What is Knox?

Knox is a security and device management framework that Samsung pre-installs on their flagship devices

At first, it was only used for business-managed devices, until it's capabilities eventually split into the normal consumer market as well, see : Secure Folder for example.

Knox's features fall within three categories: data security, device manageability, and VPN capability.

Knox has a couple of security features that stand out from vanilla Android, notably:

• e-Fuse
  The e-Fuse is one of the main components of Knox. It stores wether the device has been tampered with or not depending on any of the following security additons ↓
• Samsung Real-Time Kernel Protection
  This tracks any changes in your kernel in real-time, preventing the device from booting if any changes were detected. It will also tell the user that the device is "Unsecured". It's somewhat similar to Android Verified Boot.
• Security Enhancements for Android (SE For Android)
  This is an extension to the SELinux implementation that Android already has, it provides periodic updates for any new vulnerabilities to further enhance the system's security
• Secure Boot
  Samsung's Secure Boot is a pre-boot environment which checks for any changes, and trips the e-Fuse if any are detected, which changes the system's status from "Official" to "Custom".
• Kernel-level anti-root measures
  Ever since Android Oreo, Samsung has been adding patches to their Kernel which prevent Rooting of any kind, even if a Magisk installation was successful.