Avast disables JavaScript engine in its antivirus following major bug Vulnerability would have allowed attackers to take over computers running the Avast antivirus March 11, 2020 https://www.zdnet.com/article/avast-disables-javascript-engine-in-its-antivirus-following-major-bug/
Has there been any other AV vendor that has implemented sandboxing for it's own components like MS Defender?
No, I don't think so. But this shows how risky AV's can be, I think it's ridiculous that they make these kind of coding mistakes.
Indeed. There will always be vulnerabilities so the risk needs to be migitated by reducing rights, sandboxing etc. MS introduced the Defender sandbox 1.5 years ago, so I was hoping at least one other AV vendor would have an opt-in sandbox by now. Btw, do you know if the Defender sandbox has been enabled by default by now? When I search for Defender sandbox, all articles are from the original introduction, I don't see any recent articles.