App Review Windows Defender Sandbox Test vs Malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

stefanos

Level 28
Thread author
Verified
Top Poster
Well-known
Oct 31, 2014
1,712


:):):):)

It's old software but quite capable...

Hey Bora, I think InstallWatch 2.5 can only record up to 180,000 files for its snapshots. I had to give up on it back around 2012 or so, because of this. Maybe there is a version where this has been changed, not sure...

It doesn't officially support Windows 10, but can be made to run. I've posted instructions on how to do this before. However, I no longer recommend using it under Windows 10, as from time to time it stops working and will no longer monitor program installs.

I used to run into this running version 1.2.188360.106 on Windows XP and W7, but I haven't seen this happen in years. I think it's more a testament of stabler systems through the years than anything I suppose. Perhaps quirky PC performance of the older systems was to blame in W7.

On W10, I'm surprised it's happening, but there is a simple remedy if anyone is doggedly determined to run the software. The remedy that worked for me was to move the file C:\Fileimage.dat to a secondary drive or flash drive and then reboot to a boot time rescue environment. Safe Mode would probably work, can't recall if I ever tried SM. From there replace the file to its original location. Also, just rebooting and replacing the file while in Windows and then rebooting again seems to work...

CPM is absolutely one of my favorite softwares through the years. For me for some reason it just works lol...
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
This result was easy to predict when testing against the common malware (even 0-day). WD Sandbox was 100% efficient. Its role is protecting the potentially vulnerable WD processes, and as we could see WD processes worked well to the end. It is also probable that we could get a similar result without WD Sandbox, because most malware samples do not attack WD processes.
It would be interesting to test Windows Sandbox against the malware.:giggle:(y)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Being serious, there are several native sandboxes used in Windows 10 (at least 4). Only one of them is available on Windows Home: Windows Defender Sandbox. It covers the potential vulnerabilities of WD processes. These processes are running with high privileges, so exploiting them could give the malware high privileges automatically.

The testing procedure is totally inadequate for testing Windows Defender Sandbox. It is also inadequate for Windows Sandbox and Microsoft Edge Application Guard. The only sandbox that could be tested in this way is detonation sandbox (WD cloud feature) available in Windows Enterprise (E5) editions.

The guy who made the video, simply thought that WD Sandbox works like some detonation sandboxes in 3rd party AVs (which is not the case).
I think that we had already a similar thread:
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
The testing procedure is totally inadequate for testing Windows Defender Sandbox. It is also inadequate for Windows Sandbox and Microsoft Edge Application Guard. The only sandbox that could be tested in this way is detonation sandbox (WD cloud feature) available in Windows Enterprise (E5) editions.

I'm confused by the OP and video. Was he testing Windows Defender or WD Sandbox? Or was he testing as if it was a "detonation sandbox (WD cloud feature) available in Windows Enterprise (E5) editions."?

Maybe I need to turn up the sound while watching?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top