Being an antivirus, Windows Defender needs to run with the highest privileges to scan, detect, and remove any and all infections. Windows Defender has its own user account in Windows operating system. Since Windows Defender runs with the highest possible permissions, some clever attacker can craft malware that can compromise Windows Defender and infect the system. As Windows Defender has the highest privileges, the attack surface would be bigger and worse. By running Windows Defender in a sandbox, even if the Windows Defender is compromised or has a bug in it, the malware couldn’t affect the system. It stays within the sandbox. This article explains how you can enable Windows Defender Sandbox in Windows 11/10.
As per Microsoft, the Windows Defender secure sandbox feature is implemented without any performance drop or loss. Windows Defender can protect itself from attacks with its own sandbox. Windows Defender can run in a sandbox providing you with better security and reliability. In fact, Windows Defender is the first antivirus to run in a sand-boxed environment. However, kindly note that you have to manually enable the Windows Defender sandbox feature.
Enable Windows Defender Sandbox in Windows 11/10
- Search for Command Prompt on your system.
- From results, select Command Prompt and select the Run as administrator option.
- In the Command Prompt, copy and paste the below command and press Enter key.
setx /M MP_FORCE_USE_SANDBOX 1
As soon as you execute the command, Windows will make the necessary changes. Once this is successful, you will see the ‘SUCCESS: Specified value was saved’ message.
Verify if Windows Defender is running in Sandbox mode
In order to verify if the Windows Defender is running in a sandbox, you can use Process Explorer, a portable application from Microsoft.
Simply download Process Explorer (from https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer) and open it.
Take a look at the process list you should see MsMpEngCP.exe running alongside the MsMpEng.exe antimalware service process.
If this is happening, Windows Defender is running in Sandbox mode.
Disable Windows Defender Sandbox in Windows 11/10
In order to disable Windows Defender sandbox, you have to do is execute the below command:
setx /M MP_FORCE_USE_SANDBOX 0
Make sure to restart your system.
After this Windows Defender Sandbox should be disabled and you can again verify this with Process Explorer.