From ec9a88a0a568529121b2be66ff5c32abd81c305b Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Fri, 15 Jan 2021 20:04:54 -0800 Subject: [PATCH 1/4] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index ab42d2eb12..042ec80a0c 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -159,6 +159,28 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli 5. Reboot the device. +### Why doesn't the container not fully load when Device Control Policies are enabled? +The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. + +Policy: Allow installation of devices that match any of these device IDs +• SCSI\DiskMsft____Virtual_Disk____ +• {8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba +• VMS_VSF +• root\Vpcivsp +• root\VMBus +• vms_mp +• VMS_VSP +• ROOT\VKRNLINTVSP +• ROOT\VID +• root\storvsp +• vms_vsmp +• VMS_PP + +Policy: Allow installation of devices using drivers that match these device setup classes +• {71a27cdd-812a-11d0-bec7-08002be2092f} + + + ## See also -[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard) \ No newline at end of file +[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard) From e7491730ab4ee920cd8c6f29d27754a4d9edf369 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 18 Jan 2021 11:11:10 -0800 Subject: [PATCH 2/4] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 042ec80a0c..aa8e4b49ee 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -159,7 +159,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli 5. Reboot the device. -### Why doesn't the container not fully load when Device Control Policies are enabled? +### Why doesn't the container fully load when device control policies are enabled? The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. Policy: Allow installation of devices that match any of these device IDs From 6941245d72b580c81b69e8a5879427d40d81225d Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Wed, 20 Jan 2021 12:11:11 -0800 Subject: [PATCH 3/4] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../faq-md-app-guard.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index aa8e4b49ee..1848ca38b2 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -163,21 +163,21 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. Policy: Allow installation of devices that match any of these device IDs -• SCSI\DiskMsft____Virtual_Disk____ -• {8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba -• VMS_VSF -• root\Vpcivsp -• root\VMBus -• vms_mp -• VMS_VSP -• ROOT\VKRNLINTVSP -• ROOT\VID -• root\storvsp -• vms_vsmp -• VMS_PP +- SCSI\DiskMsft____Virtual_Disk____ +- {8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba +- VMS_VSF +- root\Vpcivsp +- root\VMBus +- vms_mp +- VMS_VSP +- ROOT\VKRNLINTVSP +- ROOT\VID +- root\storvsp +- vms_vsmp +- VMS_PP Policy: Allow installation of devices using drivers that match these device setup classes -• {71a27cdd-812a-11d0-bec7-08002be2092f} +- {71a27cdd-812a-11d0-bec7-08002be2092f} From eee81169e423a772145ed9ed0b340cb62779f1fd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 20 Jan 2021 16:54:30 -0800 Subject: [PATCH 4/4] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 1848ca38b2..fa3402a679 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 11/03/2020 +ms.date: 01/21/2021 ms.reviewer: manager: dansimp ms.custom: asr @@ -146,7 +146,7 @@ There is a known issue such that if you change the Exploit Protection settings f ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys. -1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. +1. In the Group Policy setting, **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. 2. Disable IpNat.sys from ICS load as follows:
`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1` @@ -160,24 +160,24 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli 5. Reboot the device. ### Why doesn't the container fully load when device control policies are enabled? -The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. +Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly. Policy: Allow installation of devices that match any of these device IDs -- SCSI\DiskMsft____Virtual_Disk____ -- {8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba -- VMS_VSF -- root\Vpcivsp -- root\VMBus -- vms_mp -- VMS_VSP -- ROOT\VKRNLINTVSP -- ROOT\VID -- root\storvsp -- vms_vsmp -- VMS_PP +- `SCSI\DiskMsft____Virtual_Disk____` +- `{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba` +- `VMS_VSF` +- `root\Vpcivsp` +- `root\VMBus` +- `vms_mp` +- `VMS_VSP` +- `ROOT\VKRNLINTVSP` +- `ROOT\VID` +- `root\storvsp` +- `vms_vsmp` +- `VMS_PP` Policy: Allow installation of devices using drivers that match these device setup classes -- {71a27cdd-812a-11d0-bec7-08002be2092f} +- `{71a27cdd-812a-11d0-bec7-08002be2092f}`