[Windows 10 Tip] Enable Sandbox Protection in Windows Defender
If you are using Windows 10 operating system and you use the built-in and default antivirus and antimalware program “Windows Defender” to protect your computer from virus and other malicious activities, here is a useful tip for you to improve Windows Defender protection.
With the help of this tip, you can enable Sandbox protection for Windows Defender. Once you activate the sandbox protection feature, Windows Defender will start running in sandbox mode to improve your computer safety and security.
What is Sandbox Protection Feature and What does it do in Windows Defender?
Advertisement
According to Microsoft, If you enable sandbox protection, Windows Defender will run within a sandbox so that if your machine is compromised in future, malicious actions will be limited to the isolated environment, protecting the rest of the system from harm.
Sandbox mode works like an app container. Once the sandboxing is enabled, you will see a content process MsMpEngCP.exe running alongside with the Windows Defender’s antimalware service MsMpEng.exe in Task Manager (press Ctrl+Shift+Esc).
The content process runs with low privileges and aggressively leverages all available mitigation policies to reduce the attack surface. It enables and prevents runtime changes for modern exploit mitigation techniques such as Data Execution Prevention (DEP), Address space layout randomization (ASLR) and Control Flow Guard (CFG). It also disables Win32K system calls and all extensibility points, as well as enforces that only signed and trusted code is loaded.
How to Activate and Enable Sandbox Protection in Windows Defender?
First thing to note that Sandbox protection for Windows Defender can be activated in Windows 10 version 1703 and later. Check out this article to learn more about Windows 10 versions.
Second thing, the sandbox protection is not enabled by default and you’ll need to activate it manually.
You can follow different methods to enable sandbox protection for Windows Defender.
Advertisement
Following are some methods to enable and activate sandbox protection feature in Windows Defender:
Table of Contents
METHOD 1: Using PowerShell or Command Prompt
1. Open PowerShell as Administrator or Command Prompt as Administrator.
2. Now type following command and press Enter:
setx /M MP_FORCE_USE_SANDBOX 1
Here “setx /M” command adds “MP_FORCE_USE_SANDBOX” environment variable with the value of “1” for all users in Windows.
You’ll get “SUCCESS: Specified value was saved” message as result.
Restart your computer to take effects. Now sandbox protection will be enabled for Windows Defender.
PS: In future, if you want to disable sandbox protection in Windows Defender, run following command:
setx /M MP_FORCE_USE_SANDBOX 0
Restart your machine to take effects.
METHOD 2: Using Registry Editor
1. Press “WIN+R” key combination to launch RUN dialog box then type regedit and press Enter. It’ll open Registry Editor.
2. Now go to following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
3. In right-side pane, create a new String with the name MP_FORCE_USE_SANDBOX
To enable sandbox protection, set its value to 1
To disable sandbox protection, set its value to 0
Restart your computer to take effects.
METHOD 3: Using Environment Variables in System Properties
1. Press “WIN+R” key combination to launch RUN dialog box then type following and press Enter:
control sysdm.cpl,system,3
It’ll open classic system properties window.
2. Now click on Environment Variables button.
3. Under “System variables” section, click on “New” button.
4. Enter MP_FORCE_USE_SANDBOX in variable name field and 1 in variable value field.
Restart your computer to take effects. It’ll enable sandbox protection in Windows Defender.
PS: To disable sandbox protection, select MP_FORCE_USE_SANDBOX from the list and click on Delete button. Restart your computer to take effects.
Also Check:
[Windows 10 Tip] Enable “Controlled Folder Access” Protection in Windows Defender
Thanks a lot!
Why?
No one is using this form of attack against Windows Defender at present, so it’s entirely unnecessary and pointless.
Wait until Microsoft itself turns this setting on either due to actual attacks or when they are certain that there are no undesirable side effects.
That’s the only reason this setting is available, in order to allow security researchers or other technically capable people to test this new, relatively untested feature. Not typical consumers.