Windows Defender Sandbox Test vs Malware
Ғылым және технология
Windows Defender Antivirus in Microsoft Windows 10 now comes with a sandbox for application isolation. How does it perform against a real onslaught of zero-day malware?
▼ Links, Resources and Contact Information ▼
✉ Contact us for business: www.thepcsecuritychannel.com/...
🔥 Love the channel? Become a Patreon:
/ tpsc
🔥 Buy the best antivirus/security products with exclusive discounts and support this channel:
www.thepcsecuritychannel.com/buy
🔥 Join us on Discord and participate in our active community:
www.thepcsecuritychannel.com/...
▶️ See how your product performs in a Test vs Malware:
www.thepcsecuritychannel.com/...
▶️ Want to learn cybersecurity? Get started here:
www.thepcsecuritychannel.com/...
Пікірлер: 810
*infects computer with hundreds of viruses* "this is actually so much fun, not gonna lie."
@LynKazoyuu
4 жыл бұрын
If one of those was memz lol
@ugolattanzio9152
4 жыл бұрын
ShxdoDxrpZ lmao
@de_stroyed
4 жыл бұрын
it's a vm, not the actual pc itself, so yeah
@pikachu896
4 жыл бұрын
@@de_stroyed Duh
@joemartin1757
4 жыл бұрын
I was literally just reading this as he says it
I feel like i could catch a malware virus just by watching this video.
@whitedawn2122
4 жыл бұрын
Me: *laughs in immunity to .exe files*
@Wombat24455
4 жыл бұрын
Apparently cyber-criminals are trying to get malware downloaded onto victim's device through youtube edit: so there is a chance of getting a virus from this video (not specifically from this video, just from the website itself)
@robloxplayercoolgirl5981
4 жыл бұрын
@@Wombat24455 O.o wait what? In what way?! 😰😬
@Wombat24455
4 жыл бұрын
@@robloxplayercoolgirl5981 Through a script the attacker (cyber-criminal) injected, i recommend downloading AVG Antivirus to block the malware being downloaded because when i was browsing youtube, AVG had a popup saying it blocked a Trojan virus from being downloaded Edit: The free version of AVG is good enough
@robloxplayercoolgirl5981
4 жыл бұрын
@@Wombat24455 Okay, but that means you can get a virus through a yt video? I've imagined that it could happen, but i never knew it actually could >~< There are no antiviruses on my dad's laptop, and I use dad's laptop, I'm on it right now. I'm gonna ask dad if we can get an antivirus..
9:25 I love how the icons on the desktop and windows defender synced up with the music
@M1ddle
4 жыл бұрын
@Aaron Moody what
@ViperoK
3 жыл бұрын
@@crasheba1533 what
@mparagames
3 жыл бұрын
@@ViperoK Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.
@velp7718
3 жыл бұрын
@@mparagames what
@mparagames
3 жыл бұрын
@@velp7718 Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.
To be fair, for something that comes as the default, built-in anti-virus, 90+% isn't all that bad. Think of it in the context of reality: (A) You don't get carpet bombed into submission with 1500 different malware, you get one piece of malware, if any. (B) Common sense will allow you to avoid at least 9/10ths of malware to begin with, so this is an additional 9/10ths on top of that, which brings the overall effective protection to at least 99%
@someaddictedidiot2186
Жыл бұрын
Ooh, memz, I wonder what that is. Probably something that makes my PC faster. Ooh it says it's a virus, nah, probably not important..
Thank you, In the process of purchasing the first PC desktop I’ve bought in years. Been debating whether to rely on MS Defender or purchase additional protection, debate settled. New to TPSC, really enjoy your reviews.
This is giving me an unbelievable amount of anxiety.
@franky-161
4 жыл бұрын
if you're new to pc's and stuff i would personally get a good antivirus software (bought), but if you know certain things, than you most likely not gonna get viruses
@HypeWrecks
4 жыл бұрын
HYPERS Thats why it gives me anxiety. This video betrays every single computer safety philosophy that I have developed over my lifetime.
@CaveyMoth
4 жыл бұрын
@@HypeWrecks I know, right? My momma always told me not to systematically execute 1500 samples of malware.
@HypeWrecks
4 жыл бұрын
Cavey Möth Its the golden rule of computer security,
@CaveyMoth
4 жыл бұрын
@@HypeWrecks The cascading waterfall of errors is just a Windows feature.
This must be what my parents saw when I downloaded games as a kid
@AtomicNotes
3 жыл бұрын
:D
Ah yes, the smell of a fresh malware in the morning
@udbhavn3197
4 жыл бұрын
No better way to start the day
@Username-ym9tt
4 жыл бұрын
The most luxurious and satisfying thing in morning
@aglimitless2779
3 жыл бұрын
lmfao
this is like watching ultron and jarvis fighting but way more mild
@ArchanaSingh-ch6mq
3 жыл бұрын
Add vision 😭
Thank you so much for your work. I was seriously considering relegating AV duty from Bitdefender to Windows, given recent "perfect" lab results, but this just affirms my decision to go with a dedicated security suite on all our devices.
Great video and as always well made!! I hope in the future we get a video as the one you did few years back with the free security challenge
I feel like my computer is getting dirty just watching this.
@dgjm7129
4 жыл бұрын
Do something quick before your computer do something dirty to you *insert Lenny face here*
Excellent forensic run. My BP went up just watching this! Loved your thorough, calm and clinical approach. That is until... "I trusted you!" LOL
9 year olds clicking on Free fortnite vbucks Malware installed : “its free real estate”
@dak0t4
3 жыл бұрын
aka my brother
Imagine not watching the pc screen for a while and then you see this
@Yuriyalloween
3 жыл бұрын
Especially 9:11
lets all remember that he had to turn off real-time protection to actually be able to place the viruses in his computer. Thats a pretty strong first barrier
@ryansawyer6476
4 жыл бұрын
I'm screaming the same thing lol. If you are depending on any AV to save you from executing malicious code good luck. Always, always, always take a layered approach. Good network security, followed by good backups, AV should be the last line of defense to tell you you need to nuke and pave a system. One last thing, if a user in an Enterprise environment is able to successfully infect a PC windows defender will not be the root cause and some shitty Network Security Engineer is gonna get canned 😂
@BortPlate
4 жыл бұрын
Some perhaps. The same result may have played out by the few that got passed that first barrier.
@henterpriser5779
4 жыл бұрын
Kaspersky still protects your PC even if it's completely off😐. It's like OK you buy me? I'm forced to protect you
@mrblanche
4 жыл бұрын
@@henterpriser5779 Until they send all your data to the KGB.
@StormFox_1
4 жыл бұрын
@@mrblanche xD
Thank you guys.
"This one's good! We have a nice waterfall over here" That warmed my heart ❤
I think you somehow misunderstood the purpose of the Defender sandbox here. It is nothing at all about running any other application in a sandbox or limiting the actions of any other application to a sandbox environment. It's just about splitting the Defender process itself into two processes, separating the actual anti-malware module from the content parser and user interface process. The latter can then run with lower privileges within the sandbox. Just like any modern web browser is doing. If malware directly attacks Windows Defender and try to elevate it's privileges by hijacking the Defender process via a bug in its scanner module, it can only hijack the CP process which is running in the sandbox. However, the scanned application itself is not meant to be started within any sandbox environment. Thus, the sandbox feature is not expected to have any beneficial effect on stopping malware from doing other malicious stuff except when it tries to exploit Windows Defender vulnerabilities.
Those hash names got me ptsd from the time where i was founding and deleting viruses manually
@AndoraAmore
4 жыл бұрын
That is so accurate.
I like your content, seem very honest and give us useful tips. Will be subscribing
I wonder if enabling all ATP (Microsoft 365 E5) protections would help to get a better score. I would like to see if ATP is a valid competitor vs Crowstrike and Cylance.
This reminds me of my old computer, the sad thing is that thing didn't have virus
@notsim_
3 жыл бұрын
@@SergeantExtreme wtf
I think some antivirus experts should get onboard with the whole defender program, so they can help improve it and increase the chance of it catching malware.
@UKGameShock
4 жыл бұрын
its all about money, There is more money in being better than windows defender and making competition than taking a small % cut of money to improve it. If windows deffender did a good job so many other av would go un used.
@UltimateAlgorithm
4 жыл бұрын
That could land Microsoft in a lot of trouble. Even with current Windows Defender, Microsoft is sued by some AV developer. They say that Microsoft is doing discriminatory business practice, which I think does not make sense. Why trying to give some basic protection considered discriminatory. If MS make Defender too good, they can get in a lot of trouble.
@amirabudubai2279
4 жыл бұрын
@@UltimateAlgorithm Haven't heard of that case, but I am willing to bet it had something to do with MS only allowing the user to disable Defender if they had a white listed 3rd party AV. In other words, MS was selectively blocking AV. This only affected Windows 10 home, but that is most users.
@UltimateAlgorithm
4 жыл бұрын
@@amirabudubai2279 and for good reason. AV starts it service early in boot process. Would you allow any application to do that? That is a terrible idea.
@avert_bs
2 жыл бұрын
What are you talking about It's already good enough and catches 99% of viruses. And if you have a feeling it's a false positive, test it on virustotal.
For someone new to the channel, how do you collect your malware? Also what have you found to the best at preventing malware, and what have you found to be the best at removing malware?
Very interesting video. Having decent music play on the speedups is a big bonus.
Thank you for all the hard work you do on this channel and keeping us informed. Yes I was very surprised at those results after the test. Here we are at the end of 2019 almost, with Windows OS build 1909 and yet Windows Defender is abysmal. Even more worrying is the outsourcing of the software programming to various companies abroad, and who may not use the highest levels of testing and quality assurance. Now the ordinary person may think your tests are too harsh. Not at all ! you throw every big nuisance during your tests and as many of the worst in malware that the internet can provide so yes, excellent testing !. We all have to be less naive when we roam the internet, we need to be pro-active, careful and have the best anti-virus software. From your previous videos I can see that there are a few good commercial brands that still offer good protection year after year whatever iteration those companies put out. None are perfect, some use bigger resources than others, some cause problems for avid PC gamers, some don’t have a high detection rate, but most are ok for everyday use. It’s all about education, and as you say being informed. But we must all realise as we surf the net, and click on all and sundry, to be vigilant at all times. The same goes for our emails, to be careful what we open. No longer is it like the old days when you had to actually run a .exe file to get infected. It’s a far scarier world now with scripts being automatic and running instantly in the background. So, thank you again for keeping us informed and providing good advice with respect to security products on our PC.
@Vekkuli001
4 жыл бұрын
Aren't email stuff basically from the 90s or early 2000s? I also disagree with the comment about Windows Defender, it does its job well enough.
@The PC Security Channel [TPSC] I saw Python was compromised. That could be why the scan stopped without completing.
Great video man !
Thank u that was good and woth the time thank u for sharing im on ur site and Love the wallpaper :)
I like how you present this video , it served me well and your voice is very suitable for this test
I'd like to know what malware/av service do you recommend or have had best results with close to clean sheets that you spoke about. I've watched several videos now of your tests and not seen any good results yet. Love to get some good advice. What was the best result you have had so far. Or best yet. What malware/av would you use @The PC Security Channel
So what happens if you didn't turn the real-time protection off?
@GrantsPerspective
4 жыл бұрын
It probably picks up some of the .exes as malware, and the control of having 1500ish malware samples that the antivirus/antimalware can pickup isn't really a control anymore. Real-time protection should stop malware from executing just as well as it would stop it from being copied over; it's the same scan process, except it's scanning before it executes rather than scanning as it's being copied. There's a reason the python script prompts you to put Real-Time Protection back on.
@spaghetti9067
3 жыл бұрын
Basically it stops things from happening even when you don’t run scans so it catches threats in real time
Its fun seeing the little time go by in the bottom right corner
Very good would be nice to see a follow-up on how are you cleared the system and recover any files I'm sure this would be very useful
Did anything affect your main pc? I've wanted to use windows sandbox as my main sandbox over the other options
I believe likely what happened when the scan stopped mid way was due to memory usage rather than taking too long. Windows programs will frequently crash when they can't allocate enough memory (and even if memory isn't actually full, high memory usage can still make a system unstable). Generally this is not due to the programs themselves simply using a lot of memory it almost always comes down to lots of processes using a smaller amount of memory and often times this sort of instability only happens at higher CPU usages as well (both of which was definitely seen in the video). Sometimes lots of allocating and deallocating of process memory has caused corruption for me in the past in many programs. (I've even had OS corruption from memory usage)
Im having the same exact problem and iv been on it for about a year now teaching my self. very thing u just said is exactly what uv figured out i just havet gotten rid of it just yet
For ransomware protection using Windows 10 built-in tools, the only reliable way to protect oneself is the Controlled Folder Access feature. In the latest Windows 10 version the user has an easier way to unblock the apps that are wrongly blocked by controlled folder access. Unless the user has his/her own 3rd party security tool that he/she uses, it's always a good idea to create a dedicated folder on the hard drive and add it to controlled folder access, then put all the important data there. It's not the most elegant solution but it will protect your data from encryption.
@LaserFur
5 жыл бұрын
I have to go add programs manually. And for Open office you can add .BIN to the name in the select box since it's the .BIN and not the .EXE that wants to add a file in the latest documents folder.
@laurpflorin
5 жыл бұрын
@@LaserFur you can ease the process of adding programs with PowerShell. And in the latest version of Windows 10 You can also see the most recent blocked apps list in Windows defender and whitelist them easier.
@LaserFur
5 жыл бұрын
@@laurpflorin Not as useful when it just says "setup.exe" or "runDLL.exe" I need to know what folder it ran from and what command line it had. I think some companies are going to have to adapt to not being able to drop some random exe in a temp directory and run it and it and expect that to be able to update the browser. (looking at you chrome)
@LaserFur
5 жыл бұрын
@@laurpflorin just to add. Thanks I didn't notice they added it there.
@RealDaniyalAhmed
5 жыл бұрын
Can you please tell how to create controlled access folder. I am newbie and want protection from ransomware on windows 7.i have already ESET smart security and MalwareBytes.
Interesting test. Just wondering, how long did it actually run before failing? Hours? Days?
LMAO I was hoping for a lot better than that! Will renew my Emsisoft for sure!
13:09 In the words of one wise Joel, who couldn't close a certain window: "Uh-oh, guys... ...problem!"
@blueberry1c2
4 жыл бұрын
How many bonzibuddys will i see in this comment section...
Sorry if this has already been answered... Just curious about if you find different results when testing threats that have been around long enough to have proper signatures in various products vs. relatively new, emerging threats...? I’m guessing the latter is harder to do, since by the time you can collect such samples they’ve already been identified as threats... Maybe I could phrase the question a bit differently: Do you see a higher protection level against older threats or new-ish threats?
you should have do an Hardcore malware check in Windows Defender (It's the one that says it takes 15 minutes)
is it not about time to test F-secure again, it has been a year already. very curious about this product again. After your test i bought it... curious to see, if should extend my subscription again
My question is , since all the malware is running together, do you think there's alot of cases where the malware takes eachother out? Maybe one just completely scrambles the other? Malware Battle Royale?
@Nickwilde7755
2 жыл бұрын
We got a, number one victory royale Yeah windows we bout to get down Get down 10 kills on the board right now Just wiped out hard drive town
What's your take on those that say that AVs introduce more vulnerabilities in Windows since they can have security holes and they have deep hooks in the OS?
Beautiful review, request: trend micro 2020
What about the MWB & Defender combo? It would be amazing if you'd test that as it's a very popular solution.
Can you possibly test Windows Defender's built-in ransomware protection in the future? I'm curious to see how well it works.
Can you do an updated Webroot test? The last one you did was over 6 years ago to see if it's changed much and if it's holding up? Love your channel. Thanks!
Very useful, thank you.
Was PUA / PUP detection enabled within Microsoft Defender and what settings did you have for the Cloud Scan and CPU usage / maximum detection time? 😒🤷♂️
Can you test sandboxie? It would be interesting to see how it compares. I get the feeling it might actually be a bit better. I find this interesting because WD consistently gets decent results in synthetic tests, but these results would clearly indicate otherwise.
Windows Defender is best for the people who don't click shiny "Download" button on the web.
@i_Ayush1
2 жыл бұрын
LOL UNDERRATED.
That was fun !!! Can you please advice me on how i should keep my PC safe, i wanted to run some pirated cracked softwares, but i am quite worried about the viruses they might bring with them I tried to do such things in vmware but it ran toooo slow what shoud i do will the restore point work or i have to run such softwares in dual booted systems Please answer
How many files will be get copied with protection on?
I think there is an anti tamper setting that is default on off, did you remember to check that one?
It’s gotten much better, could you do another review?
Hi can you test roguekillerCMD, it would be interesting and fun to se. i have it on my computer but i have no idea if it's it good like malwarebytes good or something.
Kindly test Trend Micro Maximum Security. Thanks for keeping us informed and secured
I think you alluded to the fact that because you have a host folder, the malware was able to use this as a conduit of sorts to infect your main system. Did I understand that part correctly? If so, could you not just disable the host folder and copy paste the malware files into sandbox and rerun the test? Or am I looking at this to simplistically? Thank you for the video
Great video but I am lost. Windows sandbox normally starts another window that looks like main desktop. Simply turning on Sandbox does not mean it is running unless the 2nd window is open. I did not see it open so are you sure it was running in the sandbox? Not saying your wrong but I am confused.
I believe you are misunderstanding what the sandbox is for and it really wouldn't show up in a test like this. It's an architectural change to prevent Defender from it being the source of infection. Parsing files is hard and this would help prevent the act of scanning viruses from being a vector for viruses.
Does this ruin the hardware in your pc? i had windwos 7 and it was infected by viruses, ransomware etc.. and the cpu was at 100% for some time while i was trying to fix the pc, eventually ended up getting windows 10 and i'm not sure if my pc is the same after what happened, so how bad is this for the pc?
Is the Sandbox still gives an error when trying to run it on a non English Windows?
I have a question, what will happen if I deleted system critical files like system32 from sandbox? Or just mess around in the system files in general.
Does anyone know why even though I put the command in for defender to actually work on sandbox, it doesn't actually work? I ran the cmd prompt as admin and everything, yet it still doesn't work. Whenever I try to turn on real-time protection on the sandbox, it says to contact it admin or some bs.
You did not switch on the Randsomware protection dude aka Control Folder settings
Came for the Defender test. Stayed for the Beethoven soundtrack.
is it possible to recover email if it is permenantly deleted from IMAP account??
Windows defender is one of the best second opinion scans to run on your system these days as its an excellent removal scanner. The problem is that its the baseline for avbypassing and that shows. The most popular av will always run behind but it has gotten to the point the periodic scanner can be useful.
@TheHobbitmann
5 жыл бұрын
In this test suck
Are these tests run while the user is a Local Admin or Standard user? Also, is DEP on for all apps? Smartscreen...etc?
HI, nice video, do you have chance to make the same test MS Endpoint Protection (SCCM) "windows defender with enterprise features"?
Since it wasn't in the description, the command is (setx /M MP_FORCE_USE_SANDBOX 1)
where do you get all the viruses? can i get the download link, i want to test it for my own experiment
Hi Pc security channel, how safe is the actual windows 10 sandbox? can you run Malex in one with all protection off such as defender. I'd like to know of safe it really is or if anything can escape it. If you've made a video about it before I must've missed it ty
my problem with defender is that it rings alarm at PUPs like no other AV... for advanced users this can be VERY annoying. i use a mix of kaspersky & malwarebytes , i switched after avast and avg merged
I would like to also put out there you did give emcsoft a advantage with its own background
Summary: 1. Windows Defender is really slow checking files 2. Bad detection ratio 3. Makes Windows slower compared to other AVs like BitDefender
@theeskimo9875
5 жыл бұрын
I think bitdefender makes windows slow. But I have 128GB RAM so it doesn't matter to me
@Saturate0806
5 жыл бұрын
@@theeskimo9875 kzread.info/dash/bejne/Zomct7x8irCweMo.html
@MaksKCS
5 жыл бұрын
@@theeskimo9875 Weird flex, but okay
@aaronwise1089
5 жыл бұрын
How does anyone have 128 gigabytes of ram?
@zidana.p4242
5 жыл бұрын
Bitdefender may be the best av for Windows but the only problem on this av is ram leak specially for a pc with 1-2 GB
3:08 ah yes, fresh malware for breakfast
Did anything get past windows sandbox and how does sandbox compare to a VM?
Can you test eScan Internet Security. Keep up the Great Videos.
You should try this same test, but with Controlled Folder Access enabled. I'd be curious to see if still gets "ransomwared"
@AmaroqStarwind
4 жыл бұрын
I second this.
@iluvmyswamp7948
4 жыл бұрын
i third this
@abhishekmaurya3453
4 жыл бұрын
I'm sure that will prevent ransomware. It is so strict it doesn't even allow own windows software unless you allow manually. 🤦♂️
@serversideissues4249
4 жыл бұрын
@@abhishekmaurya3453 So defense in depth then, right? Implicit deny. Comodo uses this same approach and still malware finds a way around its defenses. Assuming you whitelist what applications are allowed, this could definitely be a good way to protect the end-user's system. It's still a valid test because it confirms that what Microsoft is claiming about their feature, "Ransomware Protection" is valid.
@namesurname4666
4 жыл бұрын
That windows 7 wallpaper on your profile image :)
Thanks for the great Video. Can you tell me how do i actually run the Windows Defender Sandbox? I have ran the command and enabled it, but cant find a way to run it? The standard Windows Sandbox doesnt have Defender in it?
This actually scared me because I only use Windows Defender. I think I will be switching to Bitdefender (based on your testing playlist)!
How did the malware attempt to spread to your host machine even when Shared Folders were Read-only, Clipboard Sharing and Drag and Drop were Host to Guest only? And is there any way to prevent that from happening?
@kabloosh699
4 жыл бұрын
Remove the share before executing the malware test?
@franklinAll8735
4 жыл бұрын
You can't ever be 100% safe. It is always possible for the malware to utilise zeroday exploit in the VM software itself to infect the system, however that's VERY rare. Most guest -> host infections occur due to either having shared folders or internet connection between guest and host enabled. To be as safe as possible delete any shared folders and disable internet connection /LAN on your guest system.
@franklinAll8735
4 жыл бұрын
@Hugh Jarce It won't help very much as long as your 'testing computer' is connected to the same network as the others are. You have to either have separate network or internet disabled before testing.
Integrating with Defender ATP would help isolating the endpoints when there is something suspicious
Can all the virus get deleted instantly when u close the sandbox and does it spread to the real desktop or no?
@wolfhd7509
4 жыл бұрын
As long as you don't have file sharing in you should be safe. There are things you might many to make sure so some searches might help you a bit more. Also unless you reverse to an older save or reverse the machine it will just work like a normal machine
As soon as the background wallpaper changed you knew shit hit the fan
I couldn't understand ! Did windows defender catch it or not ?
@RMBM994
4 жыл бұрын
No, the system was infected
Everyone was waiting for this.
@dashdashdash_
5 жыл бұрын
Indeed
@megumin_6548
5 жыл бұрын
What a disappointment tho
@malwaretestingfan
5 жыл бұрын
@@megumin_6548Meh as well.
@dgjm7129
4 жыл бұрын
@@malwaretestingfan yup meh.....
Can you make a video about Avira Ransomware protection? Would be realy helpful to see if its worth the prime subscription
Was this malware run in the defender sandbox or set free on the actual system?
When I plugged in my new mouse (straight out of the package) Windows Defender ran antimalware for some reason. This came from Amazon so no way it was harmful.
How does it not spread to his host or other computers on his network
Not gonna lie on my laptop windows defender removed a trojan virus but not completely it says remedi as tion incomplete and I dont know what that means can someone tell me :(
i like that defender has the same notif sound as other windows ‘system’ notifs and is neutral sounding to me
Great video, from where I can download the same collection of malware that you used?
@urbanevilfr
2 жыл бұрын
Same i want the malware to test on my own
Sorry new to the channel. Out of interest is the windows user account on your lab machine an administrator?
@pcsecuritychannel
4 жыл бұрын
Yes, I use an admin account for all my tests. Maybe I’ll do a demo with a limited account too sometime.
@alexbright7735
4 жыл бұрын
@@pcsecuritychannel yes because I recall somewhere a study that said 99% of vulnerabilities are negated by using a limited account