Windows Defender Sandbox

You’re going to have to think about this one some.

Think about how any anti-virus program has to parse all the files on a system. A parser could inadvertently enable arbitrary code execution if that parser has any vulnerabilities.

So what to do?

Run the parser in a sandboxed environment where malicious actions are limited to the sandbox thereby protecting the rest of the system.

Microsoft’s Windows Defender does this.

In other words, the Windows Defender antivirus process that analyzes downloaded files and other content will run with very few permissions.
How-To Geek

But it’s not turned on by default.

To enable this feature click on the Start button, type “CMD”, right click on “Command Prompt”, and select “Run as administrator”. Enter the following command:

setx /M MP_FORCE_USE_SANDBOX 1

Then restart your PC by holding SHIFT while you select Shutdown or Restart on the Start menu.

Originally published at blog.benmoore.info on November 5, 2018.

Written by

IT professional, Formula 1 fan

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store