Windows Defender is the antivirus of Microsoft that comes integrated by default in Windows 10 , in general it is a good product if given an opportunity, but that does not mean that it has been free of problems.

Several critical flaws in its protection engine have motivated Microsoft to find a solution that makes the antivirus more secure and just that is what they have done now that has a sandbox mode .

What is the sandbox mode

Windows Defender can now run in an isolated container, or how they explain it themselves ” in a restrictive process execution environment ” without affecting the level of security they already offer.

Windows Defender was designed to run with elevated privileges , but that design makes it an ideal candidate for attacks. Microsoft’s antivirus is good, but when the vulnerability is itself, as it has happened multiple times , it is evident that it needs to work in another way.

That way is the new sandbox mode, one that will isolate the Windows Defender processes from the rest of Windows, so that an attack to its antimalware protection engine does not leave the entire operating system exposed .

How to activate sandbox mode in Windows 10

Activate sandbox mode

The sandbox mode is available now for the Insiders whose preliminary versions of Windows 10 are starting to implement the function. However, the rest of users who have installed any version from 1703 in advance, can activate it from already following these instructions :

  • Right click on the start button
  • Select Windows PowerShell (Administrator)
  • Click on Yes in the pop-up window
  • In the terminal window write:


  • Press Enter and restart your computer

To verify that the sandbox mode is working you just have to open the Task Managerand look for ” MsMpEngCP.exe ” in the list of processes. Once sandboxing is enabled, you should see an MsMpEngCP.exe content process running in conjunction with the MsMpEng.exe antimalware service.