Windows Defender Application Guard

by | Dec 4, 2017 | Security | 0 comments

Windows Defender Application Guard is a new capability included in the Windows 10 Enterprise Fall Creators update that, once enabled, can prevent browser-based attacks. Microsoft states that 90% of attacks come from phishing via malicious links in e-mail. Windows Defender Application Guard leverages virtualization and Hyper-V to isolate processes running in Edge from Windows. Windows Defender Application Guard is a pre-breach defense that is designed to prevent data theft, espionage, and ransomware.

Common attacks against enterprises

It is happening all the time now.  A user receives an email, and because it looks legitimate, clicks on it not realizing it contains malicious code.  The goal of the attacker is to exploit the PC before the user realizes it and either alerts someone or takes steps to remediate the issue themselves.  This is just one way enterprises are being attacked.  We have several blogs and eBooks that explore security and attacks further, but for the purpose of this blog topic, two of the most common in this scenario are:

  • Phishing attacks via e-mail links to malicious code
  • Watering hole attacks that drop malicious payloads on the host

Windows Defender Application Guard Threat Resistance

When Windows Defender Application Guard is enabled, malicious exploits can still run, but the running processes in Edge are isolated in an Hyper-V based container and the host is protected.

  • Edge is running all the processes in isolated in a Hyper-V based container
  • The container is not connected to the host
  • The host is protected
  • The container is also blocked from accessing internal network resources
  • Without having access to the host or network, the exploit is neutralized.

Ways to Launch Application Guard

There are two ways to launch application guard:

  • Manually – the user launches application guard from the Edge menu
  • Enterprise mode – configured via group policy to always open untrusted sites in application guard

Application guard is a powerful hardware based endpoint defense to protect your business. The best defense is having a good offense! Need more information? Email, we are happy to help.