Undoubtedly, security will always be an issue to be addressed regardless of the type of operating system or applications that we use since, in a growing world like the current one, threats are the order of the day and attackers renew their techniques and each the ways to access and steal information of all kinds are simpler..
Windows Defender is the Microsoft antivirus that comes integrated by default in all editions of Windows 10 and gradually adds better security features . The problem is that its protection engine, which is essential to be 100% protected, has presented some critical flaws creating doors and vulnerabilities for attackers, which is why Microsoft developers have implemented the sandbox mode for Windows Defender.
The sandbox mode allows Windows Defender to be executed in an isolated container which is essentially a restrictive process execution environment which will not affect the level of security offered by Windows Defender. Recall that Windows Defender was designed in order to run with elevated privileges, but, although it seems safe, that design makes it an ideal point for attacks of all kinds putting all system integrity at risk..
The main advantage of using sandbox mode in Windows Defender is that it will isolate Windows Defender processes from the rest of the Windows operating system processes , so that an attack on the anti-malware protection engine does not expose the entire operating system, which It can cause big problems. We can clarify that it is possible to need more resources when activating the Sandbox mode since more processing capacity is required in order for the antivirus to work in an isolated environment, rather than within the operating system itself.
Note
Sandbox mode is available since version 1703 of Windows 10 and by default it is disabled.
Step 1
For this, we must access the Windows PowerShell console as administrators and there run the following cmdlet:
setx / M MP_FORCE_USE_SANDBOX 1
After this it will be necessary to restart the system to apply the changes and in this way Windows Defender will be running in sandbox..
Step 2
To verify that the sandbox mode is working in Windows 10, we must open the Task Manager and look for "MsMpEngCP.exe" in the process list
To deactivate sandbox mode, we must access Windows PowerShell again and this time execute the following:
setx / M MP_FORCE_USE_SANDBOX 0
In the next Windows 10 updates, the Windows Defender Sandbox mode will be integrated into the antivirus menu options without the need to run anything from Windows PowerShell.
Thus it is possible to activate the sandbox mode in Windows 10 and obtain an additional protection measure.