Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Re: performance issues: on page 5 of the pdf-- improvements made in this cycle, quote:

• Improved whitelisting capabilities to save time on scanning known good files
• Built an internal testing system that includes performance gates to identify inefficient operations (from a performance standpoint) and a workflow for remediation

Definitely, some welcome news, esp. the first. Hopefully, these apply to Home version also.

 

I dont know if it is placebo but I feel that applications launch faster if Windows Defender is running sandboxed and I noticed a considerable reduction in CPU usage too ( Windows 10 x64 build 1903).

 

1903 here, using the sandbox and Windows is blazing fast. RAM usage for the container process is regularly more than the antimalware service, but CPU is very low for both.

 

Years later they finally realized they should optimize WD performances. Better late than never.

 

Great to hear that, it seems that the sandbox offers more than security; the performance gains are tangibles in my machine, it is running like ESET here (but faster on web browsing).

 

I installed 1903 and then like 2 days after, I was reminded to enable the Sandbox again (the transition nullified it). Then I forgot about it, things are running well on here after some initial hitches. Now, Nightwalker has again reminded--it really is "set and forget" with no impacts I can see.

 

Unfortunately the sandbox is still broken in German W10 -1903 Build18362.145 (Known issue)
But I don't feel any performance issue anyway.

 

I just updated to the 1903 Build and cannot enable WD sandbox with Windows Feature (Turn Windows features on or off.) It does not have an option like this site shows. I see there are other ways. But I was just wondering why the option isn't there. Thanks.

https://www.windowscentral.com/how-use-windows-sandbox-windows-10-may-2019-update

 

Holy crap, so glad I'm not using any real-time AV.

 

The Windows sandbox and Windows Defender sandbox are two completely different features. The former is enabled via "Turn Windows features on...) and the latter is enabled via powershell (admin) command.

 

I just discovered that my Win7 computer has Windows Defender on board, with the service disabled. I thought WinDef only applied to Windows 8 & 10. Evidently, I was wrong?

So I enabled the WinDef service & WinDef is now running. The only thing is, I cannot find any WinDef process listed on Process Explorer. The WinDef service is running & the WinDef GUI says WinDef is running but... NO WinDef process is listed on Process Explorer! What gives, I wonder?

 

Windows Defender on Windows 7 is a completely different animal that just happens to have the same name as their AV for Win8, 8.1 and 10.

It is an almost useless anti-spyware program. If you want MS AV for Win7 you will need to install Microsoft Security Essentials.

 

Also of note is that there are critical security mechanisms missing from MSE that exist for WD on Win 10: https://www.reddit.com/r/antivirus/comments/ar80wq/differences_between_microsoft_essentials_and/. Add to that additional security mitigations like ASR in Win 10 which interface with WD.

Time to "give up the Win 7 ghost" and upgrade to Win 10.

 

... when it snows in Waikiki, I will give your suggestion serious consideration.

 

You have to go to Portlock. Lot's of snow there.

Through either Powershell, Security Policy Editor or interface, I have enabled in Win 10 v1903 (clean install):

Scan email
Sandbox
Network Exploit Guard protection
Check for definitions every 1 hr.
Antivirus high scanning level
Tamper Protection
Ransomware
PUP Protection

Works fine with MBAM Premium and no visible impact on the system performance.

Robert

 

Pity it is only available for the Pro version, but it is not worth the upgrade price...

 

Not true. See here.

https://www.ghacks.net/2019/04/26/install-the-windows-sandbox-in-windows-10-home/

Robert

 

I guess he was talking about the Windows Defender sandboxed:

https://www.microsoft.com/security/...-defender-antivirus-can-now-run-in-a-sandbox/

 

You sure it does not run in Win 10 Home? Just have to have version 1703 or higher. Running Pro so I can not test.

Everywhere I have read just says, "Sandboxing is not enabled by default at the time of writing. It is available, however, on all devices running Windows 10 version 1703 or higher."

I could be mistaken however.

Robert

 

I've made Windows Defender run in its sandbox off and on since 1803. It's a simple script via Command Prompt. I have Windows 10 Home.

Spoiler: wdsdbx

Now as for a system-wide sandbox, that's in Pro and Enterprise versions as of 1903. BUT, like with gpedit.msc, there is talk of enabling it for Home. You can search for it. Not going that route though, not now. Sandboxie suits me better at the moment.

 

Here is what you need to do to enable Windows Defender Antivirus sandboxing right now:

1. Open the Start menu.
2. Type powershell.exe to display PowerShell as one of the results.
3. Right-click on the result and select "run as administrator" or hold down the Shift-key and the Ctrl-key before you select the result. Both options execute PowerShell with elevated rights.
4. Confirm the UAC prompt that may be displayed.
5. Run setx /M MP_FORCE_USE_SANDBOX 1.
6. Restart Windows.

https://www.ghacks.net/2018/10/29/the-windows-defender-antivirus-sandbox-in-windows-10/

Robert

 

See above. (#2267) That's for Windows Sandbox not Defender Sandbox on Win 10 Home version. So, bottom line is that both of the Sandbox's can run in the Home version.

Robert

 

This is the Windows Defender thread and I was talking about its sandbox, which must be enabled via Powershell and will run in 1803+, any edition. They may or may not enable by default in future versions. Very easy to do. If @Bertazzone can do it, anyone can do it!

The new Windows Sandbox feature just rolled out is a separate, different feature and works in Pro+ editions if your hardware meets the requirements.

 

Again, not true. Windows Sandbox can be installed in Win 10 Home.

But, you are correct, as this thread is about Windows Defender Anitvirus.

No more from me except about WD,
Robert

 

If you want to use this feature, which is equivalent to running a virtual machine, you need to enable virtualization in your BIOS.