Windows Defender Becomes First Antivirus To Run Inside a Sandbox

An anonymous reader writes: Windows Defender is the first antivirus to gain the ability to run inside a sandbox environment, Microsoft said in an announcement. In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources. The idea is to prevent bugs and exploit code from spreading from one process to another, or to the underlying OS.

"We're in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation," Microsoft said in a celebratory blog post. Users who can't wait until Microsoft finishes testing the feature can also enable it right now. Support for Windows Defender running inside a sandbox environment has been silently added since Windows 10 version 1703. To enable it right now, Windows 10 users can follow these steps.

Re:I must be missing something

[E-Rock]

The AV product has to open and test the file. This can be a way for malware to hijack the AV product itself. By running that test in a sandbox, the malware has another hurdle (escaping the sandbox) before it can do anything.

It is SELinux for Windows 10

[what+about]

Basically the idea is to do what SELinux does, given to a process the least permissions.

It is useful, the only drawback I can think of is that everything gets so locked down that if anything goes wrong in the "security" mechanism you are basically locked out and cannot retrieve anything.