Microsoft implemented new functionality in Windows Defender Antivirus for Windows 10 recently that makes the antivirus solution run in a sandbox on the system.
- Completely disable Windows Defender in Windows 10. While there is an option to turn off real-time protection of Windows Defender, there is no option to completely turn off Windows Defender.
- Windows Defender SmartScreen.; 2 minutes to read Contributors. In this article. Applies to: Windows 10; Windows 10 Mobile; Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files.
Many Windows 10 users have complained of Windows Defender – the Operating System’s resident antivirus programs – not updating regardless of whether the update being downloaded and installed is a small Definitions update or a large, chunky update.
The feature, which is available in Windows 10 version 1703 and newer, needs to be enabled for the time being as it is not active by default currently.
Microsoft hopes that Windows Defender Antivirus' new restrictive process execution environment helps protect the application against attacks that are targeted directly at it. Antivirus solutions often need to run with high privileges to protect the entire system against malicious attacks; the need to run with high privileges make antivirus programs high profile targets, especially if they are used widely.
Microsoft stated that it is unaware of targeted attacks 'in-the-wild' against Windows Defender Antivirus but that security researchers identified ways to attack Windows Defender Antivirus successfully in the past.
A sandboxed environment adds another layer of protection to the antivirus solution. Malware that aims to exploit Windows Defender Antivirus successfully would have to exploit a vulnerability in the application itself and find a way to break out of the sandboxed environment that Microsoft created for the security software.
Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm.
Enable Windows Defender Antivirus sandboxing
Sandboxing is not enabled by default at the time of writing. It is available, however, on all devices running Windows 10 version 1703 or higher.
Tip: if you are unsure about the Windows version run winver.exe on Start to display it.
Here is what you need to do to enable Windows Defender Antivirus sandboxing right now:
- Open the Start menu.
- Type powershell.exe to display PowerShell as one of the results.
- Right-click on the result and select 'run as administrator' or hold down the Shift-key and the Ctrl-key before you select the result. Both options execute PowerShell with elevated rights.
- Confirm the UAC prompt that may be displayed.
- Run setx /M MP_FORCE_USE_SANDBOX 1.
- Restart Windows.
The command sets a new system variable that tells Windows to run Windows Defender Antivirus with sandbox functionality.
Verifying that the sandbox is running is simple: open the Windows Task Manager with a tap on Ctrl-Shift-Esc and make sure you display all details (click on more details if not), and look on the Details tab of the program.
Locate MsMpEngCP.exe there. If you see it, the sandbox is up and running. The process runs with low privileges and uses 'all available mitigation policies' according to Microsoft.
You can use third-party programs like Process Explorer as well if you prefer those to verify that the sandbox is enabled.
Check out Microsoft's blog post on the Microsoft Secure blog for implementation details and challenges that Microsoft faced during research and development.
Now You: Which antivirus solution do you run?
Microsoft Defender Windows 10
When using Windows 10 you’ll notice that it comes with its own antivirus called Windows Defender. It comes as part of Windows itself and runs automatically without you needing to intervene too much. For some, however, Windows Defender is more of a hassle than a help. As such, they’ll want to disable Windows Defender in peace.
As you’ll discover in this article, disabling Windows Defender in Windows 10 isn’t as easy as it should be. Regardless, making sure Defender goes down and stays down isn’t very tricky at all.
Why Not Use the Default Option?
It may seem a little confusing that turning off Windows Defender permanently is trickier than it should be. After all, there’s an option within Windows 10 to disable Defender. You can access it by going to “Settings, Update & Security,” then Windows Defender.
However, if you read the description of the setting, you’ll spot the problem. Windows Defender will only stay inactive for a short period of time. When it detects that it’s been off for too long, it will automatically turn itself back on again. This means if you want Windows Defender to stay disabled, you’ll have to keep toggling this option off every time Windows resets it. What a hassle!
Disabling Windows Defender Permanently
Fortunately, there is a way to make it so Windows Defender doesn’t re-enable itself. It’s not very obvious as to how to do it, but once you learn the basics, you’ll be able to turn it on and off without much issue. Just make sure you do not browse the Web without a functioning antivirus active! Make sure you have something installed beforehand to make up for Windows Defender being turned off.
There are two ways you can disable Windows Defender. The first is via the registry, and the second is through the Local Group Policy window. Typically, the Local Group Policy way is a little easier to perform, but you can only use it on Pro, Enterprise, and Education editions of Window 10.
If you don’t use any of the above editions, or you’re not sure which one you’re using, don’t worry! All versions of Windows 10 can turn off Windows Defender using the registry method. Just follow the steps below, and you should have your problem fixed in no time.
Using the Registry (Available for ALL Users)
First, open the Run command by pressing the “Windows Key + R.” In the box that appears type regedit
and click OK.
Note: do make a backup of your registry before you make any changes.
The system registry will open up. On the left navigate to the following folder: “HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> Microsoft -> Windows Defender.” You may see a folder after Windows Defender called “Policy Manager.” Don’t click on that folder; instead, keep the Windows Defender one highlighted like the following image.
On the right side of the window you might see a file called “DisableAntiSpyware.” If you do, that’s great! If not, we’re going to have to make our own. To do this, right-click the in empty space on the right side of the window, go to “New,” then “DWORD (32-bit) Value.”
Windows will create an untitled DWORD file which isn’t much use to us as is. Right-click the file and click Rename, then call it “DisableAntiSpyware.” Make sure you enter the name perfectly!
Right-click the “DisableAntiSpyware” file and click “Modify…”
To enable the policy that disables Windows Defender, set the value data to “1” and click OK. This tells the computer that the policy that was just created should be enabled, and Windows will disable Defender for you. If you ever want to bring Windows Defender back, just come back to this file and change the value to “0.” This disables the policy and allows Windows Defender to work again.
The next time you try to load Windows Defender, you’ll see the following error message saying it’s been turned off.
Using Local Group Policy
To start, press the “Windows key + R” to load the Run box, then type gpedit.msc
into the box and press OK.
If you attempt to run it in a different edition such as Home, you’ll get the following error
This means you cannot use this method to disable Windows Defender. In this case you’ll want to use the registry method above instead which works for every edition.
When the Local Group Policy window loads, check under the “Computer Configuration” section for the “Administrative Templates” folder. Open it, then open “Windows Components -> Windows Defender.” On the right you should see a file called “Turn off Windows Defender.”
Double-click it and click “Enabled” on the left. This then turns on the “Turn off Windows Defender” policy which disables Windows Defender. If you change your mind in the future, you can come back here and select “Disabled” instead.
Keeping Defender Down
For some, Windows Defender can be more of a hindrance than a help. Even worse, the version that comes with Windows 10 can’t be permanently disabled. By following one of the two methods above you can enjoy your computer without having to constantly keep disabling Windows Defender.
Download Nodefender App
Do you use Windows Defender as your main antivirus? Or do you opt for something else? Let us know below in the comments.
The Complete Windows 10 Customization Guide
Disable Windows Defender
In this ebook we’ll be exploring the multitude of options to fully customize Windows 10. By the end of this ebook you’ll know how to make Windows 10 your own and become an expert Windows 10 user.