SOLVED

Defender Application Guard issues

MVP

I have a new Surface pro 7 running Windows 10 Enterprise, all patched and updated. The machine is Azure AD joined and managed by Intune on a M365E5 license.

 

Every time I try and access ANY website in Edge WDAG launches and fails! So, I have two issues:

 

1. Why does Windows Defender Application Guard launch for every web site?

2. Why does it crash

 

So the error from the browser after the crash is:

 

WDAG Report - Container: Error: 0x80070013, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000

 

If I look at Event viewer | Applications and Services | Microsoft | Windows | WDAG-Manager | Operational - I see:

 

A Failure has occurred: HResult = Unspecified error, File = windows\hvsi\hvsimgr\manager\isolatedapplauncher.cpp, LineNumber = 376, Function = NULL, Message = NULL, CallingContext = NULL, Module = hvsimgr.exe, Code = NULL

 

and

 

A Failure has occurred: HResult = The media is write protected., File = windows\hvsi\hvsimgr\container\hvsicontainer.cpp, LineNumber = 769, Function = NULL, Message = NULL, CallingContext = NULL, Module = hvsimgr.exe, Code = NULL

 

also

 

C:\WINDOWS\system32>wdagtool.exe cleanup RESET_PERSISTENCE_LAYER

Terminating HvsiMgr.exe

HvsiMgr.exe process not found

Performing cleanup and restarting the container

 * [WDAGTool] - Failed to reset the container. - HRESULT: 80070013

 * [WDAGTool] - The hvsi cleanup tool has failed. - HRESULT: 80070013

 

A. I have tried enabling and disabling Hyper-V and WDAG on the device. They are all on now

B. I have disabled and re-enabled WDAG using PowerShell

C. I have run a system file scan with no errors

 

Suggestions??

 

Thanks

Robert

 

6 Replies

@Robert Crane I'm facing similar issues.

I can't even run WDAG! It's installed, available on the brwoser but does not run.

Machine fully updated and managed from Intune.

 

Thanks,

 

António

best response confirmed by Robert Crane (MVP)

Hi @Robert Crane,

 

thanks for such a quick reply.

On my side there must be something wrong regarding my configs or whatever.

Still no working.

Everything you mention, I did.

I'm going to start from scratch. and follow your steps.

 

thanks very much!

 

António Soares

I have WDAG running is Standalone mode hence all websites are launched normaly. However one website tries to open in Application Guard Window.

@Robert Crane 

 

So why not post the solution here as well?

@alfredmyers as my earlier reply notes, I wrote a blog post with the solution.. Much easier to create a document with images and stuff there than here.