Windows Defender Gets 'Sandbox' Protection

John Lister's picture

Microsoft is beefing up Windows Defender, the built-in antivirus and antimalware security tool in Windows 10. It's now using the same sandbox technology that's used in other tools, including some major web browsers.

The concept of a sandbox is taken from the child's play area of the same name. It's a metaphor about the way the child has an area to play in freely and do what they like, but also has clearly defined boundaries. Fortunately, computer code tends to follow instructions better than a child told to stay in the sandbox.

In computing terms, the sandbox is a concept about access that software has to files, memory and other resources of the operating system. Running something in a sandbox means the relevant code is isolated from the rest of the computer.

Sandbox Isolates Code On PC

Sandboxing was originally used mainly in software testing. By running a new program or update in a sandboxed mode, developers could test the software on a real machine and operating system to see if it worked, but prevent it from causing any changes or problems with other software.

Today it's also used as a security feature. For example, browsers such as Google's Chrome run each individual tab in its own 'sandbox'. The idea is that if the user visits a compromised web page, the page isn't able to access personal data on the computer, or to access or change data that's being transferred between the computer and another website in a separate tab.

Security Tools Could Be Security Risks

Windows Defender will now run in a sandboxed mode, which eliminates a risk that may be small but has serious potential consequences. By definition, security software that scans a computer needs to have access to every file on the machine so that it can check its contents, spot any risks, and even block or isolate it. Some security software also accesses any data sent to or from the Internet in real time. (Source:

If a security tool such as Windows Defender was ever compromised, the attackers could then abuse this access and effectively have complete access and some control over a computer. While Microsoft says its never seen evidence of this happening, it has spotted and fixed some bugs with Windows Defender that could theoretically have been exploited. The sandboxing is thus acting like a backstop. (Source:

What's Your Opinion?

Do you rely on Windows Defender or use other security tools? Have you previously considered the risks of security software being compromised? Does the sandboxing make you feel more comfortable or is there a risk it reduces the pressure on Microsoft to spot any bugs in Windows Defender?

Rate this article: 
Average: 5 (6 votes)


jamies's picture

Confused MS myself has/is!

So the AV will run in a sandbox
Sandboxes are usually implying that what is in the sandbox cannot access anything outside it's boundaries -
as in more of a wire reinforced glass tank for a fire-ant colony, than a kiddies spread the contents all around (kitty's) sandbox.

Sandbox does not imply that what is in the box cannot be effected by what is not in the box

Defender will NOT be allowed to read files that are not in the sandbox?
Defender will NOT be allowed to move files that are not in the sandbox to quarantine?
Defender will NOT be allowed to stop files that are not in the sandbox doing things to other files or the system, or even itself?

Seems to me that MS have determined that it is not safe for users to allow Defender to run under their Windows OS

Maybe their next Design Feature will be, for the security of users, to constrain Windows activities within a sandbox.

Ah! I believe I already have that feature within my 64 bit windows 10 Pro OS installation -
All I need is another ($200?) licence to run a subsidiary instance of Windows within the VM that I could setup if...
I bought more memory, errrrrrrrrrr, nope - seems that I also need a CPU that has the requisite capabilities of running a VM.

Yes - I'll just buy a nice Surface Pro system - only another $600, and then I can get additional copies of the software that is only licenced for use on the current system - maybe another $1000 in all.

Maybe I'll just carry on using the windows 10 that MS assured Us all was created using their newly adopted secure software concept.

Or -

Those new Apple systems look nice 2TB of SSD, many cored CPU, USB-c, 16GB Ram, and on a single charge of the (internal?) battery - watch video for 12 hours!

Or - I could dig out one of the old 1GB RAM systems and run Linux on it