Windows Defender is Microsoft’s answer to antivirus and firewall protection. It has never been at the top of the list when it comes to quality, but admittedly, it has come a long way since the early days. It is now used exclusively by yours truly. Windows Insiders are now getting a peek at what Defender is like when placed in an isolated environment, also known as a Sandbox.
You don’t have to be an Insider to try this out for yourself, however. Using a simple command, either in the Command Prompt or the Power Shell, you can get the added benefits of “sandboxing” Windows Defender, and this week’s Quick Tips article will show you how.
Note: Microsoft itself is not certain that a sandboxed Defender is ready for prime time, so I urge you to only try this at your own risk. Make backups before proceeding. I enabled it a few minutes before writing this post… so far, so good… no hitches or giddy-ups… knock on wood…
What Is A Sandbox?
There’s no need re-invent the wheel, so here is a better definition than I ever could have come up with:
Sandboxing is a computer security term referring to when a program is set aside from other programs in a separate environment so that if errors or security issues occur, those issues will not spread to other areas on the computer. Programs are enabled in their own sequestered area, where they can be worked on without posing any threat to other programs. ~ Techopedia
If you’d like to read what Microsoft has to say about all this, then please read this article on the Microsoft Secure Blog.
How To Enable/Disable Defender In A Sandbox
You can run either the Command Prompt or the Power Shell to accomplish this task. The import thing is that, whichever one you choose, it must be run with Administrator Privileges. If you don’t, it won’t work, period.
- Use the Windows Key + X shortcut to open the WinX Menu.
- Choose the (Admin) option for either the Command Prompt or the PowerShell, whichever one is shown in your menu
Type setx /M MP_FORCE_USE_SANDBOX 1 and hit Enter (that’s a one) and re-boot
Type setx /M MP_FORCE_USE_SANDBOX 0 and hit Enter (that’s a zero) and re-boot
That’s all there is to it. Let me know if something breaks and what it was. Thanks!
As always, if you have any helpful suggestions, comments or questions, please share them with us,