search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.57k stars 122 forks source link

MDAG is deprecated - Microsoft Defender Application Guard #170

Closed HotCakeX closed 8 months ago

HotCakeX commented 8 months ago

So it's time to remove MDAG's automatic enablement form the Optional Windows Features category.

starchturrets commented 8 months ago

Unfortunate. Being able to spam a VM for sus sites was a pretty neat security feature on the part of Edge. The linked whitepaper also doesn't seem like there'll be a 1-1 replacement for the capability it provided.

HotCakeX commented 8 months ago

@starchturrets The direct replacement for it would be the Windows Sandbox I guess.

MDAG still relies on proxy settings like setting up and defining proxy servers to control its traffic flow. Who uses a proxy server these days...! And it's also not easy to make MDAG traffic go through the host's VPN. For me it always connects directly to the Internet.

Edge browser is already running in sandbox, called the Chromium Sandbox.

Edge supports many exploit guard features, all of those that the document mentions plus more are activated by the PowerShell module/script because they made Edge compatible with them.

Edge recently received some new features for workplace security such as work profiles and improvements to the SSO, Intune policies etc. almost none of them are usable in MDAG, that's why I assume the MDAG route hit a dead end.

I don't know about any unsafe website that abuses an unpatched 0day vuln in Chromium and can also escape all of those features and still do something harmful on a user's computer 😎