Spawn

Administrator
Verified
Staff member
This is not a full review, lightly edited and full of typos..

As a Windows 10 Pro user running April 2018 (build v1803), I have the privilege to try Application Guard for Microsoft Edge. As a warning, it's fairly limited in comparison to W10 Enterprise, and likely to software of a similar nature.

Before saying you can't find the option, yes, it's not available for Windows 10 Home users running build v1803. W10 Pro users who meet the software and hardware requirements, may be able to try it, but experiences may differ.

So far I have found the following:

Opening a new Application Guard window in Microsoft Edge loads instantly on SSD. May take longer for slower CPUs and HDDs.

1525793448134.png


Downloaded files are accessible via File Explorer, under the Orange bar (Isolated).

1525793276027.png

Able to view PDFs in Edge, but wanted to see a local file open, so I downloaded the Eicar test file, which opened without a hitch. You may notice it was not blocked by SmartScreen - for which I do not know the answer for.

1525793599488.png


Also was allowed to download a compressed file and extract, but cannot launch any .EXE files. This could be a limited for W10 Pro users, but not a big concern.

1525793851391.png

It uses Hyper-V and runs similar to Seamless mode of VirtualBox, but considerably smarter and faster.


Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can't get to your enterprise data.
About: Windows Defender Application Guard (Windows 10)
What are your thoughts and opinions on this limited version of WDAG for Microsoft Edge?

1525792963733.png
 
Last edited:

shmu26

Level 82
Verified
Trusted
Content Creator
Seeing as it uses Hyper-V, I am wondering if you can use it together with Core isolation, which also uses Hyper-V?

FYI the documentation says it does not support extensions, so that is one reason not to use it.
 
Last edited: