AskVG

[Windows 10 Tip] Enable Sandbox Protection in Windows Defender

- Last updated on by

If you are using Windows 10 operating system and you use the built-in and default antivirus and antimalware program “Windows Defender” to protect your computer from virus and other malicious activities, here is a useful tip for you to improve Windows Defender protection.

With the help of this tip, you can enable Sandbox protection for Windows Defender. Once you activate the sandbox protection feature, Windows Defender will start running in sandbox mode to improve your computer safety and security.

What is Sandbox Protection Feature and What does it do in Windows Defender?

Advertisement

According to Microsoft, If you enable sandbox protection, Windows Defender will run within a sandbox so that if your machine is compromised in future, malicious actions will be limited to the isolated environment, protecting the rest of the system from harm.

Sandbox mode works like an app container. Once the sandboxing is enabled, you will see a content process MsMpEngCP.exe running alongside with the Windows Defender’s antimalware service MsMpEng.exe in Task Manager (press Ctrl+Shift+Esc).

The content process runs with low privileges and aggressively leverages all available mitigation policies to reduce the attack surface. It enables and prevents runtime changes for modern exploit mitigation techniques such as Data Execution Prevention (DEP), Address space layout randomization (ASLR) and Control Flow Guard (CFG). It also disables Win32K system calls and all extensibility points, as well as enforces that only signed and trusted code is loaded.

How to Activate and Enable Sandbox Protection in Windows Defender?

First thing to note that Sandbox protection for Windows Defender can be activated in Windows 10 version 1703 and later. Check out this article to learn more about Windows 10 versions.

Second thing, the sandbox protection is not enabled by default and you’ll need to activate it manually.

You can follow different methods to enable sandbox protection for Windows Defender.

Advertisement

Following are some methods to enable and activate sandbox protection feature in Windows Defender:

METHOD 1: Using PowerShell or Command Prompt

1. Open PowerShell as Administrator or Command Prompt as Administrator.

2. Now type following command and press Enter:

setx /M MP_FORCE_USE_SANDBOX 1

Here “setx /M” command adds “MP_FORCE_USE_SANDBOX” environment variable with the value of “1” for all users in Windows.

You’ll get “SUCCESS: Specified value was saved” message as result.

Enable_Sandbox_Protection_Windows_Defender_Command_Prompt.png

Restart your computer to take effects. Now sandbox protection will be enabled for Windows Defender.

PS: In future, if you want to disable sandbox protection in Windows Defender, run following command:

setx /M MP_FORCE_USE_SANDBOX 0

Restart your machine to take effects.

METHOD 2: Using Registry Editor

1. Press “WIN+R” key combination to launch RUN dialog box then type regedit and press Enter. It’ll open Registry Editor.

2. Now go to following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

3. In right-side pane, create a new String with the name MP_FORCE_USE_SANDBOX

To enable sandbox protection, set its value to 1

Enable_Sandbox_Protection_Windows_Defender_Registry_Editor.png

To disable sandbox protection, set its value to 0

Restart your computer to take effects.

METHOD 3: Using Environment Variables in System Properties

1. Press “WIN+R” key combination to launch RUN dialog box then type following and press Enter:

control sysdm.cpl,system,3

It’ll open classic system properties window.

2. Now click on Environment Variables button.

3. Under “System variables” section, click on “New” button.

4. Enter MP_FORCE_USE_SANDBOX in variable name field and 1 in variable value field.

Enable_Sandbox_Protection_Windows_Defender_Environment_Variables.png

Restart your computer to take effects. It’ll enable sandbox protection in Windows Defender.

PS: To disable sandbox protection, select MP_FORCE_USE_SANDBOX from the list and click on Delete button. Restart your computer to take effects.

Also Check:

[Windows 10 Tip] Enable “Controlled Folder Access” Protection in Windows Defender

[Tip] How to Enable and Use “Windows Sandbox” in Windows 10

Published in: Windows 10

About the author: Vishal Gupta (also known as VG) has been awarded with Microsoft MVP (Most Valuable Professional) award. He holds Masters degree in Computer Applications (MCA). He has written several tech articles for popular newspapers and magazines and has also appeared in tech shows on various TV channels.

You are here: Home » Windows 10 » [Windows 10 Tip] Enable Sandbox Protection in Windows Defender

Comments

NOTE: Older comments have been removed to reduce database overhead.

  2. Why?

    No one is using this form of attack against Windows Defender at present, so it’s entirely unnecessary and pointless.

    Wait until Microsoft itself turns this setting on either due to actual attacks or when they are certain that there are no undesirable side effects.

    That’s the only reason this setting is available, in order to allow security researchers or other technically capable people to test this new, relatively untested feature. Not typical consumers.

Leave a Comment

Your email address will not be published. Required fields are marked *

NOTE: Your comment may not appear immediately. It'll become visible once we approve it.