Windows Defender Application Guard Fails to Load

I'm trying to get Windows Defender Application Guard working on Windows 1709 Enterprise, but when I choose to open a new Application Guard instance of Edge, the "Loading" screen appears; goes from 10% to 20%, then back to 10%, and then I get the following error:

"Windows Defender Application Guard failed with error 0xc0370106, extended error 0x00000000; location: CHvsiSession:StartRemoteSession; MgrSid: {GUID}; RdpSid: {GUID containing all 0s}"

The case looks to be very similar to this one (in French): https://answers.microsoft.com/fr-fr/windows/forum/apps_windows_10-msedge-winpc/microsoft-edge-application-guard-ne-fonctionne-pas/8345e816-eafd-4a98-b3c4-0cf71fbf802d?auth=1

To resolve this, I've tried:

  • Disabling and re-enabling the feature (both with the GUI and PowerShell - rebooting in between disabling and re-enabling).
  • Checked that Virtualisation is enabled, and that the hardware is supported (it's an Intel Core-i7 3250M processor with 8GB RAM)
  • Using SFC and DISM, with no problems found (and told DISM to fix any issues it found).

Does anybody know what the cause of this error is?

Thanks,

Adam

Moved from: Windows / Windows 10 / Security & privacy

 

Question Info


Last updated May 26, 2020 Views 4,493 Applies to:

Related Forums


https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start/problems-starting-windows-defender-in-windows/808253bb-db89-4db9-a4e5-1c91a86489e9

right-click the Start button and select Command Prompt (Admin)

type in>sfc /scannow

then

type in>DISM /Online /Cleanup-Image /RestoreHealth

restart PC

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I already tried running sfc and DISM (in various orders), with those options.

The issue isn't with Windows Defender itself, it's with Application Guard (new functionality in 1709 to run Edge in a Hyper-V container) - Microsoft have rebranded most of the security functionality as "Windows Defender".

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Let me ask you, why do you need hyper V. Is this a home PC or small network with 6 or less pc's. If so, you have no need for hyper V. It is really for servers for virtual machines

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Application Guard uses Hyper-V just to run Microsoft Edge on user desktops in it's own virtualised container; so if a user visits a malicious website that manages to compromise the browser, the exploit is confined to the virtualised container, and so can't compromise the rest of the PC.

I'm evaluating it for deployment in multiple enterprise networks (each with several thousand PCs) to see if it would work for their users and help to protect them against ransomware or data theft attacks originating from the web.

You can find out more about Application Guard here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Application Guard uses Hyper-V just to run Microsoft Edge on user desktops in it's own virtualised container; so if a user visits a malicious website that manages to compromise the browser, the exploit is confined to the virtualised container, and so can't compromise the rest of the PC.

I'm evaluating it for deployment in multiple enterprise networks (each with several thousand PCs) to see if it would work for their users and help to protect them against ransomware or data theft attacks originating from the web.

You can find out more about Application Guard here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview

I know all about that. The real facts is if you have protection software, Defender and Firewall, then you do not need Hyper-V. That is ridiculous.

My question was, are you setting this up on a Home Network, if so, it is not going to do anything for you really, and not too many people even use Edge.

If it is a business network, then yes, using it is added security because you have many people on the network and who knows what they are doing or might do on the web and it protects your whole network from attack and data loss and hacking or from malicious emails.

Anyway have fun.

**Moderated**

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Some frustrating answers in here, I have had similar answers to my similar issue with Application Guard turning it off, or who uses Edge? are not helpful. 

My error is similar but the error code is 0x80070569. If I look at the System Event log while it is trying to start the container I can see Filter Manager errors with Event ID 3.

The error text is 

"Filter Manager failed to attach to volume '\Device\HarddiskVolume23'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C."

I have tried using the wdagtool to cleanup the container (wdagtool.exe cleanup) just hangs and Windows Defender Application Guard subsequently sits at 20%.

My issue certainly appears disk related and I will do some more testing and post back any solutions I may find.

#EDIT

Ok for some reason it's working for me now here's what I did

1. Run wdagtool.exe cleanup (this never gets past 

Terminating HvsiMgr.exe
Performing cleanup and restarting the container)

2. While wdagtool is running start an Application Guard windows

3. Control-C the wdagtool command

4. Wait

5. Get frustrated and start downloading Docker to test other Containers

6. Wait for Docker to Download

7. Get ready to install Docker and then notice the Application Guard window

Try wdagtool.exe cleanup, if it returns as failed remove the Hyper-V role and reboot and reinstall Hyper-V.

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Mine is now working - it looks like installing KB4074588 resolved the issue I was having.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Mine is now working - it looks like installing KB4074588 resolved the issue I was having.

Ya but now, you have to install KB4074588 again.

For best chances of good install try this.

You can ignore the restore part if windows is not in process of downloading and installing update again as it will soon.

https://answers.microsoft.com/en-us/windows/forum/windows_10-update/try-to-fix-system-problems-during-or-after-windows/f0550db9-66d1-4b95-b23e-36357ed5d523?tm=1519946124253

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Mine is now working - it looks like installing KB4074588 resolved the issue I was having.

I already had the KB installed

Security Update  KB4074588     NT AUTHORITY\SYSTEM  15/02/2018 12:00:00 AM

Happy to hear yours is working now.

8 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.