What is Sandbox Protection Feature and should I use it in Windows Defender?

April 29, 2019 |

greater than 3 minutes

Recently, Microsoft introduced a new feature called Sandbox Protection to enhance the level of security provided by the built-in antivirus and antimalware security solution, Windows Defender. In today’s post, we talk about how to activate sandbox protection in Windows Defender and whether you should use it.

According to Microsoft, this new functionality came as a result of feedback from researchers who identified certain cracks in Windows Defender that could make it vulnerable to attacks. And considering that Windows Defender runs with high privileges, this puts it in a coveted position for an exploit to take full control of the Windows system.

What Does Sandbox Protection Feature Do in Windows Defender?

This new milestone makes Windows Defender the first security software capable of running in an isolated environment. By developing Windows Defender to run in a sandbox, Microsoft creates a dome, in which an attack is secluded in an environment where it’s impossible to get out of.

Unless the invader can find security holes to escape the sandbox, which is almost impossible, your system remains safe from the threats. In turn, this prevents malicious items from affecting the rest of the system.

Sandboxing adds another layer of protection to the already improved Windows security software, Windows Defender. When you enable sandboxing in Windows 10, you’ll see a content process called MsMpEngCP.exe running alongside the antimalware service MsMpEng.exe in Task Manager.

According to Microsoft, the content processes run with low privileges while aggressively leveraging all available mitigation policies. As a result, this reduces the attack surface. These policies are designed to reduce the risk of a system compromise, with the giant tech company promising to introduce even more advanced techniques in the future.

The Sandbox Protection feature isn’t enabled by default, but this tutorial offers a step-by-step guide to enable it.

How to Enable Sandbox Protection in Windows 10

This security buffer feature is available to users running Windows 10 version 1703 or later. Enabling and activating the sandbox protection can be done using one of the several methods outlined below.

Using Command Prompt or PowerShell

  1. Press the Windows Key and type command prompt or PowerShell. Right-click the top result and select “Run as administrator”.
  2. Type this command: setx /M MP_FORCE_USE_SANDBOX 1, and hit “Enter”.
  3. Reboot your machine.

That should enable and activate the sandbox feature for Windows Defender on your Windows 10 device. To disable this feature, repeat the same process as above but replace the “1” with “0”, and press “Enter”. Reboot the machine to effect this change.

Using Registry Editor

  1. Press the Windows Key+R, and type regedit in the “Run” dialog box.
  2. Press “Enter” or click “OK” to launch Registry Editor.
  3. Click “Yes” to gain access to Registry Editor.
  4. Follow this path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment.
  5. In the right pane, right-click an empty space and select New > String Value. Name the String MP_FORCE_USE_SANDBOX.
  6. Double-click the new String and set its “Value data:” as “1”.
  7. Restart your computer to effect these changes.

Using Environment Variables in System Properties

  1. Press the Windows Key+R simultaneously on your keyboard, and type; control sysdm.cpl,system,3.
  2. Press “Enter” or click “OK” to open the “System Properties” window.
  3. Select the “Environment Variables” button located at the bottom of the window.
  4. Move to the “System variables” section and select the “New” button.
  5. In the “Variable name” input field, enter MP_FORCE_USE_SANDBOX.
  6. In the “Variable value” input field, enter 1.
  7. Click “OK”.
  8. Restart your PC for these changes to be implemented.

This action enables sandbox protection in Windows Defender.

To disable sandboxing in Windows 10:

  1. Follow steps 1 to 3 above.
  2. Locate MP_FORCE_USE_SANDBOX and right-click it.
  3. Click the “Delete” button.

This removes sandbox protection from Windows Defender.

There you have it. And as you can tell, sandbox protection is an important security feature that you should use to protect your system from current and future malware attacks.

Optimize Your PC’s Performance

Implementing new technology can affect your PC’s performance because it means more resources will be used to run new processes. Ultimately, a slow PC will affect your work and this can lead to frustration.

Luckily, Auslogics BoostSpeed is an astounding program that will tune up your PC by removing junk files, optimize your internet settings for faster browsing and downloads, and protect your privacy by shredding files.

Auslogics BoostSpeed comes with 18 advanced features that address all sections of your PC to ensure that they work seamlessly. Other modules that you can get from this intuitive utility suite include Registry Editor, Disk Cleaner, Disk Defrag, Startup Manager, Disk Doctor, and Task Manager.

If you want a fast and responsive computer that acts like a new one, install Auslogics BoostSpeed, the smart optimization tool.


Share it:
Do you like this post?
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)