Microsoft announced that they are rolling out Windows Defender with Sandbox mode. Google’s Tavis Ormandy said on Twitter https://twitter.com/taviso
Wow, this is amazing. Congratulations to the team, this is game-changing.
Although Windows Insiders ostensibly get this first, it will be included in the upcoming versions but it’s already silently built into builds 1703 greater but not turned on. You can turn this on immediately on your home Windows 10 computer.
According to Microsoft:
"We’re in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation.
Users can also force the sandboxing implementation to be enabled by setting a machine-wide environment variable ( setx /M MP_FORCE_USE_SANDBOX 1 ) and restarting the machine. This is currently supported on Windows 10, version 1703 or later."
Run command prompt with administrative privileges.
setx /M MP_FORCE_USE_SANDBOX 1
You should now have Windows Defender running sandboxed