Windows 10 Quick Tips – Defender Sandboxed


Windows Defender

ms-win-defender-imageWindows Defender is Microsoft’s answer to antivirus and firewall protection. It has never been at the top of the list when it comes to quality, but admittedly, it has come a long way since the early days. It is now used exclusively by yours truly. Windows Insiders are now getting a peek at what Defender is like when placed in an isolated environment, also known as a Sandbox.

You don’t have to be an Insider to try this out for yourself, however. Using a simple command, either in the Command Prompt or the Power Shell, you can get the added benefits of “sandboxing” Windows Defender, and this week’s Quick Tips article will show you how.

Note: Microsoft itself is not certain that a sandboxed Defender is ready for prime time, so I urge you to only try this at your own risk. Make backups before proceeding. I enabled it a few minutes before writing this post… so far, so good… no hitches or giddy-ups… knock on wood…

What Is A Sandbox?

There’s no need re-invent the wheel, so here is a better definition than I ever could have come up with:

Sandboxing is a computer security term referring to when a program is set aside from other programs in a separate environment so that if errors or security issues occur, those issues will not spread to other areas on the computer. Programs are enabled in their own sequestered area, where they can be worked on without posing any threat to other programs. ~ Techopedia

If you’d like to read what Microsoft has to say about all this, then please read this article on the Microsoft Secure Blog.


How To Enable/Disable Defender In A Sandbox

You can run either the Command Prompt or the Power Shell to accomplish this task. The import thing is that, whichever one you choose, it must be run with Administrator Privileges. If you don’t, it won’t work, period.

  1. Use the Windows Key + X shortcut to open the WinX Menu.
  2. Choose the (Admin) option for either the Command Prompt or the PowerShell, whichever one is shown in your menu

Enable it

Type setx /M MP_FORCE_USE_SANDBOX 1 and hit Enter (that’s a one) and re-boot

Disable it

Type setx /M MP_FORCE_USE_SANDBOX 0 and hit Enter (that’s a zero) and re-boot

That’s all there is to it. Let me know if something breaks and what it was. Thanks!

As always, if you have any helpful suggestions, comments or questions, please share them with us,


Richard

About the Author

Richard Pedersen

Richard received his first computer, a C-64, in 1982 as a gift and began dabbling in BASIC. He was hooked! His love for computing has led him from the old “XT” boxes to the more modern fare and from clunky 10MB hard drives to smooth and fast modern day SSD drives. He has run BBS services, Fido mail, and even operated his own computer repair business.

12 Comments

  1. I’m familiar with and an active user of Sandboxie. Been using it for many, many years and think it’s a spectacular piece of security software. It’s never failed me.

    But I don’t understand how a sandboxed Windows Defender works. What is sandboxed and what isn’t? Do you have more details?

  2. I’m just curious as to why it’s running sandboxed. Is that to keep it safe or, is that so we can’t see the flaws that still exist in Defender?

    • Hi Norbert,

      Not seeing the flaws might be an interesting idea, but that’s not the goal. Anything that runs in a “sandbox” protects the system. It remains isolated.
      That means the bad guys can’t get at it to do their mischief,
      Richard

  3. Interesting article. This past week or so, I latched onto a link to Windows Defender Advanced Threat Protection. I realize that most of it applies to a large network, but some things I found seem to be no-brainers. Using the Power Shell (admin), Defender can be set to block PUPs, for example. Using Get-MpPreference shows a list of settings available. I’m using Windows 10 Pro and there is an alternate way to change Defender settings using Group Policy.
    I may be playing with fire here, but going to the Windows Defender Testground website at demo.wd.microsoft.com lets me test settings to see how they work. So far I’ve not noticed any problems. Perhaps you could explain how or whether to make some changes to Defender? At any rate, I look forward to your Tips articles. Thanks.
    Mark H.

    • Hi Mark,

      The answer is simple– leaving Windows Defender alone is the safest choice. It has proven itself over the years to be a reasonable antivirus/firewall. Of course, you can always play with it providing you have proper backups to protect yourself from that neverending tickle to tinker.

      Thank you for your kind words,
      Richard

  4. This is a good tip Richard Pedersen but…after the mess Microsoft created with the October Win 10 update (yes I have Win 10 Pro and have stopped auto updates) I am unable to do a daily update of Defender. After two weeks of waiting I am going to have to deactivate Defender and get a third party antivirus product even though I have Malwarebytes. Unless of course you have a hack to bypass the standard update model and do it another way…

    • Hi Gary,
      Indeed, the MS 1809 update is a fiasco– hands down. I have stopped believing in MS updates as a trusted source. That is a sad state of affairs. This does not mean that you can trust the likes of MBAM to protect your system– this utility was never meant to replace a true antivirus/firewall solution. It is, however, a great addition as another layer of protection against the bad guys.

      Despite the recent 1809 troubles, I still believe in Defender’s ability to protect your computer, “sandboxed” or otherwise.

      A third-party AV product will not “fix” anything. If nothing else, it may only complicate matters. My advice? Avoid the recent 1809 update, but continue to keep the Defender distribution up to date.

      This is what I have done up to now,
      Richard

    • Gary. Malwarebytes never stated it was for anti-virus or firewall protection. As Richard pointed out, it just provides an extra layer of protection. IMHO (and from I read), the more layers of protection, the safer you are. And the more you load down your system, the longer the boot time, so it’s a give and take situation, Mindblower!

Leave a Reply

Your email address will not be published. Required fields are marked *