Microsoft Edge Application Guard Will Protect against the Mimikatz Tool - How to, Technology and PC Security Forum | SensorsTechForum.com

Microsoft Edge Application Guard Will Protect against the Mimikatz Tool

mimikatz-stforum

Windows Defender Application Guard for Microsoft Edge is Microsoft’s latest attempt to improve the security of its browser and respectively Windows 10. The new addition will run Edge in a lightweight virtual machine. Shortly said, the application is powered by virtualization-based security technology, and it employs isolated containers built directly into the hardware. This is done to prevent malicious code from running on employee devices and the corporate network. This would be indeed the next major update to Windows 10 Enterprise.

Windows 10’s Virtualization Based Security (VBS) employs small virtual machines and the Hyper-V hypervisor to cut off specific critical data and processes from the system. CredentialGuard is the most important such element. It is designed to store network credentials and password hashes in an isolated virtual machine. The isolation serves against the MimiKazt tool which was part of an attack in Mr. Robot’s second season.

Mimikatz is a post-exploitation tool written by Benjamin Delpy. The tool is used by attackers who want further and deeper access to the computer or network. This would require many tools to be implemented, and Mimikatz tries to combine them.

More about the Mimikatz Attack in Mr. Robot

Microsoft Edge Application Guard’s Virtual Machine

The virtual machine of Credential Guard is small and lightweight. The process it runs to manage credentials is somewhat straightforward and simple. Application Guard will make things more complex by running major parts of Edge on a virtual machine. However, the latter won’t need a full operating system – only a small portion of Windows features would be needed for the browser to run.

In addition, due to the virtual machine, Edge’s Application Guard will be fenced from the host platform. It won’t be able to see other processes, access local storage, or any other installed apps. Most importantly, Application Guard can’t attack the host system’s kernel.

Related: Which is the most secure browser?

The first iteration of the application is only available for Edge. Application Guard will only serve users of Windows 10 Enterprise, and administrative control through group policies will be provided. Administrators will be allowed to mark some sites as trusted, and those sites won’t use the virtual machine. Admins will also control whether untrusted sites can use the clipboard or print, ArsTechnica explains.

Application Guard was announced during Microsoft’s annual Ignite conference, along with other new products and services for IT pros. It will available in preview to Windows Insiders in early 2017.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.