You’re going to have to think about this one some.
Think about how any anti-virus program has to parse all the files on a system. A parser could inadvertently enable arbitrary code execution if that parser has any vulnerabilities.
So what to do?
Run the parser in a sandboxed environment where malicious actions are limited to the sandbox thereby protecting the rest of the system.
Microsoft’s Windows Defender does this.
In other words, the Windows Defender antivirus process that analyzes downloaded files and other content will run with very few permissions.
But it’s not turned on by default.
To enable this feature click on the Start button, type “CMD”, right click on “Command Prompt”, and select “Run as administrator”. Enter the following command:
setx /M MP_FORCE_USE_SANDBOX 1
Then restart your PC by holding SHIFT while you select Shutdown or Restart on the Start menu.
Originally published at blog.benmoore.info on November 5, 2018.