Windows' built-in antivirus tool can run in a secure sandbox
Antivirus programs, by their nature, introduce a degree of risk. Since they have to scan malicious data to stop attacks (and thus need extensive permissions), a piece of malware that exploits antivirus flaws can typically run with impunity. That could be much more difficult if you're using Windows 10's built-in safeguards, though. Microsoft is gradually rolling out a Windows Insider preview where Defender Antivirus has the option of running in a sandbox - the first "complete" solution to do this, the company said. Should the worst happen and malware targets Defender Antivirus, any hostile actions will be limited to the antivirus tool's environment instead of running amok on your PC.
The sandboxing required a number of fundamental changes. Microsoft could no longer assume that Defender Antivirus had full system access, and minimized IO to avoid leaving the sandbox whenever possible. Most protection info is stored in memory-mapped files that are read-only on launch, and the actual content processes have very limited access.It's not certain when Defender Antivirus might become widely available. You can safely presume that many people will be watching this test release closely, though. Provided it works as expected, it would offer Windows users a safety net that would work even when malware creators try to undermine Defender Antivirus itself. While it wouldn't be a guarantee of security, it could offer some extra peace of mind.
Original Date: 10-27-18
Written By: Jon Fingas