I occasionally need a bit of shareware / free software. I'm always a bit paranoid about downloading those types of things, and usually check them out in Windows Sandbox (on Win 11 Pro). I don't see any indication of Defender running though in the sandbox. I'm hoping when I download the file in the sandbox, defender will scan it. If Defender doesn't bark and I like the program, I can then copy it out of the sandbox to my machine. When I go to "Settings" in the sandbox and search for Defender, nothing is found.
Asked
Active
Viewed 4,503 times
2 Answers
2
Windows Defender does not run in the Sandbox, but it doesn't need to.
The rationale is perhaps, that as the Sandbox environment is disposable and is completely isolated from the host, there is no need for Defender.
In any case, the Sandbox in the end uses Windows API on the host, so everything that goes on inside the Sandbox is still protected by the Defender instance running inside the host.
If you run Task Manager inside the Sandbox, you won't see the Defender
processes running as MsMpEng.exe or MsMpEngCP.exe.
You will only see one or both of them from outside of the Sandbox.
There is no real documentation about which Defender real-time protections are operational or not inside the Sandbox, but that does not mean that the Sandbox is completely unprotected.
Note that it's also possible to set Windows Defender itself to run in its own sandbox for better protection. At least in Windows 10 22H2, this not the default, but can be enabled by running in CMD as Administrator the following command and rebooting:
setx /M MP_FORCE_USE_SANDBOX 1
Again, there is no real documentation about using this option and its effects on the running of Windows or of Defender.
For more information see Windows Defender Antivirus can now run in a sandbox.
2
As you have asked the question, Windows Sandbox does not include Windows Defender.
Literature I have read says perhaps it will in the future.
A better approach, I think, for your stated requirement is to make a Windows 10 Virtual Machine. Windows 10 definitely includes Windows Defender.
Make sure you can back up the Windows 10 VM to another device.
Then scan the object in the VM and make a determination if safe or not.
You can always recover the VM if you need to.
I do this now on my own laptop.