Home

Defender Application Guard issues

%3CLINGO-SUB%20id%3D%22lingo-sub-1130302%22%20slang%3D%22en-US%22%3EDefender%20Application%20Guard%20issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1130302%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20new%20Surface%20pro%207%20running%20Windows%2010%20Enterprise%2C%20all%20patched%20and%20updated.%20The%20machine%20is%20Azure%20AD%20joined%20and%20managed%20by%20Intune%20on%20a%20M365E5%20license.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEvery%20time%20I%20try%20and%20access%20ANY%20website%20in%20Edge%20WDAG%20launches%20and%20fails!%20So%2C%20I%20have%20two%20issues%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20Why%20does%20Windows%20Defender%20Application%20Guard%20launch%20for%20every%20web%20site%3F%3C%2FP%3E%0A%3CP%3E2.%20Why%20does%20it%20crash%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20the%20error%20from%20the%20browser%20after%20the%20crash%20is%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWDAG%20Report%20-%20Container%3A%20Error%3A%200x80070013%2C%20Ext%20error%3A%200x00000001%3B%20RDP%3A%20Error%3A%200x00000000%2C%20Ext%20error%3A%200x00000000%20Location%3A%200x00000000%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20I%20look%20at%20Event%20viewer%20%7C%20Applications%20and%20Services%20%7C%20Microsoft%20%7C%20Windows%20%7C%20WDAG-Manager%20%7C%20Operational%20-%20I%20see%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20Failure%20has%20occurred%3A%20HResult%20%3D%20Unspecified%20error%2C%20File%20%3D%20windows%5Chvsi%5Chvsimgr%5Cmanager%5Cisolatedapplauncher.cpp%2C%20LineNumber%20%3D%20376%2C%20Function%20%3D%20NULL%2C%20Message%20%3D%20NULL%2C%20CallingContext%20%3D%20NULL%2C%20Module%20%3D%20hvsimgr.exe%2C%20Code%20%3D%20NULL%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eand%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20Failure%20has%20occurred%3A%20HResult%20%3D%20The%20media%20is%20write%20protected.%2C%20File%20%3D%20windows%5Chvsi%5Chvsimgr%5Ccontainer%5Chvsicontainer.cpp%2C%20LineNumber%20%3D%20769%2C%20Function%20%3D%20NULL%2C%20Message%20%3D%20NULL%2C%20CallingContext%20%3D%20NULL%2C%20Module%20%3D%20hvsimgr.exe%2C%20Code%20%3D%20NULL%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ealso%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EC%3A%5CWINDOWS%5Csystem32%26gt%3Bwdagtool.exe%20cleanup%20RESET_PERSISTENCE_LAYER%3C%2FP%3E%0A%3CP%3ETerminating%20HvsiMgr.exe%3C%2FP%3E%0A%3CP%3EHvsiMgr.exe%20process%20not%20found%3C%2FP%3E%0A%3CP%3EPerforming%20cleanup%20and%20restarting%20the%20container%3C%2FP%3E%0A%3CP%3E%26nbsp%3B*%20%5BWDAGTool%5D%20-%20Failed%20to%20reset%20the%20container.%20-%20HRESULT%3A%2080070013%3C%2FP%3E%0A%3CP%3E%26nbsp%3B*%20%5BWDAGTool%5D%20-%20The%20hvsi%20cleanup%20tool%20has%20failed.%20-%20HRESULT%3A%2080070013%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA.%20I%20have%20tried%20enabling%20and%20disabling%20Hyper-V%20and%20WDAG%20on%20the%20device.%20They%20are%20all%20on%20now%3C%2FP%3E%0A%3CP%3EB.%20I%20have%20disabled%20and%20re-enabled%20WDAG%20using%20PowerShell%3C%2FP%3E%0A%3CP%3EC.%20I%20have%20run%20a%20system%20file%20scan%20with%20no%20errors%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESuggestions%3F%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%3C%2FP%3E%0A%3CP%3ERobert%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1130302%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Guard%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWDAG%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
MVP

I have a new Surface pro 7 running Windows 10 Enterprise, all patched and updated. The machine is Azure AD joined and managed by Intune on a M365E5 license.

 

Every time I try and access ANY website in Edge WDAG launches and fails! So, I have two issues:

 

1. Why does Windows Defender Application Guard launch for every web site?

2. Why does it crash

 

So the error from the browser after the crash is:

 

WDAG Report - Container: Error: 0x80070013, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000

 

If I look at Event viewer | Applications and Services | Microsoft | Windows | WDAG-Manager | Operational - I see:

 

A Failure has occurred: HResult = Unspecified error, File = windows\hvsi\hvsimgr\manager\isolatedapplauncher.cpp, LineNumber = 376, Function = NULL, Message = NULL, CallingContext = NULL, Module = hvsimgr.exe, Code = NULL

 

and

 

A Failure has occurred: HResult = The media is write protected., File = windows\hvsi\hvsimgr\container\hvsicontainer.cpp, LineNumber = 769, Function = NULL, Message = NULL, CallingContext = NULL, Module = hvsimgr.exe, Code = NULL

 

also

 

C:\WINDOWS\system32>wdagtool.exe cleanup RESET_PERSISTENCE_LAYER

Terminating HvsiMgr.exe

HvsiMgr.exe process not found

Performing cleanup and restarting the container

 * [WDAGTool] - Failed to reset the container. - HRESULT: 80070013

 * [WDAGTool] - The hvsi cleanup tool has failed. - HRESULT: 80070013

 

A. I have tried enabling and disabling Hyper-V and WDAG on the device. They are all on now

B. I have disabled and re-enabled WDAG using PowerShell

C. I have run a system file scan with no errors

 

Suggestions??

 

Thanks

Robert

 

Related Conversations