How to use the Windows Defender Sandbox Mode

Windows Defender has come a long way in recent years. Back in Windows 8 or even in the early days of Windows 10, I would never have suggested using it on a computer. Since some very recent updates, Windows Defender is now a viable security solution for home users. The new Sandbox Mode will run Windows Defender in an isolated process that will make it one of the most secure security solutions available.

So what’s all the fuss about?

One of the previous weaknesses of Windows Defender was that it required complete access to your computer to work. The program was then itself a weakness and susceptible to hacks. As the design of Windows Defender wasn’t the best, this made using it as the sole protector of your computer risky.

Here at Dave’s Computers in New Jersey, we always suggested running another antivirus program instead of Windows Defender as it just wasn’t up to the job. That is slowly changing as the product is steadily improved. We still suggest using something else for now, but the improvements are making Windows Defender better than ever.

How does Windows Defender Secure Sandbox change this?

Windows Defender Secure Sandbox is a genuine game changer. It will run scanning processes inside a sandbox of its own making. This means it will run in a completely different instance from the rest of your operating system. Windows Defender will still require full privileges over your computer to run effectively but every time it scans a file it will create a secure sandbox, scan the file and shut the sandbox down once finished.

If a hacker or malware gets the better of Windows Defender, it doesn’t matter because there is no access to the rest of your computer. Even though the scanning process itself may have been taken over, it doesn’t have access to anything else on your computer. That means it cannot spread, cannot copy or delete files or do any of the things malware is designed to do.

At the time of writing, no other home antivirus product offers a secure sandbox mode for the software itself. Some offer the ability to sandbox other processes but not its own process.

Enable Windows Defender Sandbox Mode

While the new feature may be present on your computer, it will likely not be activated. Microsoft were gradually rolling out the feature and watching carefully to make sure it worked properly before enabling it for everyone. You can manually enable the feature though.

Before you do, it might be worth taking a full system backup just in case. While the systems here at Dave’s Computers still work fine with the sandbox enabled, it isn’t guaranteed. Once you’re all back up, do this:

  1. Right click the Windows Start button and select Command Prompt (Admin).
  2. Type or paste ‘setx /M MP_FORCE_USE_SANDBOX 1’ and hit Enter.
  3. Reboot your computer.

You should not see anything happening or notice anything different as Windows Defender works behind the scenes. However, if you do start to see things go wrong with your system, you can turn it off again. Repeat the above steps but change Step 2 to end in ‘0’ rather than ‘1’ to disable.

If you have any issues with Windows Defender Sandbox Mode, bring your computer to the computer repair guys at Dave’s Computers in New Jersey. We can help with any computer or networking issue you may have!