Microsoft Packs Windows Defender into the Sandbox
Microsoft will be the first vendor to run its antivirus software Windows Defender from an isolated area in the operating system, a sandbox, in order to better protect its virus scanner against attacks.
Security applications such as Windows Defender run with system privileges and have extensive permissions on the system. Since these too, like all applications, are not completely error-free and have weak points, antivirus programs are a popular target for attackers. Not that Microsoft delivers regular security updates for its antivirus scanner, but a complete isolation of the program from the rest of the operating system would still provide much better protection. Running Windows Defender from a sandbox would prevent infiltrated malicious code running through Windows Defender from gaining access to other operating system processes.
However, this feature is still being tested and is expected to be fully available only with Windows 10 version 19H1. Interested users can already activate and test the function under Windows 10 Version 1703 and higher.