SANS published an interesting article (see below) showing that Windows Defender is now supporting sandboxing.
So what is sandboxing? And why is this a good thing. “Sandboxing is a software management strategy that isolates applications from critical system resources and other programs.” – Tech Definition. Sandboxing allows applications and code that come into your system to first go to the sandbox and “play” and be watched to see what they do. In this sandbox, the code and the application can be analyzed to see whether it’s malicious, or acting normal.
There are a couple of places you can deploy sandboxing, and it’s a good idea to have them at each level. The first level is on your firewall. Before code can even get onto your computers or servers, your firewall analyzes the code and makes sure it’s not malicious. An ounce of prevention is worth a pound of clean up! The other place sandboxing can happen is with your local anti-virus/anti-malware software (as mentioned in the article). At this point the code is on your computer, but at least it’s still isolated! So that’s a bonus!
article: https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/