Sun. Feb 23rd, 2020

Windows Defender Antivirus run in a sandbox

2 min read

In biology, the smartest way to attack is not to violently break through the body’s defense mechanisms, but to make the immune system work for it as well. The most well-known is the HIV. But it turns out that computers are also facing the same type of malware threats – they can be prevented from being cleaned by anti-virus software, and even in turn controlling the computer’s daemons. As a result, malware can fully penetrate every part of the system and modify the data in the hard disk and memory.

The good news is that on the Windows Defender blog, Microsoft announced that they had found a way to run Windows Defender anti-virus software in a sandbox.

Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security.”

Microsoft claims that Windows Defender is the first anti-virus software solution to feature this feature entirely. Microsoft has now pushed this feature to Insider testers, but it can also be manually activated in a stable system:

  • Open the Start Menu and type “cmd.exe“.
  • Right-click the cmd.exe (Command Prompt app) and click on the “Run as Administrator” option.
  • Type setx /M MP_FORCE_USE_SANDBOX 1
  • Press enter and wait for the validation.
  • Restart the PC.

Once the sandboxing is enabled, customers will see a content process MsMpEngCP.exe running alongside with the antimalware service MsMpEng.exe.

Via: mspoweruser