diff --git a/engine/src/main/java/org/terasology/engine/core/module/ModuleManager.java b/engine/src/main/java/org/terasology/engine/core/module/ModuleManager.java
index 7adedf161f9..5538bb2057c 100644
--- a/engine/src/main/java/org/terasology/engine/core/module/ModuleManager.java
+++ b/engine/src/main/java/org/terasology/engine/core/module/ModuleManager.java
@@ -272,8 +272,13 @@ private void setupSandbox() {
             permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultBoundedElasticQueueSize", "read"));
         }
 
-        Policy.setPolicy(new ModuleSecurityPolicy());
-        System.setSecurityManager(new ModuleSecurityManager());
+        if (Runtime.version().feature() < 18 || "allow".equals(System.getProperty("java.security.manager"))) {
+            Policy.setPolicy(new ModuleSecurityPolicy());
+            System.setSecurityManager(new ModuleSecurityManager());
+        } else {
+            logger.warn("SecurityManager is disabled starting with Java 18 - module sandbox functionality is limited!");
+            logger.warn("To enable SecurityManager, use the \"-Djava.security.manager=allow\" JVM option.");
+        }
     }
 
     /**
diff --git a/facades/PC/src/main/startScripts/unixStartScript.gsp b/facades/PC/src/main/startScripts/unixStartScript.gsp
index 911308c49a8..ee7249d5fd3 100644
--- a/facades/PC/src/main/startScripts/unixStartScript.gsp
+++ b/facades/PC/src/main/startScripts/unixStartScript.gsp
@@ -169,13 +169,6 @@ save () {
 }
 APP_ARGS=`save "\$@"`
 
-# Terasology-specific changes - Re-enable SecurityManager on Java 18+
-# According to https://openjdk.org/jeps/223, this string is intentionally parsable.
-JAVA_VERSION=`java -fullversion 2>&1 | sed 's/.* //;s/"//;s/\\([0-9]*\\)\\..*/\\1/'`
-if [ \$JAVA_VERSION -gt 17 ]; then
-    DEFAULT_JVM_OPTS="\$DEFAULT_JVM_OPTS -Djava.security.manager=allow"
-fi
-
 # Collect all arguments for the java command, following the shell quoting and substitution rules
 eval set -- \$DEFAULT_JVM_OPTS \$JAVA_OPTS \$${optsEnvironmentVar} <% if ( appNameSystemProperty ) { %>"\"-D${appNameSystemProperty}=\$APP_BASE_NAME\"" <% } %> <% if ( mainClassName.startsWith('--module ') ) { %>--module-path "\"\$MODULE_PATH\"" <% } %>-jar lib/Terasology.jar "\$APP_ARGS"
 
diff --git a/facades/PC/src/main/startScripts/windowsStartScript.bat.gsp b/facades/PC/src/main/startScripts/windowsStartScript.bat.gsp
index f33992fabd2..a4cf2790ac4 100644
--- a/facades/PC/src/main/startScripts/windowsStartScript.bat.gsp
+++ b/facades/PC/src/main/startScripts/windowsStartScript.bat.gsp
@@ -62,14 +62,6 @@ goto fail
 
 <% if ( mainClassName.startsWith('--module ') ) { %>set MODULE_PATH=$modulePath<% } %>
 
-@rem Terasology-specific changes - Re-enable SecurityManager on Java 18+
-@rem According to https://openjdk.org/jeps/223, this string is intentionally parsable.
-for /f "tokens=4 delims= " %%a in ('"%JAVA_EXE%" -fullversion 2^>^&1 1^>nul') do ( for /f "delims=." %%b in ('echo %%a') do set JAVA_VERSION="%%b" )
-set JAVA_VERSION=%JAVA_VERSION:"=%
-if %JAVA_VERSION% gtr 17 (
-    set DEFAULT_JVM_OPTS=%DEFAULT_JVM_OPTS% -Djava.security.manager=allow
-)
-
 @rem Execute ${applicationName}
 "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %${optsEnvironmentVar}% <% if ( appNameSystemProperty ) { %>"-D${appNameSystemProperty}=%APP_BASE_NAME%"<% } %> <% if ( mainClassName.startsWith('--module ') ) { %>--module-path "%MODULE_PATH%" <% } %>-jar lib\\Terasology.jar %*