Recent Twitter discussions have surfaced the fact that many antiviruses on Windows still do not properly sandbox their scanning engines, which often use legacy code to unpack and parse untrusted content. So by installing an antivirus, you may actually increase the attack surface dramatically. (For example, when an antivirus is parsing a freshly downloaded PDF file to analyze it, a malicious PDF could exploit the antivirus and run arbitrary code with the antivirus privileges.) I suppose that is the reason why Tech Solidarity recommends users who are likely to be targeted to uninstall any third-party antivirus products and replace them with Windows Defender.<p>Is there any antivirus that can reliably sandbox and contain malicious code that happens to exploit a code execution vulnerability in the antivirus itself?