Microsoft lets Windows Defender run in a sandbox

Posted on Monday, October 29 2018 @ 13:56 CET by Thomas De Maesschalck
MSFT
Users participating in the Windows Insider program can now start testing a new version of Windows Defender Antivirus that runs in a sandbox. The software giant explains they listened to feedback from the security industry, by running the program in a sandbox potential vulnerabilities in Windows Defender can no longer affect the rest of your computer. Microsoft proudly notes that Windows Defender is the first complete antivirus tool to have this feature.
Modern antimalware products are required to inspect many inputs, for example, files on disk, streams of data in memory, and behavioral events in real time. Many of these capabilities require full access to the resources in question. The first major sandboxing effort was related to layering Windows Defender Antivirus’s inspection capabilities into the components that absolutely must run with full privileges and the components that can be sandboxed. The goal for the sandboxed components was to ensure that they encompassed the highest risk functionality like scanning untrusted input, expanding containers, and so on. At the same time, we had to minimize the number of interactions between the two layers in order to avoid a substantial performance cost.
The feature will be rolled out gradually for Windows Insiders. Users running Windows 10 version 1703 or later can also force their system to use this sandbox implementation by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine. More at the Microsoft Secure blog.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments