The Windows Defender Antivirus Sandbox in Windows 10

[harlan4096]

Microsoft implemented new functionality in Windows Defender Antivirus for Windows 10 recently that makes the antivirus solution run in a sandbox on the system.

The feature, which is available in Windows 10 version 1703 and newer, needs to be enabled for the time being as it is not active by default currently.

Microsoft hopes that Windows Defender Antivirus' new restrictive process execution environment helps protect the application against attacks that are targeted directly at it. Antivirus solutions often need to run with high privileges to protect the entire system against malicious attacks; the need to run with high privileges make antivirus programs high profile targets, especially if they are used widely.

Microsoft stated that it is unaware of  targeted attacks "in-the-wild" against Windows Defender Antivirus but that security researchers identified ways to attack Windows Defender Antivirus successfully in the past.

A sandboxed environment adds another layer of protection to the antivirus solution. Malware that aims to exploit Windows Defender Antivirus successfully would have to exploit a vulnerability in the application itself and find a way to break out of the sandboxed environment that Microsoft created for the security software.

Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm.

Full reading: https://www.ghacks.net/2018/10/29/the-wi...indows-10/