Not open for further replies.

MalwareTips Bot

Content Creator
Innovation in the attack space is constant as adversaries increase in both determination and sophistication. In response to increased investments in defense, attackers are adapting and improving tactics at breakneck speed. The good news is that defenders are also innovating and disrupting long reliable attack methods with new technologies. In Windows 10 we’re not just delivering tit for tat point solutions for the latest attacks; instead we’re looking closely at the root causes and are transforming the platform such that we can eradicate entire classes of attacks. Some of the most impactful improvements will come by way of attack surface area reduction and architectural change. One example of these kinds of disruptive approaches can be found in Windows Defender Application Guard (WDAG).

WDAG introduces a slimmed down version of the Hyper-V virtualization technology to bring Azure cloud-grade isolation and security segmentation to Windows applications with Microsoft Edge. WDAG for Microsoft Edge is the strongest form of isolation today, and now with the recently released Windows 10 version 1709, also known as the Fall Creators Update, users of Windows 10 Enterprise can run the Microsoft Edge browser in a fully isolated hardware environment. Doing so provides the highest level of protection against zero-day exploits, unpatched vulnerabilities, and web-based malware. The WDAG container provides a temporary, contained environment for users to experience the Internet. The ability to refresh the container when a user logs off means malware does not have a place to persist.

Threat landscape

In recent years, software isolation of commonly attacked applications such as browsers and document readers have become ubiquitous. Software isolation seeks to contain the damage in the event an application is successfully compromised by an exploit. When sandboxes are in place, malicious code delivered by a successful application exploit is restricted from accessing data and resources on the host operating system, which prevents attacks from performing lateral movement or exfiltrating sensitive information.

Attackers have adapted their tactics rapidly in response to widespread sandboxing by shifting their attention to kernel attacks. In most software sandboxes, the kernel attack surface is left unrestricted providing attackers who have achieved code execution within a sandboxed app the opportunity to "escape" and escalate the attack. This growing trend is evidenced by the data collected by Microsoft threat analysts on the number of known kernel exploits for Windows

Number of kernel exploits by year collected by Microsoft

The sharp increase in recent years is attributed to attackers leveraging kernel exploits to escape software sandboxes. Security-conscious enterprises can augment Microsoft Edge top level exploit mitigation and isolation features with an additional layer of kernel protection provided by Windows Defender Application Guard for Microsoft Edge.

Virtualization-based isolation

Microsoft has moved to counter the increase in kernel attacks through a major technological breakthrough in sandbox technology. Leveraging the power of hardware-supported virtualization technology, Windows Defender Application Guard creates what can be thought of as a "miniature" version of the parent Windows OS to host Microsoft Edge when browsing the untrusted internet. In the event that a user clicks a link or visits a site containing a full exploit chain, the container "guest" kernel is fully isolated from the host machine that contains the sensitive or enterprise data and enterprise credentials. This means even a zero-day kernel exploit will only result in a container compromise, which means that user data, apps, the organization's network, and the rest of the OS can remain secure. The container will be disposed of, removing all traces of the attack when the user logs off.

This isolation breakthrough was achieved by creating a new form of container technology that safely shares resources between a guest container and the parent OS. Unlike a standard virtual machine, the WDAG container technology securely shares DLL, executables, and other operating system resources between the guest and host, minimizing the resources needed to create a WDAG VM. As result, the unique disk footprint of the WDAG container image is an incredible 18 megabytes! In addition, the Windows operating system has been "enlightened" with full support for WDAG container apps, which includes the ability to suspend or deprioritize the container when not in use, helping to preserve battery life and make the experience of using a container app comparable to a native app. Core operating system functions like language settings, accessibility, and many other features all work across the container, making the advanced security provided by WDAG nearly transparent to the user.

Security is paramount to the value proposition for the WDAG container technology, so the Microsoft Offensive Security Research (OSR) and Windows Security Assurance (SA) partnered with the WDAG engineering team to build the technology securely from the ground up. The benefits of this partnership had a dramatic impact on WDDAG and the security promise we were ultimately able to make with it. The process we used will be detailed at the upcoming Microsoft BlueHat Conference as we think it represents a powerful model for future security-related research and development here at Microsoft. With WDAG now shipping, the effort to better secure it will continue; WDAG is continuously reviewed with a standing WDAG security bug bounty with payouts of up to $250K for discovery of issues effecting the hypervisor that it is built upon.

So in a nutshell, WDAG offers VM-grade isolation at significantly lower system resources and user experience cost.

WDAG management and Windows Defender ATP integration

User experience and isolation customizations are some of the most commonly discussed topics when we talk about isolation based security solutions. Windows Defender Application Guard offers several policies to let organizations customize the user experience and security policies based on the enterprise risk profile and security posture.

The most critical policy from a trust decision perspective is the network isolation policy that defines what URL or network locations are not managed or explicitly trusted by an enterprise and thus will open in the isolated container environment, versus those that will open on the native host browser. WDAG makes this simple to manage with options for IP- and host-based policy definitions. This policy is also shared across security features such as Windows Information Protection, where it is used to protect against enterprise data leakage

Clipboard and print policies control user initiated data exchange between Windows 10 host and the WDAG container. Persistence policy determines whether WDAG should discard all user generated session data (cookies, downloaded files, temporary Internet files etc.) on container recycle or preserve it for later use in the container.

For more details on the WDAG policies, please refer to product documentation.

Windows Defender Application Guard Management Options

For customers of Windows Defender ATP and Microsoft 365, WDAG offers deep integration with WDATP’s post-breach and EDR capabilities. This is an important integration point as it allows WDAG customers a view into any malicious attacks that have been prevented and isolated within the container and enables further remediation and defensive actions across the Windows multiple layers of security.

The WDATP team has developed a full range of container specific indicators of attack (IOAs) that are capable of detecting browser and kernel compromises. We recently demonstrated some of these capabilities in a Microsoft mechanics session that highlights the power of WDAG + WDATP as the pre- and post-breach solutions in a synthetic zero-day attack scenario:

Windows Defender ATP console showing WDAG container events

Windows Defender ATP users benefit from an investigation experience that combines events from the container and host into unified timeline while still allowing container-specific investigation through visual cues and event filtering.

The combination of the pre-breach isolation capability of WDAG and the deep investigation and analytics provided by Windows Defender ATP can provide customers with a robust defense even against the most sophisticated apex attackers.


Windows Defender Application Guard provides an additional hardware isolation-level capability on top of Microsoft Edge’s formidable exploit mitigation and sandbox features. This was enabled by engineering hardware container-based isolation capabilities into the Windows core. WDAG provides a near-native user experience with low resource consumption, deep OS enlightenment, and moderate hardware requirements. Enterprises deploying the Fall Creators Update can immediately deploy WDAG and enjoy the benefits of world-class hardware-rooted security that has enabled Microsoft Edge to become the most secure browser for enterprises.

David Weston (@dwizzzleMSFT)

Principal Group Manager, Windows & Devices Group, Security & Enterprise

Learn more about Windows 10 Fall Creators Update

Microsoft 365 Security and Management Features Available in Fall Creators Update

Windows Defender Exploit Guard: Reducing the attack surface with next-generation host intrusion prevention

Stopping ransomware where it counts: Protecting your data with Controlled folder access

Making Microsoft Edge the most secure browser with Windows Defender Application Guard

Introducing Windows Defender Application Control

Hardening the system and maintaining integrity with Windows Defender System Guard

Move away from passwords, deploy Windows Hello. Today!

What’s new in Windows Defender ATP Fall Creators Update

Antivirus evolved

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community.

Follow us on Twitter @MMPC and Facebook Microsoft Malware Protection Center

Continue reading...

Deleted member 65228

In case anyone is wondering, Microsoft Edge is better at preventing WebInject/form-grabber attacks (common technique in banking malware such as Carberp, Kronos, Zeus, SpyEye too if I recall, and other recent banking malware) compared to browsers like Internet Explorer, Google Chrome, Firefox, Opera and Safari (if it is even around anymore).

Google Chrome has decent Anti-RCE (RCE stands for Remote Code Execution - attacks such as DLL injection) however they don't seem to verify the loaded DLLs at start-up thus making it more vulnerable. Microsoft Edge doesn't have this limitation with their Anti-RCE protection.

I cannot see myself using Microsoft Edge any-time soon because I am a fan of Google Chrome/Firefox due to the speed differences.


Level 20
Content Creator
Nice addition to the browser in terms of security. However, the functionality of Edge is so behind other browsers. I mean still no decent extension catalog and customisation is almost not available... Although this is nice for the security fans, this update is again disappointing.

Deleted member 65228

I have AppGuard's MemoryGuard, though
Yeah, AppGuard is sufficient enough and it is stable/reliable. You are also a wise user anyway making you a harder target in the first place :)

This stuff is only for large businesses I'd say, and even then the use probably won't be that prevalent IMO because it will require knowledge and experience to use all of these Enterprise security features... Resulting in people just using third-party software so they can make tweaks more easily, understand what is going on more and diagnose/resolve issues which may arise due to the protection configuration. That is just my opinion.


Level 3
The thing is that Windows Defender Advanced features are only available with a Windows 10 Ent. E5 License. -.-

Would love to use it but Microsoft just thinks of Business costumers...

With Applocker - Windows Defender ATP - Windows Defender Application Guard - life would be much easyer for the normal user. ^^

Integrated Software with no extra install it is all there. :D

Windows 10 Enterprise E5
Windows 10 Enterprise E5 is the newest offer for customers who want to take advantage of everything in E3 with the addition of Windows Defender Advanced Threat Protection (Windows Defender ATP)—a security service that helps enterprises detect, investigate, and respond to advanced attacks on their networks.

Building on the existing security defenses in Windows 10, Windows Defender ATP provides a post-breach layer of protection to the Windows 10 security stack. With a combination of client technology built into Windows 10 and a robust cloud service, it can help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.
Windows 10 Licensing | Microsoft Volume Licensing

Best regards

Deleted member 65228

With Applocker - Windows Defender ATP - Windows Defender Application Guard - life would be much easyer for the normal user. ^^
I think you'll find that is not the case. A normal user wouldn't know where to start with using the features properly... And even if they did happen to manage to set it up alone, if they run into a problem caused by the configuration, they won't know how to diagnose/fix properly.

It wasn't designed for normal users.


With Applocker - Windows Defender ATP - Windows Defender Application Guard - life would be much easyer for the normal user. ^^

Integrated Software with no extra install it is all there.
Tell that to the Admins that have to manage it. The honest ones will tell you it is an obnoxious, undocumented, atrocious mess.

Ask @Opcode about Microsoft's "undocumented" stuff and what that means to anyone that needs the infos.

Deleted member 65228

What's the difference between this and chrome appcontainer? What about sandboxie?
Sandboxie and AppContainer do not rely on virtualisation. That doesn't make them insufficient though, they're perfectly fine IMO.

Windows Defender Application Guard utilises technology built-into the hardware on systems which support it (most systems using an Intel processor developed after 2006-2008 are likely to have some form of virtualisation support, and more or less the same boat for AMD) as leverage to create an "isolated" environment which cannot be accessed from within the Host OS. Think of it like running a Virtual Machine without having to install an entirely new Operating System or move into an entirely different environment with a brand new OS installation over the top; you just have the program running within WDAG "isolated" via real virtualisation.

Since the programs running within WDAG are "isolated" via virtualisation (basically within a Guest environment, inaccessible to software running on the Host environment), external software running from within the main Host environment will be unable to perform data theft on programs protected under the isolated environment - the isolated programs will be inaccessible entirely.
Last edited by a moderator:
Not open for further replies.