Windows Defender Antivirus can now run within a sandbox in Windows 10, 1703 or later, making it the first anti-malware solution for Windows to do so.
By placing Windows Defender Antivirus inside a sandbox, Microsoft has made it very difficult for malware developers to access critical system components. Sandboxed programs are isolated from the rest of the system, with extremely limited access to memory and disk.
Enabling a restricted process execution environment to run Windows Defender Antivirus is a decision taken by Microsoft after receiving a lot of feedback from security researchers who have described the high-profile antivirus solution as a high-risk attacker.
Windows Defender Antivirus uses scalable permissions to be able to keep track of and destroy malicious attacks, making it an ideal target for attackers who want a simple way to activate a variety of rights.
By deploying sandbox support to Windows's default antivirus solution, Microsoft wants to make sure that all bad players who manage to exploit Windows Defender Antivirus vulnerabilities to disable arbitrary code execution conditions will not be able to perform malicious tools using high-end rights.
"Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of an intrusion, malicious actions are confined to the isolated environment, protecting the rest of the system from failures," Microsoft said.
Windows Defender Antivirus sandbox will prevent attackers from exploiting holdings by compromising the operating system
In addition, "This is part of Microsoft's ongoing investment to remain protected from intruders through security innovations."
Although Microsoft releases the Windows Defender Antivirus feature only for Windows Insiders, all other Windows 10 users can enable it on their computers if they are willing to start the Command Prompt by using Administrator privileges and type the following command:
In addition to the new sandbox feature, Microsoft has also implemented a number of other measures to ensure that Windows users are protected from possible security attacks, ranging from network and exploitation protection to hardware-based isolation access to a controlled envelope.