Does the Microsoft Edge 109.x crash the Application Guard?

Edge[German]Does Microsoft Edge browser version 109.x crash Microsoft's Application Guard security feature on Windows? That is the statement of a user in blog comments. After the person concerned provided me with some information, I am taking up the topic in the blog to find out if there are any other affected persons who can confirm this.


Advertising

The Edge and the Application Guard

Windows Defender Application Guard (WDAG) is designed for Windows 10 and Microsoft Edge in enterprise environments. Administrators can define what belongs to trusted websites, cloud resources and internal networks. Anything not included in the list is classified as untrusted. WDAG then isolates browser sessions from the rest of the operating system via Hyper-V. Application Guard thus helps enterprise administrators isolate websites defined as untrusted. This ensures that the company is protected when employees surf the Internet on untrusted websites.

In the meantime, Application Guard is also available for Google Chrome and the Mozilla Firefox browser and can be used via extensions. Microsoft describes how Microsoft Edge supports Microsoft Defender Application Guard in the article Microsoft Edge support for Microsoft Defender Application Guard.

First user reports about issues

Problem with this approach is that it should work, but it doesn't always. In December 2022, a user posted a report titled Windows Defender Application Guard doesn't work properly in domain environment .Hangs and cant connect to internet at Learn Microsoft. And in September 2021, the thread MSEDGE crashes when trying to open a new application guard window was opened about Microsoft Edge browser crashes in connection with Application Guard.

On reddit.com, there is also a thread Microsoft Defender Application Guard 22H2 Bug, that reports Windows Defender Application Guard crashes on new devices running Windows 11 22H2 in October 2022 when users try to open a website in Microsoft Edge. As a result, administrators had to disable this feature.

New report: crash in Edge 109.x

A German blog readercontacted me a few days ago via the blog post Massive Druckprobleme im Edge 109er Zweig – Umlaute als Problem with following comments:


Advertising

In our case, the Application Guard function shoots down, Edge is thus practically no longer surfable via it

Distribute proxy settings via WPAD

108 works
109*55, dead
Must times still with. 52 test

Yop everything that is 109.* kills Application Guard

Later this user added in this comment to my blog post Edge 109.0.1518.61 fixt Druckprobleme – weitere Bugs offen? PWA-Fix:

Here is the commenter with the Application Guard problems.
Unfortunately also the version does not change anything, ERR_CONNECTION_TIMED_OUT is the result.

In the meantime we have also tested the dev branch (v110), result is the same
Ticket at MS is open, but without result so far.

By the way, Application Guard is supported for Chromium Edge for a long time, since version 77 but there it was rather…well with many disadvantages but so towards v90 it was then nevertheless in well implemented

I had then asked the person concerned if he could provide me with more details. This has now happened and I provide the information below.

Details about the WDAG crash

In a supplementary mail, the person in question, who works in an IT department at a company, wrote the following:

Hi Günter,

regarding the Application Guard problem as of v109

As written, v108 works, v109 does not work with the same configuration, and as expected MS support is a bit slow.

In the environment in question, the following applies to the infrastructure and setup of the systems:

  • Configuration is done via GPO
  • Configuration sets an explicit proxy for Application Guard
  • Configuration sets a WPAD/PAC file for "not Application Guard

The reader then sent me some more screenshots, the configuration and the log files to clarify where the problems are. To this he writes:

Simply the config setting "ApplicationGuardContainerProxy" is no longer used/correctly read and then he (presumably) wants to access the wpad source, but is not allowed to.

The reader sent me the following screenshot – click on the image to enlarge it and open it in a separate browser window.

WDAG GPOs

In the Application Guard internals, a configuration error is displayed on the utilities page (see screenshot below).

Application Guard Internals Configuation error

The reader writes about this: After refresh, it (WDAG) seems to apply our "system settings" which are NOT intended for Application Guard. It should be said that the current configuration does not allow access from Application Guard to wpad.sdk.local (we are still testing if it then "runs").

WDAG error & proxy settings

In the screenshot above, the settings for the Prox as well as the Application Guard Internals can be seen. In the Microsoft 108 development branch of the Edge browser, the interaction with the WDAG works.

At this point I would like to ask the readers if anyone else has had similar experiences with Edge 109? Or do you not use WDAG in conjunction with Edge?

Similar articled:
Windows Defender Application Guard Extensions for Chrome and Firefox
Edge 109.0.1518.52/55; enables password transfer to the cloud …
Printing issues in Edge 109 branch – special characters like umlauts are the problem
Edge 109.0.1518.61 fixes printing issues – more bugs still open?


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in browser, issue, Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *