Microsoft

How to download files safely to your PC using Application Guard on Microsoft Edge


Windows Defender Application Guard (WDAG) is a feature available on Windows 10 Pro and Enterprise that creates a container using virtualization technology allowing to isolate a Microsoft Edge session to protect your data and device from malicious attacks.

The only caveat using this feature is that online files you download will never save directly onto your device. In fact, settings, browsing history, downloaded files are kept isolated from your computer and then deleted when you exit your account.

In order to help users have a better experience, starting with the Windows 10 April 2018 Update (version 1803) there’s a new feature to download files from the virtual container to your machine, and you can enable it using Group Policy or Registry.

In this Windows 10 guide, we’ll walk you through the steps to allow files to download and save on your computer when using a Windows Defender Application Guard session on Microsoft Edge.

How to allow file download using Application Guard on Edge using Group Policy

If you’re running Windows 10 Pro or Windows 10 Enterprise with the April 2018 Update, you can use the Local Group Policy Editor to enable the option that allows you to save files to your computer.

Important: This feature is currently only available for Windows 10 Enterprise and Windows 10 Pro. You may also need to configure network isolation policies, but it’s not required for the feature to work.

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type gpedit.msc and click OK to open the Local Group Policy Editor.
  3. Browse the following path:

    Computer Configuration > Administrative Templates > Windows Components > Windows Defender Application Guard

  4. On the right side, double-click the Allow files to download and save to the host operating system from Windows Defender Application Guard policy.

  5. Select the Enabled option.

  6. Click Apply
  7. Click OK.
  8. Restart your computer.

Once you’ve completed the steps while browsing the web, you’ll be able to download files to your computer as you would usually do using a regular tab of Microsoft Edge, but they’ll be saved automatically in the Untrusted Files folder inside the “Downloads” folder.

At any time, you can rollback the changes to prevent files from downloading to your device using the same instructions, but on step No. 5, make sure to select the Not configured option.

How to allow file download using Application Guard on Edge using Registry

Alternatively, you can also allow files to download to your computer while using an Application Guard container modifying the Registry.

Warning: This is a friendly reminder that editing the Registry is risky, and it can cause irreversible damage to your installation if you don’t do it correctly. It’s recommended to make a full backup of your PC before proceeding.

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type regedit, and click OK to open the Registry.
  3. Browse the following path:

    HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoft

    Quick Tip: On the Windows 10 Creators Update and later, you can now copy and paste the path in the new Registry’s address bar to quickly jump to the key destination.

  4. Right-click the Microsoft (folder) key, select New, and click on Key.

  5. Name the key AppHVSI and press Enter.
  6. Right-click the newly created key, select New, and click on DWORD (32-bit) Value.

  7. Name the key SaveFilesToHost and press Enter.
  8. Double-click the newly created DWORD and set the value from 0 to 1.

  9. Click OK.
  10. Restart your computer.

After completing the steps, files that you download while using a Windows Defender Application Guard container will save automatically in the Untrusted Files folders inside the “Downloads” folders.

If you want to undo the changes, you can follow the same instructions, but on steps No. 5, right-click the AppHVSI folder and select the Delete option.

Wrapping things up

While using either method to allow files to download and save on your computer, remember that you cannot open or execute downloads within an Application Guard session. Instead, after the file downloads, you can open it from the Untrusted Files folder inside your Downloads folder location.

Also, bear in mind that Windows Defender Application Guard is meant to protect your device and data from malicious attacks, and enabling this option may have its risks, as such it’s only recommended to enable this feature if you know what you’re doing.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

WP Facebook Auto Publish Powered By : XYZScripts.com