Advice Request How to test Defender Application Guard on untrusted sites?

Please provide comments and solutions that are helpful to the author of this topic.
H

HarborFront

Level 73
Thread author
Verified
Top Poster
Content Creator
Forum Veteran
Oct 9, 2016
6,209
23,125
7,179
Far East
Should I

1) Open WDAG first then go to the site in its address bar?
2) Straight away open the site in Edge and WDAG will automatically detect and runs the untrusted site in it. Otherwise, it'll run normally in Edge if it's a trusted site.

Firstly, how to know a site is untrusted? Is it all the sites in your Favorites considered as trusted? Any untrusted sites to test? Is untrusted site the same as non-secured site i.e. sites with http?
 
Last edited:
HarborFront said:
Should I

1) Open WDAG first then go to the site in its address bar?
2) Straight away open the site in Edge and WDAG will automatically detect and runs the untrusted site in it. Otherwise, it'll run normally in Edge if it's a trusted site.

Firstly, how to know a site is untrusted? Is it all the sites in your Favorites considered as trusted? Any untrusted sites to test? Is untrusted site the same as non-secured site i.e. sites with http?
Click to expand...
docs.microsoft.com

Testing scenarios with Microsoft Defender Application Guard

Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
docs.microsoft.com
 
  • Like
Reactions: Mjolnir and Gandalf_The_Grey
lothar91 said:
docs.microsoft.com

Testing scenarios with Microsoft Defender Application Guard

Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
docs.microsoft.com
Click to expand...
Yes, I have read that. In essence you need to

1 open WDAG, then
2. go to the site

The question I want to know is how do you know the site you want to go to is an untrusted site?

My thinking was first you open normal Edge. Then go to a site. If the site is detected as untrusted WDAG would be activated and the site isolated to run in it. If the site is trusted then it'll run in normal Edge
 
Which sites are considered as untrusted is usually established by your IT admin in group policy.

"For Microsoft Edge, Application Guard helps to isolate ENTERPRISE-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, YOU define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. "

docs.microsoft.com

Microsoft Defender Application Guard

Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
docs.microsoft.com
 
Mjolnir said:
Which sites are considered as untrusted is usually established by your IT admin in group policy.

"For Microsoft Edge, Application Guard helps to isolate ENTERPRISE-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, YOU define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. "

docs.microsoft.com

Microsoft Defender Application Guard

Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
docs.microsoft.com
Click to expand...
I'm talking for home users.
 
HarborFront said:
Yes, I have read that. In essence you need to

1 open WDAG, then
2. go to the site

The question I want to know is how do you know the site you want to go to is an untrusted site?

My thinking was first you open normal Edge. Then go to a site. If the site is detected as untrusted WDAG would be activated and the site isolated to run in it. If the site is trusted then it'll run in normal Edge
Click to expand...
WDAG is just another security "solution" passed-down to consumer versions of Windows by Microsoft with no real explanation to the consumer as to how it is intended or supposed to work.
 
Last edited by a moderator:
  • Like
Reactions: HarborFront
I do not think so. MDAG (WDAG) is a simple solution - it is simpler than many safe browsers from AV suites. The Microsoft documentation is rather clear and comprehensive:
docs.microsoft.com

Microsoft Defender Application Guard

Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
docs.microsoft.com
There are many online resources available via Google. The problem is rather a low popularity of MDAG (WDAG), because it does not work on Windows Home and it runs Edge browser.
 
  • Like
Reactions: HarborFront
Andy Ful said:
I do not think so. MDAG (WDAG) is a simple solution - it is simpler than many safe browsers from AV suites. The Microsoft documentation is rather clear and comprehensive:
docs.microsoft.com

Microsoft Defender Application Guard

Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
docs.microsoft.com
There are many online resources available via Google. The problem is rather a low popularity of MDAG (WDAG), because it does not work on Windows Home and it runs Edge browser.
Click to expand...
That article states

Quote

As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

Unquote

On the enterprise level the admin is able to do that but not as a home user. Basically, all my favorites are trusted.

Now I understand. WDAG works similarly like SB/VB without a whitelist of trusted sites but at a different level. Unlike Comodo sandbox which has a whitelist of trusted sites.

Thanks guys
 
  • Like
Reactions: Andy Ful
HarborFront said:
That article states

Quote

As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

Unquote

On the enterprise level the admin is able to do that but not as a home user. Basically, all my favorites are trusted.

Now I understand. WDAG works similarly like SB/VB without a whitelist of trusted sites but at a different level. Unlike Comodo sandbox which has a whitelist of trusted sites.

Thanks guys
Click to expand...
Exactly. The doc is written for enterprise admins, and not home users. Not to mention that WDAG (now MDAG) was released in 2016 and yet Microsoft did not put up a doc for it online until 10\2021 - almost 5 years later.
 

You may also like...