Windows Defender can now run inside a sandbox

Microsoft has made it possible for Windows Defender Antivirus to be run within a sandbox, a restrictive environment that separates the AV’s processes from those of the underlying Windows OS, thus limiting the actions of malware that can exploit the software’s flaws.

The feature is available to members of the Windows Insiders program and currently works only on Windows 10 version 1703 or later.

Windows Defender sandbox

Implementation and challenges

Adrian “Mady” Marinescu from the Windows Defender Engineering team explained that implementing the sandbox was a complex undertaking as a fine balance had to be struck between security, performance and functionality.

The developers had to layer the AV’s inspection capabilities into components that absolutely must run with full privileges and components that can be sandboxed.

“The goal for the sandboxed components was to ensure that they encompassed the highest risk functionality like scanning untrusted input, expanding containers, and so on. At the same time, we had to minimize the number of interactions between the two layers in order to avoid a substantial performance cost,” he noted.

They minimized the number of interactions between the sandbox and the privileged process, made it so that these interactions are only performed in moments where their cost would not be significant, and made the two processes able pass data/content between themselves safely by hosting them in memory-mapped files that are read-only at runtime.

To avoid problems of inter-process communication, they opted for low-privilege AppContainers, which allow fine-grained control on specifying what the sandbox process can do. Lastly, they made sure that disinfection happens with high privileges so that sandbox compromise doesn’t lead to malicious modifications of targeted binaries.

The content processes take advantage of modern exploit mitigation techniques (DEP, ASLR, CFG), disable Win32K system calls and all extensibility points, and make sure that only signed and trusted code can be loaded.

“More mitigation policies will be introduced in the future, alongside other techniques that aim to reduce even further the risk of compromise, such as multiple sandbox processes with random assignment, more aggressive recycling of sandbox processes without a predictable schedule, runtime analysis of the sandbox behavior, and others,” he concluded.

The first AV with a sandbox

Like any other software, AV software can have vulnerabilities that can be found and exploited by attackers.

In 2017, Google Project Zero vulnerability researcher Tavis Ormandy and colleagues Natalie Silvanovich and Mateusz Jurczyk have flagged many critical RCE vulnerabilities in the Microsoft Malware Protection Engine, which powers a number of Microsoft antimalware software, including Windows Defender.

Ormandy had also been steadily discovering and reporting critical flaws in various companies’ AV offerings in the last few years, and some AV companies have since started bug bounty programs in an effort to improve security.

Ormandy described Microsoft’s sandboxing of Windows Defender as “game changing”.

Marinescu said that putting Windows Defender Antivirus in a sandbox is a direct result of feedback that they received from the security industry and the research community, and urged researchers to test the feature and give them feedback on the implementation.

Users who want to try it out can do so by opening an Administrator Command Prompt, setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine.

Don't miss