Sandbox protection without external help Windows 10 Defender comes by itself

Many people have used sandbox protection software, which maps users’ current operations to a virtual sandbox so that all operations in the sandbox will be automatically cleared after shutting down the system, thus effectively protecting system security. Now in Windows 10 v1803 version, the new Windows Defender Application Guard (hereinafter referred to as WDAG), which is designed for Windows 10 sandbox component, can effectively isolate the user or enterprise untrusted site, to protect the safety of our Internet.

Trivia: How WDAG secures the Internet

We know that nowadays almost 90% of the threats are from the Internet, if you visit some hanging horse or web pages containing malicious code, so that viruses, Trojans or hackers can easily invade our computers. Internet access is mainly done through the browser, WDAG with the system comes with Hyper-V virtual system, then the user’s Internet browsing isolated in the virtual system. This way when users activate WDAG protection, Microsoft Edge will open these websites in the isolated container of Hyper-V, thus isolating the website from the host operating system, making the host system protected and effectively stopping attackers from invading (Figure 1).


Figure 1 WDAG schematic diagram

The WDAG component requires Enterprise Edition support if it is version V1709. v1803 can support Professional Edition users, so users who need to use this component should first confirm whether their version is Professional Edition or Enterprise Edition (and at least 8GB of memory), update their system to the latest version using the System Update update component, and after the update is complete, launch Notepad and click “Help→About, confirm your system version is 1803 and above (Figure 1).


Figure 2 View Version

Simple setup to enable WDGA protection component

Type “Enable or disable Windows features” in the search box, check “Windows Defender Application Protection” in the window that opens, click “OK “Follow the prompts to turn on the support of this component, and after restarting the system, you can use the WDGA component to protect the system (Figure 3).


Figure 3 Open component

So that if you need to use WDGA protection mode to browse the web later, after starting EDGE, click “Menu→New Application Protection Window”, which will open a new window with WDGA protection in EDGE (Figure 4).


Figure 4 New Application Protection window

Use WDGA protection for security

After starting WDGA Protection, WDGA Protection will first initialize the isolated environment and open a new Microsoft Edge with a striking orange window edge and a striking “Application Protection” icon in the upper left corner, allowing users to visually see that they are now in a protected state (Figure 5). protected state (Figure 5).


Figure 5 Turning on WDGA protection for browsing

When WDGA protection is enabled for web browsing, by default all operations performed in this window will be isolated in a relatively independent sandbox environment, which is like running an EDGE browser in a virtual machine. All operations in the browser will be isolated from the current host system, for example, if the user browses a horse-hanging web page in the protected browser or downloads a virus in it, all operations will be cleared when we close EDGE, and naturally the virus and Trojan horse will not infect the current host system (Figure 6).


Figure 6 You can visit unsafe websites in WDAG protection window

Tip: Although WDGA protection can achieve isolated browsing, but users visiting malicious websites in it, there is still the possibility of danger. For example, if you visit a phishing website, if you enter information like bank card number, password, etc., this information will still be stolen by hackers. Be sure to strengthen self-protection when visiting these websites!

Use as needed, turn on WDGA flexible protection

By default with WDGA protection turned on, we paste downloaded files, documents or copied text into the host system in protected mode. If you need to use this protection flexibly, you can set it in the Group Policy Editor. For example, if you need to access some dangerous websites in WDGA protected environment for security testing, and you need to copy some virus samples or codes to the host system for storage, you can enable the copy and paste function from the quarantine system in Group Policy at this time.

Type “gpedit.msc” in the search box to start the Group Policy Editor, and locate “Computer Configuration → Administrative Templates → Windows Components → Windows Defender Application Protection”, then double-click Configure Windows Defender Application Guard Clipboard Settings” on the right side (Figure 7).


Figure 7 Group Policy Settings

For example, if you need to allow copying of specific text (such as malicious code text) from the quarantine system, select “Apply clipboard operations from quarantine session to host” for “Clipboard behavior settings”, and set the content option is set to “1”, and click OK to exit (Figure 8).


Figure 8 Setting up clipboard operation

This way, when we view the malicious code text on the quarantine system, we can use the copy and paste method (which cannot be performed by default) to paste the code text into the current host system. Other operations such as printing, sharing, saving downloaded data and files from the quarantine system can also be set up in the corresponding settings options. In this way, WDGA can not only protect the security of browsing, but also selectively extract elements from the isolated system according to your actual needs.

Leave a Comment