Windows Defender Application Guard with AMD CPU (Pro, 1909 Build) problem

Deleted
Not applicable

Hello guys,

 

i can't install/ enable the Windows Defender Application Guard in "Apps & Features".

The feature is greyout:

windows features.jpg

 

 

I don't think it matters that i configure the "Windows 10 Version 1903 and Windows Server Version 1903 Security Baseline (Sept2019Update)" but just in case.

 

Also my CPU is a AMD Ryzen 5 2600 with ASRock B450 Pro4 with latest BIOS (3.50) and i enable all features which are required. Same also for IOMMU support but (maybe related?) msinfo32 hide Hyper-V information if i enable AMD-V:

msinfo.jpg

 

My PC also have the requirements from https://docs.microsoft.com/de-de/windows/security/threat-protection/windows-defender-application-gua...

(16GB RAM, SSD, even IOMMU enabled)

 

I also enable the feature over Powershell and reboot but Edge doesn't show me a "open isolated tab" so i guess it doesn't work.

 

Please help

 

Edit: i also try a InPlace Upgrade (from 1809 to 1909 build) which doesn't help

11 Replies
Hi,
are you using Insider builds? because 1909 is not released yet
Hello!

Nope i don't use insider builds. I just use the official ISO download tool from https://www.microsoft.com/en-us/software-download/windows10 , mount that ISO and start the InPlace upgrade which is only a Windows repair, without delete settings or data. I also don't cut off Internet, so new+missing Updates can be installed.
After finish, i see that i have the 1909

But at no time i switch to Insider.

@Deleted 

 

Spoiler

@Deleted wrote:
Hello!

Nope i don't use insider builds. I just use the official ISO download tool from https://www.microsoft.com/en-us/software-download/windows10 , mount that ISO and start the InPlace upgrade which is only a Windows repair, without delete settings or data. I also don't cut off Internet, so new+missing Updates can be installed.
After finish, i see that i have the 1909

But at no time i switch to Insider.

 

 

Hmm okay, the text in there still says "Windows 10 May 2019 Update" though

did you have WDAG problem in build 1903 too?

I never try the 1903. Just start the InPlace upgrade and i guess that i get the 1903 but got the 1909 in the end.
Well I think it's better to wait for the official 1909 release because then there will be cumulative updates and fixes, that might fix your WDAG problem as well

@HotCakeXToday i check my event viewer and i found stuff!

 

Die Mindestanforderung wird vom System nicht erfüllt: The system does not meet the minimal requirement.
Number of processors required:4, actual:12.
Gigabytes of RAM required:8, actual:0.
Gigabytes of free disk space required: 5, actual:165
Wim path exists: 1

 

Why it say that i have 0GB RAM? I have 16GB

And because of that, i can't install it.

 

Also i install the Guard again with Powershell and found more logs in event viewer:

 

==================================================
Event Time        : 27.10.2019 14:45:38.707
Record ID         : 14
Event ID          : 205
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler: HResult = Die Anforderung wird nicht unterstützt., Datei = windows\hvsi\hvsics\dll\hvsicontainerservicemodule.cpp, LineNumber = 647, Funktion = NULL, Meldung = NULL, CallingContext = NULL, Modul = hvsicontainerservice.dll, Code = NULL,
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 3740
Thread ID         : 5592
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

==================================================
Event Time        : 27.10.2019 14:45:38.707
Record ID         : 15
Event ID          : 200
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler beim Starten des Containerdiensts. HR:Die Anforderung wird nicht unterstützt. Meldung: 
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 3740
Thread ID         : 5592
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

==================================================
Event Time        : 25.10.2019 18:50:18.258
Record ID         : 6
Event ID          : 205
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler: HResult = Die Anforderung wird nicht unterstützt., Datei = windows\hvsi\hvsics\dll\hvsicontainerservicemodule.cpp, LineNumber = 647, Funktion = NULL, Meldung = NULL, CallingContext = NULL, Modul = hvsicontainerservice.dll, Code = NULL,
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 8396
Thread ID         : 1008
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

==================================================
Event Time        : 27.10.2019 14:45:38.707
Record ID         : 16
Event ID          : 205
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler: HResult = Die Komponente wurde nicht initialisiert., Datei = windows\hvsi\settings\host\settingslib\hostsettingslib.cpp, LineNumber = 1161, Funktion = NULL, Meldung = NULL, CallingContext = NULL, Modul = hvsicontainerservice.dll, Code = NULL,
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 3740
Thread ID         : 5592
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

 

 

Also see my attachment which include the event viewer data



Now i set the RAM recommended hardware configuration to 0GB, reboot and it fully works.
But still don't know why Windows think i have 0GB RAM. The logic looks corrupt

Taskmanager even say i have 16GB and ATM 12GB are free.

@Deleted 

Spoiler

@Deleted wrote:

@HotCakeXToday i check my event viewer and i found stuff!

 

Die Mindestanforderung wird vom System nicht erfüllt: The system does not meet the minimal requirement.
Number of processors required:4, actual:12.
Gigabytes of RAM required:8, actual:0.
Gigabytes of free disk space required: 5, actual:165
Wim path exists: 1

 

Why it say that i have 0GB RAM? I have 16GB

And because of that, i can't install it.

 

Also i install the Guard again with Powershell and found more logs in event viewer:

 

==================================================
Event Time        : 27.10.2019 14:45:38.707
Record ID         : 14
Event ID          : 205
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler: HResult = Die Anforderung wird nicht unterstützt., Datei = windows\hvsi\hvsics\dll\hvsicontainerservicemodule.cpp, LineNumber = 647, Funktion = NULL, Meldung = NULL, CallingContext = NULL, Modul = hvsicontainerservice.dll, Code = NULL,
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 3740
Thread ID         : 5592
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

==================================================
Event Time        : 27.10.2019 14:45:38.707
Record ID         : 15
Event ID          : 200
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler beim Starten des Containerdiensts. HR:Die Anforderung wird nicht unterstützt. Meldung: 
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 3740
Thread ID         : 5592
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

==================================================
Event Time        : 25.10.2019 18:50:18.258
Record ID         : 6
Event ID          : 205
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler: HResult = Die Anforderung wird nicht unterstützt., Datei = windows\hvsi\hvsics\dll\hvsicontainerservicemodule.cpp, LineNumber = 647, Funktion = NULL, Meldung = NULL, CallingContext = NULL, Modul = hvsicontainerservice.dll, Code = NULL,
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 8396
Thread ID         : 1008
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

==================================================
Event Time        : 27.10.2019 14:45:38.707
Record ID         : 16
Event ID          : 205
Level             : Error
Channel           : Microsoft-Windows-WDAG-Service/Operational
Provider          : Microsoft-Windows-WDAG-Service
Description       : Fehler: HResult = Die Komponente wurde nicht initialisiert., Datei = windows\hvsi\settings\host\settingslib\hostsettingslib.cpp, LineNumber = 1161, Funktion = NULL, Meldung = NULL, CallingContext = NULL, Modul = hvsicontainerservice.dll, Code = NULL,
Opcode            : 
Task              : 
Keywords          : 0x8000000000000000
Process ID        : 3740
Thread ID         : 5592
Computer          : DESKTOP-A5RA9DJ
User              : NT-AUTORITÄT\SYSTEM
==================================================

 

 

Also see my attachment which include the event viewer data




That's strange, must be a bug, again I'm skeptical about the whole build 1909, I have no idea why Microsoft put it on the front page for everyone to download while they said they're going to release it to public in Nov 12, it is currently being finalized in the release preview ring.

anyhow, I'm on Insider build fast ring 2003 and WDAG is fine.

 

I think you should report it in the Feedbacks hub app and add your even viewer file to your feedback.

 

@Deleted 


@Deleted wrote:
Now i set the RAM recommended hardware configuration to 0GB, reboot and it fully works.
But still don't know why Windows think i have 0GB RAM. The logic looks corrupt

Taskmanager even say i have 16GB and ATM 12GB are free.

 

Nice, that's good,

would you mind mentioning how you managed to modify the recommended RAM for WDAG?

@HotCakeX 

I think you should report it in the Feedbacks hub app and add your even viewer file to your feedback.

 

 I hope they read this here.

 

@HotCakeX 


@HotCakeX wrote:

@Deleted 


@Deleted wrote:
Now i set the RAM recommended hardware configuration to 0GB, reboot and it fully works.
But still don't know why Windows think i have 0GB RAM. The logic looks corrupt

Taskmanager even say i have 16GB and ATM 12GB are free.

 

Nice, that's good,

would you mind mentioning how you managed to modify the recommended RAM for WDAG?


Sure. I follow the official guide and change the minimum RAM to 0GB with create the DWORD string "SpecRequiredMemoryInGB" with value "0" under "HKLM\software\Microsoft\Hvsi\"

Then i reboot and installation wasn't greyout and i can it install in official way, without Powershell. Also in Edge and Windows Defender i have the option to use/ config the Application Guard.