Search This Blog

Wednesday, February 13, 2019

Testing Windows Defender Application Guard on a VM

If you want to test Windows Defender Application Guard your test environment must meet the requirements:

A 64-bit computer with minimum 4 cores (logical processors) with CPU virtualization extension, minimum 8GB RAM and 5 GB free space.

But what if we want to test this on a virtual Windows 10 running on Hyper-v?

When you try to enable Windows Defender Application Guard you might see warnings like these.

Windows Defender Application Guard cannot be installed: The Processor does not have required virtualization capabilities:

image

Windows Defender Application Guard is not supported on this device configuration:

image

But we can still test on hyper-V, let me show a working configuration, you will be able to use lower settings, but it order to test this will work:

Use a Generation 2 VM with at least 4 GB RAM:

image

Use at least 2 virtual processors:

image

I have TPM and secure boot enabled, but it seems to work without, but enabling both will not hurt:

image

Then we need to enable nested virtualization on the VM, with PowerShell on the Hyper-v host:

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

image

Next since we do not fulfill the requirements, let’s lower requirements with use of registry settings as explained in the WDAG FAQ:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard

I have lowered the processor requirement (SpecRequiredProcessorCount) and the memory requirement (SpecRequiredMemoryInGB)

HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB

HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount

 image

And now we are able to enable Windows Defender Application Guard:

image

A reboot is required:

image

We are now ready to test, stay tuned for the next article about Windows Defender Application Guard.

No comments:

Post a Comment