Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Are there any known issues with WD sandbox on 1809? Any reason not to enable it? Thanks
     
    Last edited: Jun 2, 2019
  2. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Because it's for Windows Sandbox NOT Windows Defender Sandbox. Two different features. There is no Windows Defender Sandbox in the "Turn Windows features on or off." If you want to enable the Windows Defender sandbox feature, read and follow this article.

    https://www.ghacks.net/2018/10/29/the-windows-defender-antivirus-sandbox-in-windows-10/

    Robert
     
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Yes, I am on Win 10 v1903 on my Win Pro machine (Intel i7-4510U), and I don't see it either, so I assume virtualization is not enabled in the BIOS.

    Haven't pursued it further.

    Under Settings->Update & Security->Windows Security->Device Security I don't see Core Isolation either (as i do on my Win 10 Home (Intel i5-8250U) machine. Is that related?

    Apologies, just responding to a previous post, this seems to be off-topic to Windows Defender, and should probably be asked in a different thread? ... but there does seem to be some confusion about the different sandbox features in Win 10!
     
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Good question, maybe someone else knows the answer...
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Correct.
     
  6. MeAgain

    MeAgain Registered Member

    Joined:
    Sep 2, 2011
    Posts:
    66
    Thank you. I now see that the article I included reads "Windows Sandbox." lol I do see that Virtualization is enabled in the Task Manager Performance tab on my laptop. I guess the option to enable or disable it in Windows Feature is only available on the Windows Pro version? I obviously do see the MsMpEngCP.exe running. But I understand how to enable now through the article you included. Thanks again.
     
    Last edited: Jun 2, 2019
  7. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    You can't enable HARDWARE virtualization once Windows is already running. You need to do it from the BIOS (firmware) menu, before Windows launches. Where exactly it is in the menu depends on your BIOS. This is the same thing you would do if you wanted to run x64 virtual machines in VMWare or VirtualBox.
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Windows Defender is nervous about very new files, even signed files. So if you can push off a software update for a few days, and not be one of the early adopters, WD will usually have whitelisted it by then.
     
  9. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    There seems to be quite a lot of confusion about the various new features.

    If we refer to them as Windows Defender Antivirus Sandbox and Windows Sandbox, then maybe it will be easier for everybody joining in reading the thread. :)

    Windows Defender Antivirus' ability to run sandboxed are officially available on ALL SKUs from branch 1703 and newer.
    So yes - Home, Pro, Education, Enterprise - everyone can use it.
    Just enable in admin PowerShell and reboot.
    This feature has nothing to do with the Windows Sandbox. And the fact that there's still a known issue with Windows Sandbox on localized 1903 SKUs does not affect Windows Defender Antivirus' sandbox (since the two features has nothing to do with each other).
    When enabling the sandbox for Windows Defender Antivirus, you will isolate those parts of WD that handles untrusted code, from the rest of the OS.
    https://www.microsoft.com/security/...-defender-antivirus-can-now-run-in-a-sandbox/

    Windows Sandbox is a lightweight VM for running untrusted code in a isolated full desktop environment.
    You need virtualization enabled in BIOS, then enable in Windows Features and reboot.
    It's officially available on SKUs from Pro and up.
    https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849
    (Enabling on Home SKU at this point, are for those keen on experimenting without complaining when something goes wrong. :cool: )
     
  10. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Thanks @Martin_C. This should make it clear if it wasn't already. ;):cool:
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    One glitch about the Win Sandbox in regards to WM environments. It will only work on Intel based installations:
    https://win10.guru/windows-sandbox-on-hyper-v-virtual-machine/
     
  12. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Now with this great explanation from @Martin_C, we should leave the conversation about Windows Sandbox for another topic.
     
  13. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Hallelujah!!! :thumb:
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Others have very rightly pointed out that this virtualization discussion belongs in a different thread. Please start a new thread to deal with your virtualization issue, if an appropriate thread does not already exist. :)
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Does anyone know when Windows Defender Sandbox will be enabled by default? I can't find anything more recent about it than the original announcement last October.
    For those who have enabled it, do you notice a performance hit or bugs?
     
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Release date was May 20. I would have thought that long enough for something released by HP. I had a flaky device that was causing productivity issues in the office. Waiting for Microsoft (or any vendor) to catch up was not an option.
     
  17. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Okay, so that is a big failure on the part of Windows Defender. No reason they should be blocking an update from HP after so much time. Good example of why WD is king of FPs.
     
  18. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Agreed. I don't want to sound like I am just bashing them. I'm hoping they'll work on this in the future and reduce the false positives. It's not the worst product. It isn't the best either.
     
  19. harlan4096

    harlan4096 Registered Member

    Joined:
    May 6, 2008
    Posts:
    234
    Location:
    Almería (Spain)
    Enabling W10 SB now has some invonveniences:

    1.- It enables HyperV + DeviceGuard => You get issues if using VMWare (tested in my system) and/or probably also VirtualBox, I had to disable SB feature to continue running my virtualized systems in VMWare.

    2.- For now it seems does not work properly (or full support ) in AMD systems (I have AMD system)...

    3.- And also got this issue: https://news.softpedia.com/news/windows-10-cumulative-update-kb4497936-breaks-down-windows-sandbox-on-may-update-526168.shtml
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Just to clarify (as per previous confused discussion!) this is not about the Windows Defender Antivirus sandbox.
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Refer to what I posted in reply #2286.

    To use new Win 10 1903 sandbox feature within a VM, "nested virtualization" must be enabled in BIOS/UEFI. Since Hyper-V nested virtualization is only supported on Intel CPU's, use on AMD systems is N/A.
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb: Exactly my questions also.
     
  23. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    No performance hit or bugs on my system. See page 91 #2265 for what I have enabled in WD.

    Win 10 Pro x64 1903.

    Robert
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Whereas WD has made significant protection improvements, it still suffers from the same basic flaw. It can be easily bypassed.

    A Chinese malware researcher I collaborate with sent me an interesting malware sample this morning. When he discovered it, no one was detecting it. This morning when I sent it to VT, six solutions were detecting it. They were all Chinese based except for Kaspersky, Dr. Web, and ZoneAlarm. Again illustrating that localized base malware is the effective distribution choice for malware authors. I suspect this malicious coin miner is a variant of the one recently detected by TrendMicro: https://blog.trendmicro.com/trendla...ses-multilayered-fileless-arrival-techniques/ . When I checked yesterday at VT, no one was detecting this one.

    Anyway since Dr. Web did detect the malware sample sent to me, a detailed analysis of this PowerShell based coin miner is on VT and can be accessed using the link provided below. Now for the WD bypass employed:
    https://www.virustotal.com/gui/file/f46d1fbb59b610f3f49dcac2883ff16f61ae495564cdfc20fe617b6194cde77d/behavior/Dr.Web vxCube
     
  25. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    That's why we have layers of security protocols running in harmony...just in case.

    Robert
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.