Search This Blog

Monday, February 25, 2019

Windows Defender Application Guard – Settings

Let take one more look at the Windows Defender Application Guard.

You can find the previous posts about WDAG here:

Testing Windows Defender Application Guard on a VM

Windows Defender Application Guard

In the last post we saw that by default we were not allowed to do copy and paste operations

Your admin doesn’t allow you to copy and paste this content between Application Guard and other apps.

image_thumb11

This can be allowed by using the GPO:

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard clipboard settings

image

We can here choose between the following Clipboard behavior settings:

image

  • Block clipboard operations(default)
  • Enable clipboard operation from an isolated session to the host
  • Enable clipboard operation from an host to the isolated session
  • Enable clipboard operation both directions

So we can allow cut and paste in any direction we would like.

We can also control what the users are allowed to copy in Clipboard content options:

  • Allows text copying (Value of 1)
  • Allows image copying (Value of 2)
  • Allows both text and image copying (Value of 3)

image

If we try to open a trusted site inside WDAG, we will see this warning:

If this is a work-related site, open it in a new Microsoft Edge windows outside of Application Guard

image

We can allow some sites to be open in both in WDAG and on the host itself by using the GPO

Computer Configuration\Policies\Administrative Templates\Network\Network Isolation\Domains categorized as both work and personal

Here we can use a comma-separated list:

image

Now https://www.mindcore.dk can also open in WDAG:

image

If the user clicks at the WDAG icon in the upper left corner, it will be possible to click Learn more:

image

Then the user will get more information (just a little bit):

image

By default favorites will not be available in Application Guard with this message:

To help protect your PC, favorites and reading list will be unavailable in Application Guard for Microsoft Edge.

image

We can allow the use of favorites by using this GPO

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard

image

After enabling this policy we can use favorites and they will be remembered between WDAG sessions, so will cookies and recent URL’s you have used:

image

But favorites are still not shared with favorites on the host, so two separate favorites lists:

image

If you try to print from WDAG you will by default have no printers because printing is not allowed:

image

We can change this behavior by using the GPO

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard print settings

Allowed print types holds a lot of options:

  • 0. Disables all print functionality
  • 1. Enables only XPS printing
  • 2. Enables only PDF printing
  • 3. Enables both PDF and XPS printing
  • 4. Enables only local printing
  • 5. Enables both local and XPS printing
  • 6. Enables both local and PDF printing
  • 7. Enables local, PDF, and XPS printing
  • 8. Enables only network printing
  • 9. Enables both network and XPS printing
  • 10. Enables both network and PDF printing
  • 11. Enables network, PDF, and XPS printing
  • 12. Enables both network and local printing
  • 13. Enables network, local, and XPS printing
  • 14. Enables network, local, and PDF printing
  • 15. Enables all printing

image

And now we have the printers redirected to WDAG:

image

We can reset and restart WDAG with the command wdagtool.exe cleanup, this will still keep our user data like favorites.

image

Using the command wdagtool.exe cleanup RESET_PERSISTENCE_LAYER, will also cleanup user data like favorites:

image

Favorites are now gone, but we can start adding again:

image

We have many more options for WDAG, but I think you get the picture, now test in your own environment.

No comments:

Post a Comment