A while back I wrote about a issue I was having with Windows Defender Application Guard (WDAG). You’ll find it here:
Microsoft Defender App Guard issue
I have now managed to find a solution for this. In short, the issue, as it turns out, has to do with disk encryption. I found some information about the general issue here:
Why does my encryption driver break Windows Defender Application Guard?
Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (“0x80070013 ERROR_WRITE_PROTECT”).
Chatting with good people at Microsoft, it seems that in my particular case was solved by this update:
and was due to a BitLocker issue (being drive encryption).
So, the good news is that my issue is resolved and I can run Windows Defender Application Guard without any errors.
If you can’t install the KB for some reason and you need a quick work around, the issue was linked the BitLocker “Deny write access to fixed drives not protected by Bitlocker” policy and you should clear any group policy and set the following in Intune to Not configured as well as a work around.
So in the end it was an issue with drive encryption that was rectified with an update. Yeah!
Thanks to the people at Microsoft for the assist on this one. Now onto the next challenge.
2 thoughts on “Resolving Windows Application Guard Issues”