Windows Defender Becomes First Antivirus To Run Inside a Sandbox

An anonymous reader writes: Windows Defender is the first antivirus to gain the ability to run inside a sandbox environment, Microsoft said in an announcement. In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources. The idea is to prevent bugs and exploit code from spreading from one process to another, or to the underlying OS.

"We're in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation," Microsoft said in a celebratory blog post. Users who can't wait until Microsoft finishes testing the feature can also enable it right now. Support for Windows Defender running inside a sandbox environment has been silently added since Windows 10 version 1703. To enable it right now, Windows 10 users can follow these steps.

Re:It's not really a Sandbox

[beuges]

You clearly don't understand how the sandbox concept works.

The part outside the sandbox, which does have SYSTEM privileges, no longer examines the contents of the file for malware. It passes it to the part inside the sandbox, which scans the content for malware. If the malware triggers an error in the scanning engine, it cannot be exploited because the scanning engine is in a sandbox and is running with reduced privileges, compared to previously when there was no sandbox and the scanning engine ran as SYSTEM as well.