Windows Defender Antivirus can now run in a sandbox in Windows 10

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 7,089
    Windows 10 Pro 64 bit
       #10

    Good news but why isn't there an obvious option to turn on this worthwhile security option. Most users will be clueless the option exists.

    Is there a command to check what has been set and to turn off the Sandbox option?
      My Computers


  2. Posts : 56,064
    Multi-boot Windows 10/11 - RTM, RP, Beta, and Insider
       #11

    Steve C said:
    Good news but why isn't there an obvious option to turn on this worthwhile security option. Most users will be clueless the option exists.

    Is there a command to check what has been set and to turn off the Sandbox option?
    It's there, but not really there. Under the hood, the code is available to activate, but has not been generally publicly released. It's currently an Insider thing, with tight control. MS themselves say they are testing/moving cautiously due to performance impacts. Right now, just not enough empirical data to cut it loose on the public. So, no GUI or other setting to tell you if you are or not running it.

    From page one article:


    "How to enable sandboxing for Windows Defender Antivirus today

    We’re in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation.

    Users can also force the sandboxing implementation to be enabled by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine. This is currently supported on Windows 10, version 1703 or later."
      My Computers


  3. Posts : 29,075
    Windows 10 21H1 Build 19043.1023
       #12

    f14tomcat said:
    It's there, but not really there. Under the hood, the code is available to activate, but has not been generally publicly released. It's currently an Insider thing, with tight control. MS themselves say they are testing/moving cautiously due to performance impacts. Right now, just not enough empirical data to cut it loose on the public. So, no GUI or other setting to tell you if you are or not running it.

    From page one article:


    "How to enable sandboxing for Windows Defender Antivirus today

    We’re in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation.

    Users can also force the sandboxing implementation to be enabled by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine. This is currently supported on Windows 10, version 1703 or later."
    I just enabled it on both my Production and Insider partitions on this machine.
      My Computer


  4. Posts : 205
    Win 10
       #13

    What would be the command to disable it once you enable?

    setx /M MP_FORCE_USE_SANDBOX 0 ?
      My Computer


  5. Posts : 3,225
    Windows 10 Pro x64
       #14

    0 disables it
      My Computers


  6. Posts : 7,089
    Windows 10 Pro 64 bit
       #15

    Hemimax said:
    0 disables it
    I found 2 instances of MP_FORCE_USE_SANDBOX in the Registry so you can also set it there.
      My Computers


  7. Posts : 61,587
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #16

    Steve C said:
    I found 2 instances of MP_FORCE_USE_SANDBOX in the Registry so you can also set it there.
    Here's the registry value for this setting.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
    "MP_FORCE_USE_SANDBOX"="1"
      My Computers


  8. Posts : 512
    Windows 10 Version 1909 (Build 18363.815
       #17

    DS1267 said:
    I view through Task Manager > Details tab. Both are running regardless of which browser I have open. Both process show active even if no browser is open. The only way I was able to replicate was by trying to enable other than CMD Prompt.

    Wish I could help you more, hopefully someone else can lend better advise.


    Edit: If I view with Process Explorer - Sysinternals app it does not show. It is as you described if you run this app without admin privileges. Try to view by running Sysinteranls app with admin privileges, it should show correctly then.
    Thanks, DS - it's showing for me in Task Manager > Details tab, just as you suggested. Appreciate the input.
      My Computer


  9. Posts : 29,075
    Windows 10 21H1 Build 19043.1023
       #18

    JohnBurns said:
    I don't seem to see a content process MsMpEngCP.exe running alongside with the antimalware service MsMpEng.exe, after enabling - anyone else checked this?
    I have both under Details, John.
      My Computer


  10. Posts : 512
    Windows 10 Version 1909 (Build 18363.815
       #19

    Wynona said:
    I have both under Details, John.
    Thanks for reply, Wynona - so do I - see post #17 - got it now.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:48.
Find Us




Windows 10 Forums