What's new

Win 10 Defender _ sandbox

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The article didn't mention turning the sandbox off .

Run the command again replacing "1" with "0".

Code:
setx /M MP_FORCE_USE_SANDBOX 0
 
Really odd feelings here - for an AV to be effective, it really cannot be in a sandbox, lest it misses things that affect the WinNT kernel directly, or goes as Admin privs...

Only folks I would trust at that level, unfortunately, is Microsoft for Windows...
 
Really odd feelings here - for an AV to be effective, it really cannot be in a sandbox, lest it misses things that affect the WinNT kernel directly, or goes as Admin privs...

Only folks I would trust at that level, unfortunately, is Microsoft for Windows...

Err , it works, it is proven and it is Microsoft.

The processes are run at lowest privileges and prevent malware executing and compromising the system , the data stays within the sandbox.

https://www.microsoft.com/security/...-defender-antivirus-can-now-run-in-a-sandbox/

There are plenty of other write ups at Microsoft.

Tavis Ormandy described it as a game changer.

https://www.howtogeek.com/fyi/windo...-secure-sandbox-mode-heres-how-to-turn-it-on/
 
Really odd feelings here - for an AV to be effective, it really cannot be in a sandbox, lest it misses things that affect the WinNT kernel directly, or goes as Admin privs...

Only folks I would trust at that level, unfortunately, is Microsoft for Windows...

From what I understand, the antivirus is split in two. There's the part that accesses the system data to be analyzed (let's call it "the scanner process"), which then pass it along to an "analyzer process" that runs with low privileges, and which does the actual analyzing/unpacking/scanning task. So if an object passed to the analyzer tries to exploit a flaw in the engine (for example, if there was a flaw in the unzip engine), the only thing compromised then is that process that has no system privileges.
 
From what I understand, the antivirus is split in two. There's the part that accesses the system data to be analyzed (let's call it "the scanner process"), which then pass it along to an "analyzer process" that runs with low privileges, and which does the actual analyzing/unpacking/scanning task. So if an object passed to the analyzer tries to exploit a flaw in the engine (for example, if there was a flaw in the unzip engine), the only thing compromised then is that process that has no system privileges.

Yep - Defender is the only AV I would trust on Windows...
 
I installed it on a laptop and a desktop.

Any difference in the systems? Slowdowns or stalls? What kind of hardware specs on those?
 
I have noticed any difference yet but I have only used it for an hour or so. I installed it right after the Microsoft Win10 update tonight.

They are both Dell's with I7 CPUs.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top