Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.
Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area.
Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers.
The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system.
That’s why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an attacker or a malicious app exploiting a flaw in Defender compromises the antivirus engine, the damage can’t reach out to other parts of the system.
images from Hacker News