Windows 10 Quick Tips – Defender Sandboxed

Windows Defender

ms-win-defender-imageWindows Defender is Microsoft’s answer to antivirus and firewall protection. It has never been at the top of the list when it comes to quality, but admittedly, it has come a long way since the early days. It is now used exclusively by yours truly. Windows Insiders are now getting a peek at what Defender is like when placed in an isolated environment, also known as a Sandbox.

You don’t have to be an Insider to try this out for yourself, however. Using a simple command, either in the Command Prompt or the Power Shell, you can get the added benefits of “sandboxing” Windows Defender, and this week’s Quick Tips article will show you how.

Note: Microsoft itself is not certain that a sandboxed Defender is ready for prime time, so I urge you to only try this at your own risk. Make backups before proceeding. I enabled it a few minutes before writing this post… so far, so good… no hitches or giddy-ups… knock on wood…

What Is A Sandbox?

There’s no need re-invent the wheel, so here is a better definition than I ever could have come up with:

Sandboxing is a computer security term referring to when a program is set aside from other programs in a separate environment so that if errors or security issues occur, those issues will not spread to other areas on the computer. Programs are enabled in their own sequestered area, where they can be worked on without posing any threat to other programs. ~ Techopedia

If you’d like to read what Microsoft has to say about all this, then please read this article on the Microsoft Secure Blog.

How To Enable/Disable Defender In A Sandbox

You can run either the Command Prompt or the Power Shell to accomplish this task. The import thing is that, whichever one you choose, it must be run with Administrator Privileges. If you don’t, it won’t work, period.

  1. Use the Windows Key + X shortcut to open the WinX Menu.
  2. Choose the (Admin) option for either the Command Prompt or the PowerShell, whichever one is shown in your menu

Enable it

Type setx /M MP_FORCE_USE_SANDBOX 1 and hit Enter (that’s a one) and re-boot

Disable it

Type setx /M MP_FORCE_USE_SANDBOX 0 and hit Enter (that’s a zero) and re-boot

That’s all there is to it. Let me know if something breaks and what it was. Thanks!

As always, if you have any helpful suggestions, comments or questions, please share them with us,


12 thoughts on “Windows 10 Quick Tips – Defender Sandboxed”

  1. I’m familiar with and an active user of Sandboxie. Been using it for many, many years and think it’s a spectacular piece of security software. It’s never failed me.

    But I don’t understand how a sandboxed Windows Defender works. What is sandboxed and what isn’t? Do you have more details?

    1. I apologize. I just re-read the article and saw the Microsoft Secure Blog link. I’ll take a look at that.

      1. Richard Pedersen

        Hi Midwest Guy,

        No need to apologize– we all miss stuff once in a while ?


    I’m just curious as to why it’s running sandboxed. Is that to keep it safe or, is that so we can’t see the flaws that still exist in Defender?

    1. Richard Pedersen

      Hi Norbert,

      Not seeing the flaws might be an interesting idea, but that’s not the goal. Anything that runs in a “sandbox” protects the system. It remains isolated.
      That means the bad guys can’t get at it to do their mischief,

  3. Interesting article. This past week or so, I latched onto a link to Windows Defender Advanced Threat Protection. I realize that most of it applies to a large network, but some things I found seem to be no-brainers. Using the Power Shell (admin), Defender can be set to block PUPs, for example. Using Get-MpPreference shows a list of settings available. I’m using Windows 10 Pro and there is an alternate way to change Defender settings using Group Policy.
    I may be playing with fire here, but going to the Windows Defender Testground website at lets me test settings to see how they work. So far I’ve not noticed any problems. Perhaps you could explain how or whether to make some changes to Defender? At any rate, I look forward to your Tips articles. Thanks.
    Mark H.

    1. Richard Pedersen

      Hi Mark,

      The answer is simple– leaving Windows Defender alone is the safest choice. It has proven itself over the years to be a reasonable antivirus/firewall. Of course, you can always play with it providing you have proper backups to protect yourself from that neverending tickle to tinker.

      Thank you for your kind words,

  4. This is a good tip Richard Pedersen but…after the mess Microsoft created with the October Win 10 update (yes I have Win 10 Pro and have stopped auto updates) I am unable to do a daily update of Defender. After two weeks of waiting I am going to have to deactivate Defender and get a third party antivirus product even though I have Malwarebytes. Unless of course you have a hack to bypass the standard update model and do it another way…

    1. Richard Pedersen

      Hi Gary,
      Indeed, the MS 1809 update is a fiasco– hands down. I have stopped believing in MS updates as a trusted source. That is a sad state of affairs. This does not mean that you can trust the likes of MBAM to protect your system– this utility was never meant to replace a true antivirus/firewall solution. It is, however, a great addition as another layer of protection against the bad guys.

      Despite the recent 1809 troubles, I still believe in Defender’s ability to protect your computer, “sandboxed” or otherwise.

      A third-party AV product will not “fix” anything. If nothing else, it may only complicate matters. My advice? Avoid the recent 1809 update, but continue to keep the Defender distribution up to date.

      This is what I have done up to now,

      1. OK, Richard, I took you advice and searched for solutions (I am sure you know how to do it,) I never bothered to learn…here’s my comment on another helpful Windows solutions, fixes website:

        “Excellent advice, Anand Khanse!( I needed it now (Nov 3 2018) because of the Windows 10 Oct update screw ups. Richard Pedersen of Dave’s Computer Tips ( recommended I update Defender separately instead of looking for another firewall and virus blocker till Microsoft gets around to fixing the 1809 and other October 2018 updates.”

        1. Richard Pedersen

          Hi Gary,

          I have not experienced the problem described in The Windows Club article you linked to.
          My computer is set to defer updates for 60 days and I still get Defender updates every day.
          Every setup is different, however,


    2. Gary. Malwarebytes never stated it was for anti-virus or firewall protection. As Richard pointed out, it just provides an extra layer of protection. IMHO (and from I read), the more layers of protection, the safer you are. And the more you load down your system, the longer the boot time, so it’s a give and take situation, Mindblower!

Comments are closed.

Scroll to Top


Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!