We discussed Safer web browsing with vm on windows 10 hyper-v before by creating virtual machine.
There is now an alternative thanks to WDAG.
WDAG stands for Windows Defender Application Guard. It’s Microsoft’s latest effort to offer safer web browsing using isolated Hyper-V enabled container.
You can use Microsoft Edge with WDAG enabled and the browser will run in isolation and the host computer is protected.
Limitations: You cannot download and test out software in an isolated environment.
OS Requirements
Windows 10 Pro version 1803 or higher.
Please update your Windows 10 Pro if you have an earlier version.
Hardware Requirements
- 64-bit Processor with Second Level Address Translation (SLAT)
- CPU with minimum 4 cores and support for VT-x (Intel) or AMD-V
- Minimum of 8 GB memory
- 5 GB free space
Check CPU compatibility
- run PowerShell or Command Prompt (search for PowerShell or command at Cortana and hit ‘Enter’).
- A console window will show up. Now run the command systeminfo there. You should see some results like below to determine if it is Hyper-V compatible
You need a Yes for both Virtualization Enabled In Firmware and Second Level Address Translation.
If you get a No like the screen for Virtualization Enabled In Firmware, you would need to access your computer’s BIOS and enable virtualization (if CPU supports it) there.
Enable WDAG with less than 8 GB RAM
If your hardware only has 4 GB RAM, Windows 10 will disable WDAG support and you won’t be able to install it.
But you can bypass this criteria by adding some registry values. Please note that performance may be less than optimal.
- HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount
- HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB
- HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB
Check out Microsoft’s WDAG FAQ for more info.
Install WDAG
- Right click on the Windows button and select Apps and Features
- Select Programs and Features on the right under related settings
- Select Turn Windows Feature on or off
- Select Windows Defender Application Guard and click OK
Restart your computer after installation has completed.
Run Microsoft Edge with WDAG
Starting Microsoft Edge does not run WDAG by default.
To use WDAG,
- go to Microsoft Edge’s menu
- select New Application Guard Window
A new Microsoft Edge window will show up with the WDAG icon at the top left corner of the window.
Now you can enjoy your browsing, knowing that your computer is protected.
WDAG settings
You can customize WDAG settings based on your needs.
- Right click on the Windows button and select Settings
- Select Update & Security > Windows Security > App & browser control
- Select Change Application Guard settings under Isolated browsing
