deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-27 08:13:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update faq-md-app-guard.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2021-01-20 16:54:30 -08:00
committed by GitHub
parent 6941245d72
commit eee81169e4
1 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
View File

@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 11/03/2020
ms.date: 01/21/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -146,7 +146,7 @@ There is a known issue such that if you change the Exploit Protection settings f
ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys.
1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**.
1. In the Group Policy setting, **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**.
2. Disable IpNat.sys from ICS load as follows: <br/>
`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
@ -160,24 +160,24 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
5. Reboot the device.
### Why doesn't the container fully load when device control policies are enabled?
The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly.
Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly.
Policy: Allow installation of devices that match any of these device IDs
- SCSI\DiskMsft____Virtual_Disk____
- {8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba
- VMS_VSF
- root\Vpcivsp
- root\VMBus
- vms_mp
- VMS_VSP
- ROOT\VKRNLINTVSP
- ROOT\VID
- root\storvsp
- vms_vsmp
- VMS_PP
- `SCSI\DiskMsft____Virtual_Disk____`
- `{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba`
- `VMS_VSF`
- `root\Vpcivsp`
- `root\VMBus`
- `vms_mp`
- `VMS_VSP`
- `ROOT\VKRNLINTVSP`
- `ROOT\VID`
- `root\storvsp`
- `vms_vsmp`
- `VMS_PP`
Policy: Allow installation of devices using drivers that match these device setup classes
- {71a27cdd-812a-11d0-bec7-08002be2092f}
- `{71a27cdd-812a-11d0-bec7-08002be2092f}`