Thursday, February 27, 2025
HomeComputer SecurityWindows Defender Antivirus Now Run Within a Sandbox To Isolate the Advanced...

Windows Defender Antivirus Now Run Within a Sandbox To Isolate the Advanced Threats

Published on

SIEM as a Service

Follow Us on Google News

Microsoft has moved ahead into a new milestone for its Windows Defender Antivirus and now it is running within Sandbox environment in order to isolate the malicious actions to protect the system.

Microsoft offers Windows Defender as an inbuilt Antivirus for Windows users to protect various cyber threat and protect from critical cyber attacks.

This new future offered by the result of analyzing it from the various security industry and the research community by running Windows Defender Antivirus in a restrictive process execution environment.

Microsoft believes that it was the right investment and the next step in our innovation journey and requested users to test this future and provide the feed to finetune this future and functionality.

Windows Defender Antivirus Sandbox Future 

Inbuilt Windows Defender Antivirus always running within the operating system within high privilege environment that contains so many risks from emerging threats.

Previously known attacks are continuously targeting Windows Defender Antivirus and windows security research team immediately fix it and always hardening windows along with general attacks.

Running Windows Defender Antivirus in Sandbox allow let sophisticated malware and other malicious actions are running in an isolated environment.

This protection ensures the high security for the windows users and this is part of Microsoft’s continued investment to stay ahead of attackers through security innovations.

Sandbox Implementation

First Major effort of this future is layering Windows Defender Antivirus’s inspection capabilities that provides a complete privilege and every testing components must run under the sandbox environment.

Microsoft says The goal for the sandboxed components was to ensure that they encompassed the highest risk functionality like scanning untrusted input, expanding containers, and so on.

In order to focus on the performance issue since the antivirus products need to take a lot of processes to inspect file operations and processing and aggregating or matching large numbers of runtime events.

“To balance this process, In this Sandbox future minimize the number of interactions between the sandbox and the privileged process, and at the same time, only perform these interactions in key moments where their cost would not be significant, for example, when IO is being performed.”

Files will be running in a Sandbox environment in read-only at runtime since there are some potential risk involved at runtime cost of passing data/content between the processes also to avoid duplication and preserve strong security guarantee.

Enable sandboxing for Windows Defender Antivirus Users can also force the sandboxing implementation to be enabled by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine. This is currently supported on Windows 10, version 1703 or later.

Also Reaa

New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software

Hackers Spreading New Malware with Powerful Obfuscation Technique to Bypass Antivirus Software

Malicious Payload Evasion Techniques to Bypass Antivirus with Advanced Exploitation Frameworks

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Silver Fox APT Hackers Target Healthcare Services to Steal Sensitive Data

A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver...

Ghostwriter Malware Targets Government Organizations with Weaponized XLS File

A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group...

LCRYX Ransomware Attacks Windows Machines by Blocking Registry Editor and Task Manager

The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its...

Threat Actors Using Ephemeral Port 60102 for Covert Malware Communications

Recent cybersecurity investigations have uncovered a sophisticated technique employed by threat actors to evade...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Silver Fox APT Hackers Target Healthcare Services to Steal Sensitive Data

A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver...

Ghostwriter Malware Targets Government Organizations with Weaponized XLS File

A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group...

LCRYX Ransomware Attacks Windows Machines by Blocking Registry Editor and Task Manager

The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its...