Enable Download to Host from Windows Defender Application Guard Microsoft Edge session – Windows Blog by Brink

Enable Download to Host from Windows Defender Application Guard Microsoft Edge session

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Microsoft Edge running in Application Guard provides the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:

  • Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
  • Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
  • Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 build 17120, the Windows Defender Application Guard (WDAG) Team has introduced new improvements for users to have a better experience. One of the items users voiced in the Feedback Hub was an inability to “download files from within WDAG” to the host. This created an inconsistent experience for Edge overall as downloaded files were stuck inside the container. In build 17120, users can now turn on a feature to download files from their WDAG Microsoft Edge browsing session onto the host file system.

After this policy (feature) is enabled, users can download files from their Windows Defender Edge session to their Downloads folder and open all files on the host. The files from Application Guard will be saved in a folder called Untrusted files nested inside the Downloads folder. This folder is created automatically when the user first downloads a file from Application Guard after enabling the policy.

This tutorial will show you how to enable or disable the ability to download files from within a Windows Defender Application Guard Microsoft Edge session to the host for all users in Windows 10 Pro and Windows 10 Enterprise.

Read more…