Windows Defender Sandbox

oldschool · Jan 6, 2024

Why are so many posters not getting the difference between MS Defender Sandbox and Windows Sandbox? :think:

The former is a sandbox to protect MS Defender's processes. The latter is a simple sandboxing application to test applications and comparable to more feature-rich VMs. Windows Sandbox is enabled via GPO on Windows 10/11 Pro versions. A couple of members' posts reflect the correct understanding of the difference while the rest are sorely mistaken.

The reasons MS Defender Sandbox isn't enabled by default is a typical MS mystery, reflective of the many features it rolls out and then abandons. And MS's documentation is of course sketchy and often hard to find, leaving most users uncertain or completely in the dark. See my post #3 above.

Here is a 2018 post from MS. Good luck finding any more recent documentation.

Windows Defender Antivirus can now run in a sandbox | Microsoft Security Blog

Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox.

www.microsoft.com

Here's an August 2020 article questioning what happened to MS Defender's Sandbox by Joe Stocker is the CEO of Patriot Consulting, a Microsoft Partner specializing in Microsoft Cybersecurity:

What happened to Defender running in a Sandbox? MP_FORCE_USE_SANDBOX

A colleague asked me today “Does Microsoft Defender run itself in a sandbox by default, or does that need to be manually enabled?”He was referring to a breakthrough feature first announ…

thecloudtechnologist.com

ThrashZone · Jan 6, 2024

You answer your own question lol
Because ms abandons/ kills most items they create.

mecanicogolf · Jan 6, 2024

ThrashZone said:
Hi,
Well good why don't tell all how exactly you used it and what apps did you use it with.

Personally I've not and never will use it because it's unnecessary.
I turn off most of defender stuff and use just the firewalls.

Well, well. That don't help me

oldschool · Jan 6, 2024

mecanicogolf said:
I am opening this thread back up due to the fact that I have been using this feature and have not found any impact on my system what so ever.
Would like to know anyway if someone from this forum has found or knows anything else on this topic.

I just enabled it again after a long time without it. I restarted my machine and see its process running, using ~100MB RAM. Otherwise no performance impact and certainly no news about this feature from MS or anyone else for that matter.

ThrashZone · Jan 7, 2024

mecanicogolf said:
Well, well. That don't help me

Hi,
Not sure there is any help for you
You haven't even explained how "when I asked" and which apps you used the feature with

All you said was you haven't had any issues with the feature
That's not very informative or compelling to sway anyone to use the feature to.

mecanicogolf · Jan 7, 2024

ThrashZone said:
Hi,
Not sure there is any help for you
You haven't even explained how "when I asked" and which apps you used the feature with

All you said was you haven't had any issues with the feature
That's not very informative or compelling to sway anyone to use the feature to.

Probably because your question was not understood by me. And it still isn't.
What do you mean by what apps I use it with? Do you know what WD sandbox is?
This is a feature that MS started out turning on by default back in 2018 then some months later turned it off, I suppose due to it dragging some CPU'S to the ground and having performance issues.
So "when you asked" what apps I used it with is completely non-understandable. Windows Defender is not an app and the rest have nothing to do with it. It's a safety thing for this AV in case something attacks you and tries to get into your PC.
I am not asking for help, I'm asking for information about this feature.

ThrashZone · Jan 7, 2024

Well there's always the feedback hub for the lack of info on the web.

mecanicogolf · Jan 7, 2024

ThrashZone said:
Well there's always the feedback hub for the lack of info on the web.

I tried that. Nobody knows.

mecanicogolf · Jan 8, 2024

ThrashZone said:
Well there's always the feedback hub for the lack of info on the web.

Besides that, nobody ever answers the feedback hub. That's more for the MS techs for problems that they work on and your question never get answered. The best place is right here.

mecanicogolf · May 27, 2024

I finally found this site from MS:

Run Microsoft Defender Antivirus in a sandbox environment - Microsoft Defender for Endpoint

This article describes how to run Microsoft Defender Antivirus in a sandbox to further strengthen against tampering.

learn.microsoft.com

Read up and then decide for yourselves if you want to engage Defender Sandbox.

mecanicogolf · May 29, 2024

I have tried turning on Defender Sandbox on the new 24H2 Release Preview and it will not engage.

setx /M MP_FORCE_USE_SANDBOX 1 does nothing on this build. I checked the task manager and it doesn't show up. I will try Beta but I doubt it will work either.

NormanF · May 29, 2024

Its integrated into the new WDAC Lockdown.

http://www.wdaclockdown.com

mecanicogolf · May 29, 2024

Thanks! I'll give her a try and install it.

NormanF · Jun 3, 2024

If you really need to go to an untrusted site, install the SquareX extension/app.

Basically a sandbox in your Chrome-based browser.

Windows Defender Sandbox

Well-known member

My Computer

Minor Threat

My Computer

Well-known member

My Computer

Well-known member

My Computer

Minor Threat

My Computer

Well-known member

My Computer

Minor Threat

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Similar threads