How to Enable Windows Defender Sandbox in Windows 10

Windows Defender can protect itself from attacks with its own sandbox. Here’re the steps to enable Windows Defender sandbox in Windows 10.

Windows Defender can now run in a sandbox providing you with better security and reliability. In fact, Windows Defender is the first antivirus to run in a sandboxed environment. However, you have to manually enable the Windows Defender sandbox feature.

Steps to Enable Windows Defender Sandbox in Windows 10

These are the steps to turn on Windows Defender sandbox in Windows 10.

  1. Open the Start menu.
  2. Search for “cmd“.
  3. Right-click on “Command Prompt” and select the “Run as administrator” option.
  4. In the Command Prompt, copy and paste the below command and press “Enter“.
    setx /M MP_FORCE_USE_SANDBOX 1

As soon as you execute the command, Windows will make the necessary changes. If the process is a success you will see the “SUCCESS: Specified value was saved” message.

Windows defender sandbox command

Verify Windows Defender Sandbox Status

As the command prompt doesn’t give any sensible message to let you know if the Windows Defender is running in a sandbox, we are going to use Process Explorer, a portable application from Microsoft. You can think of Process Explorer as Task Manager on steroids.

Download Process Explorer and open it. Take a look at the process list you should see MsMpEngCP.exe running alongside the MsMpEng.exe antimalware service process.

Windows defender sandbox

Disable Defender Sandbox

As I said before, the Windows Defender secure sandbox is a new feature that is still in testing. So, if your system is behaving oddly after enabling the Secure Sandbox then you should probably disable it for the time being.

To disable Windows Defender sandbox, all you have to do is execute the below command and restart your system. In the command, all we did is replace 1 in the above command with 0.

setx /M MP_FORCE_USE_SANDBOX 0

Windows Defender Can Now Run In a Sandbox, But Why?

Being an antivirus, Windows Defender needs to run with the highest privileges to scan, detect, and remove any and all infections. Windows Defender has its own user account in Windows 10.

Given that Windows defender runs with the highest possible permissions, some clever attacker can craft malware that can compromise Windows Defender and infect the system. Since Windows Defender has the highest privileges, the attack surface would be bigger and worse.

By running Windows Defender in a sandbox, even if the Windows Defender is compromised or has a bug in it, the malware couldn’t affect the system. It stays within the sandbox. The best thing is, according to Microsoft, the Windows Defender secure sandbox feature is implemented without any performance drop or loss.

That is all. I hope that helps. If you are stuck or need some help, comment below and I will try to help as much as possible.

Leave a Comment

Scroll to Top