Windows Defender Application Guard Update - Persistence

Microsoft

Windows Defender Application Guard (WDAG) is designed to stop attackers from establishing a foothold on the local machine or from expanding out into the rest of the corporate network.

 

If you are interested in learning more about Application Guard and how to install it in the standalone mode, please refer to the earlier post.

 

Building on our work in Build 16188, we have added support for Edge data persistence while using Application Guard. Once turned on, data generated during Edge in Application Guard sessions, such as your favorites, cookies, and saved passwords, will be persisted across Application Guard session. The persisted data will not be shared or surfaced on the host but it will be available for future Edge in Application Guard sessions.

 

How to take advantage of Persistence Settings when using Edge with Application Guard:

You enable Data Persistence for Edge in Application Guard using Group Policy. Note that Data Persistence for Application Guard with Microsoft Edge sessions is not enabled by default. To enable data persistence, close all Edge Windows and update the following policy (Windows Components -> Windows Defender Application Guard) to turn on data persistence:

 

GP.png

 

After the Group Policy settings are set, next launch New Application Guard Window from the Edge menu:2.Launch.png

 3.launch2.png

 

 

Then browse to your favorite web site and add it to Favorites in Microsoft Edge as shown here.

 4. webpage.png

 

 5. add fav.png

 

 

 

How to find your Favorites after you close Edge with Application Guard:

Since you have enabled Data Persistence using Group Policy for Application Guard, the site you saved to your Favorites will be available for later use, with Edge in Application Guard, even after reboots as well as build to build upgrades of Windows.

6. check.png

 

 

 

Apart from persistence, we have made lots of under the hood improvements and squashed many bugs during the process. If you are noticing any performance or networking issues please report them via the feedback hub.

 

Feedback Hub link: Launch Windows Feedback for Microsoft Edge\Application Guard

 

To learn more about what's coming in Windows Defender Application Guard, please take a look at this new Microsoft Mechanics video.

 

 

For FAQ please refer to the earlier post here.

 

4 Replies

In the mechanics video, near the end, there's mention of ATP. What is ATP? It looks like something to counter an advanced persistent threat, so I'm guessing ATP should have been APT...

Ok, missed that one, thanks!

the real problem with netbased attacks is there it happens in most cases when this happens there is 1 simple solution turn you machine off the it stops the machine from getting more infected