F

ForgottenSeer 823865

When I click new application guard window nothing happens. Anyone got any ideas?

Exploit Protection
Because of reported compatibility issues with the Exploit Protection settings that we began incorporating with the Windows 10 v1709 baselines, we have elected to remove the settings from the baseline and to provide a script for removing the settings from machines that have had those settings applied. (See Remove-EPBaselineSettings.ps1 in the download package’s Scripts folder.)
 

Shiz

Level 1
Umbra i tried running that script but i get an error "Cannot invoke method. Method invocation is supported only on core types in this language mode.". i looked at the xml file its pulling and manually remove those expoit rules but I'm still having those issues. I dont get why this doesn't work. I can open windows sandbox fine if that helps.
 
F

ForgottenSeer 823865

Exploit Protection as many built-in security features are non-user friendly at best, or half-baked at worst. One must be really adept to figure out all intricacies.
If you have average skills and knowledge, you better go with a 3rd party tool like HMPA.
 
Umbra i tried running that script but i get an error "Cannot invoke method. Method invocation is supported only on core types in this language mode.". i looked at the xml file its pulling and manually remove those expoit rules but I'm still having those issues. I dont get why this doesn't work. I can open windows sandbox fine if that helps.
just upgrade windows 10 to 1909 and the rules will be taken care of for you by Microsoft
 
If you plan on using VMWare or VirtualBox, then you cannot simultaneously use WDAC.

None of us can figure out what Microsoft was thinking when it developed WDAC, the sandbox and core isolation when most of the IT working world uses a non-Windows virtualization product on their systems.
 

Shiz

Level 1
If you plan on using VMWare or VirtualBox, then you cannot simultaneously use WDAC.

None of us can figure out what Microsoft was thinking when it developed WDAC, the sandbox and core isolation when most of the IT working world uses a non-Windows virtualization product on their systems.
VMware has a technical release of their hyper v base version.
 
VMware has a technical release of their hyper v base version.
It should not be VMWare's responsibility to accommodate Microsoft.

Besides, most people don't want to use Hyper-V. It is notorious for not working properly on older hardware whereas VMWare and VBox work just fine.
 

valvaris

Level 3
Verified
Hello @Shiz

I have to confirm what @polishpatriot sez never mix and match Hyper-V with VMware. Those two simply hate each other under the same translation level of the OS. Both are a Type 2 Hypervisor's even Application Guard has Hyper-V at hart like that it uses a Type 2 Hypervisor.

Here a link that explains the technical part from it: What Is A Hypervisor? Types Of Hypervisors 1 & 2

--------------- Quality of Life -----------
Even for me that uses Application Guard in Managed Mode - Sometimes wants to reset the container!

But how?

I created a shortcut on my desktop with the following command in it-> wdagtool.exe cleanup <- If you use a Persistant Layer in Application Guard you can use -> wdagtool.exe cleanup RESET_PERSISTENCE_LAYER <-

Just need to have a nice Symbol and Done! :D

Best regards
Val.
 
Last edited:
Hello @Shiz

I have to confirm what @polishpatriot sez never mix and match Hyper-V with VMware. Those two simply hate each other under the same translation level of the OS. Both are a Type 2 Hypervisor's even Application Guard has Hyper-V at hart like that it uses a Type 2 Hypervisor.

Here a link that explains the technical part from it: How to Implement Validation for Restful Services with Spring

--------------- Quality of Life -----------
Even for me that uses Application Guard in Managed Mode - Sometimes wants to reset the container!

But how?

I created a shortcut on my desktop with the following command in it-> wdagtool.exe cleanup <- If you use a Persistant Layer in Application Guard you can use -> wdagtool.exe cleanup RESET_PERSISTENCE_LAYER <-

Just need to have a nice Symbol and Done! :D

Best regards
Val.
Thank you for the confirmation.

And another instance of Microsoft releasing features with zero common sense documentation... users have to discover what is what the hard way.
Code:
as usual
 

Lenny_Fox

Level 11
Yesterday I helped an uncle to setup his new laptop. While waiting for the data to copy from his desktop, I played with Application Guard Window. When enabling the edge flag "Application guard Prelaunch" and the Group Policy setting to pre-load Edge, this virtualized browser loads really fast (a lot faster than sandboxie on my old laptop :) )

I discovered that there is group policy setting (thanks to this guide (y)) to enable persistent data. This does not flush the sandbox, so my browser settings, bookmarks and extensions survive reboot. I could not find a way not the info on the web to create a shortcut which launches Edge in a virtualized windows (as is possible with inPrivate mode).

Any tips welcome to start Edge in this mode (using a shortcut or switch). Anyone knows??????
 

Lenny_Fox

Level 11
From guide:

[INFORMATION]
If Application Guard runs in MANAGED Mode - None of the above (manually stuff) is needed! (Tested on Microsoft Edge Chromium Stable/Dev. builds)
So when you start Edge it runs in application guard window? Please explain
 

Jan Willy

Level 2
In WDAG-mode of Edge the number keys didn't work well when I typed a number in the adress/search bar. Typing from the numberpad (numlock) was o.k.
Solution:
Go to task manager. Than go to the details tab and find "ctfmon.exe ". Change UAC virtualization to enable mode and restart explorer.

View attachment 244205
When I wrote this message, it was a coincidence that I had SpyShelter disabled (which I usually do when I update drivers). Now I know that the keystrokes encryption from SpyShelter is the real culprit in mutilation the top row numbers of the keyboard. I have added 'hvsirpcd.exe' to the excluded processes of the keystrokes encryption.
 

security123

Level 21
When I wrote this message, it was a coincidence that I had SpyShelter disabled (which I usually do when I update drivers). Now I know that the keystrokes encryption from SpyShelter is the real culprit in mutilation the top row numbers of the keyboard. I have added 'hvsirpcd.exe' to the excluded processes of the keystrokes encryption.
Or just don't use that program then ;)
 
Top