sandbox for your files and programs.

This is a sandbox for Windows Defender itself.
  • What does this mean? Sandbox is meant to isolate Defender's processes from the rest of the system.
  • Why? Because in order to protect you, Defender processes are high risk, elevated (permissions) processes, processes which, injected by malware, could be used for catastrophe.
Therefore, Windows Defender's Sandbox will isolate important antivirus proccesses from the rest of the system.

From HowToGeek:
Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’s content parsers that could enable arbitrary code execution. While we haven’t seen attacks in-the-wild actively targeting Windows Defender Antivirus, we take these reports seriously…

Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm.
 

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
Is it possible to run windows defender with a third party firewall and disable windows firewall?Thks

You can run WD with any firewall. It should automatically disable itself wen you install the 3rd party firewall your using. I suppose it depends on your needs. WD's Firewall does the job for the most part though for a time I ran Comodo firewall with cruelister settings and manually set IPv6 filter rules. But yes, you can run it with any firewall. I have noticed in some instances windows firewall remains enabled running passively in the background which I think has something to do with windows 10 own security but I've never had issue when both were running together, the Security Centre will indicate which firewall is being actively used.
 

blueblackwow65

Level 23
Verified
Well-known
Dec 19, 2012
1,243
Thks for the information guys ,does windows update service need to be put to automatic when using WD? I have windows update service to disable,as I do my own updates every couple of weeks, i hate the auto part of it when it surprises you to restart windows.
 
F

ForgottenSeer 85179

Thks for the information guys ,does windows update service need to be put to automatic when using WD? I have windows update service to disable,as I do my own updates every couple of weeks, i hate the auto part of it when it surprises you to restart windows.
You shouldn't disable automatic updates. Never.
You have also control over the restart so that's no problem
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
You shouldn't disable automatic updates. Never.
You have also control over the restart so that's no problem
I disabled Windows automatic updates after I had Win 10 2004 forced on me and it messed my PC up so badly I had to re-install 1909 and then use Macrium Reflect to install a backup of 1909 from earlier in the day when MS nuked my OS.
I know what you say about never disabling automatic updates is sensible, but I didn't really have that time spare to sort out the disaster MS left me with, so after my experience I'm not letting them do that again, or even have a chance.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The sandbox is good for defending Windows Defender itself against abuse. But it is still a beta feature, and we don't know if, and how much, it hinders Windows Defender from protecting our computers.
 

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
The sandbox is good for defending Windows Defender itself against abuse. But it is still a beta feature, and we don't know if, and how much, it hinders Windows Defender from protecting our computers.

I'm presuming it's using the same AppContainer which it's done with any MS Store apps since win 10 came out. There's an additional 45mb of memory used when sandboxed but it so far as I can tell, still protects the system as normal. I don't have detailed knowledge but so far so good at this end.

1596559379018.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top