A look at Windows Defender Application Guard extension for Firefox and Chrome
Microsoft released the extension Windows Defender Application Guard for Google Chrome and Mozilla Firefox recently.
Windows Defender Application Guard is a security feature designed to load untrusted sites and services in a lightweight virtual machine. It requires Windows 10 Professional or Enterprise at the time of writing, and works in standalone and Enterprise-managed modes. It requires at least Windows 10 version 1803.
The new browser extension brings Application Guard functionality to the third-party browsers Google Chrome and Mozilla Firefox.
Windows Defender Application Guard extension
Installation is slightly more complicated than installing another browser extension. The main reason for that is that you need to make sure that Application Guard is turned on as a feature on the device, and that you have installed the Microsoft Store companion app as well.
In other words: you may need to install three different applications before you can make use of it.
The following steps are required:
- Enable Windows Defender Application Guard on the device if it is not turned on already. Make sure the system meets the hardware and software requirements.
- Install the Windows Defender Application Guard companion application from the Microsoft Store.
- Install the Google Chrome extension or the Mozilla Firefox add-on.
- Enterprise-only: Define network isolation settings to define a list of trusted sites that you may access using Chrome or Firefox.
- Restart the device.
Using the extension
The extension highlights if all requirements are met after installation. You should see three green lights indicating that the device is compatible, that the companion app is installed, and that Application Guard is turned on.
How the extension is used depends largely on the edition of Windows 10.
Note: You may want to turn off diagnostic data collecting that is enabled by default. Just click on the extension icon and toggle "Allow Microsoft to collect diagnostic data" to do so.
Standalone mode
Windows 10 Pro users and Enterprise users who choose standalone mode get very little out of the extension as it does not work automatically in that mode.
All you can do, really, is to click on the extension icon and there on the "New application guard window" button to start a new Application Guard instance of Microsoft Edge.
More comfortable than having to launch Application Guard instances from Microsoft Edge manually, but not by much and probably not worth the hassle of installing the extension and Microsoft Store application.
Enterprise-managed mode
Enterprise administrators have additional configuration options that automate the experience. All that is required for that is to set up network isolation settings; these define trusted sites, e.g. an IP address range, that users may access using the third-party browsers the extension is installed in.
Any site not on the trust list is automatically redirected to the Microsoft Edge Application Guard instance.
When users navigate to a site, the extension checks the URL against a list of trusted sites defined by enterprise administrators. If the site is determined to be untrusted, the user is redirected to an isolated Microsoft Edge session. In the isolated Microsoft Edge session, the user can freely navigate to any site that has not been explicitly defined as trusted by their organization without any risk to the rest of system.
Microsoft plans to extend the functionality by loading trusted sites opened in the Application Guard instance in the third-party browser.
With our upcoming dynamic switching capability, if the user tries to go to a trusted site while in an isolated Microsoft Edge session, the user is taken back to the default browser.
Closing Words
The Windows Defender Application Guard extension is a useful browser extension for Enterprise environments in which supported third-party browsers are permitted. It seems less likely that it will see a lot of traction on Pro devices though due to the limitations.
Now You: Do you use Application Guard or other browsing virtualization services?
Since I’ve rarely wanted to transfer more than one tab between browsers, I’m not inclined to install another extension just for that — especially one that (according to your description) closed all my tabs in the process. In the past I’ve just copied and pasted the URL, but (even for just one tab) that is a little tedious.
I just tried an interesting little experiment, with a useful result. (I did this on my Mac, but I’m guessing it would work on other platforms too.) I’m reading this article in Firefox, so I opened a new blank window in Chrome. At the top of both browser windows, at the far-left end of the URL bar, there’s a little icon of the letter “i” in a circle. (If you hover over it in Firefox, it says “Show site information”; in Chrome, hovering it says “View site information” — that’s the icon I’m talking about.)
I simply dragged the Firefox “i” icon from the top of this page, into the Chrome window — and this page loaded in Chrome! It worked! Then I tried something just a bit trickier, in the other direction — I first (from a bookmark) loaded into Chrome a page from my local web-development server (i.e. not online)… then dragged the “i” icon from the Chrome toolbar into this Firefox window — and it worked then too!
So, although I have no interest in the OneTab extension, I just learned something useful! I hope other people find this trick useful too. (Later I’ll try it in Safari — maybe it works in every browser?)
Interresting find Jonas, thanks for sharing!
Your comment doesn’t appear to be one of the real @Martin, because there is no black label rounding the entire title of the comment as before. :S
I also used onetab already and didn’t even know they had this feature. Thanks so much.
Exporting tabs to FF: “The address wasn’t understood. Firefox doesn’t know how to open this address, because one of the following protocols (chrome-extension) isn’t associated with any program or is not allowed in this context.”
Useless.
And the most important information was left out of the article or it don’t even exist in the first place: how to completely disable such functionality.
Your comment doesn’t make any sense at all. It’s an explicit user action to import data from other add-ons. If you don’t want it you just don’t do it.
This comment actually does make a lot of sense, and I am actually searching for this. Some people do NOT want websites to be (badly) translated, so they never use such a feature. The things is, every time I visit a non-english website this annoying menu pops up, and the button is another element in the URL bar cluster of useless unused features. I do not want to add all languages to a “do not translate” list, instead I want a “hide button” or “disable translations completely” setting.
This comment actually does make a lot of sense, and I am currently searching for this. Some people do NOT want websites to be (badly) translated, so they never use such a feature. The things is, every time I visit a non-english website this annoying menu pops up, and the button is another element in the URL bar cluster of useless unused features. I do not want to add all languages to a “do not translate” list, instead I want a “hide button” or “disable translations completely” setting.
my bad. somehow my, and I think DMoRiaM’s comment got mixed into the wrong article. Haha.
go to about:config and set browser.translations.automaticallyPopup to false.
Does this hack still work on FF 107 or whatever is most current?
Firefox 118 seems to be officially rolling this out by default: https://support.mozilla.org/en-US/kb/website-translation
Hoping Mozilla won’t remove the option altogether in the future as they already did for other, ahem, unwanted features… Why don’t they listen to their users instead?
@zed,
your reply seems to be Addlibs (according to your RSS reader),
Addlibs did not intend to comment on this article “OneTab browser extension”, but regarding Firefox’s new built-in fullpage translation “Firefox Translation”.
Firefox Fullpage Translation
https://support.mozilla.org/en-US/kb/website-translation
what the heck is going on with comments on this site lately?
first comment on THIS article was 9-2019.
Looks like the comments database is corrupted.
Besides old comments appearing in new articles, the same comment appears in multiple articles.
Also I answered a comment in one article, and the same answer appeared as an answer to a different comment by the same person.
@Martin Brinkmann,
Anyway, please deal with this anomaly ASAP.
Comments are a mess, irrelevant and chaotic.
If there is no prospect, Ghacks Technology News should be put on hiatus until the system is fixed.
It’s the same as before with endless monologues or people telling others why they are wrong.
Actually, Frankel, it’s you who’s wrong
This is all techo-BS. What people want is far simpler: a hotkey toggle: images on/images off. Is that really so complex? Seems so. It’s like autoplay videos on/off. In that case you can set it to off but it doesn’t stick. Typical digiocy.
This isn’t great but it might help people that have moved from chrome to firefox to some extent. I can’t tell you the amount of time I have seen people complain that a certain extension they use on google is not available and the only thing holding them back from moving over when they are actually wrong and the very same developer has a Firefox version also. I would always encourage manually looking as there are always hidden gems.
In regards to the website I have reached out to Martin personally and to his credit he replied very quickly. He has informed me that they are aware of the problems and are attempting to fix it.
Martin is no longer involved in the technical management of the site so I imagine if we want to ask someone then our comments would perhaps be better directed towards Softonic.
I don’t understand what is happening here with the comments. The counter shows zero comments and then inside there are some comments from older dates even since years. And mostly of them are non related by the way with the article. So sad what’s going on and nobody is still fixing it. :S
This site now appears to be mostly be created and run by AI. On the positive side (if there is one), I guess we can assume at some point the AI will be capable of recognizing and fixing corrupted files and the like.
“Import Chrome extensions” …. (by installing comparable Firefox extensions) … (for a small number of extensions).”
What a bunch of bogus PR spin. Someone who liked uBlock Origin on Chrome could already install it just fine on Firefox with a couple of mouse clicks. This just adds extra unnecessarily complicated steps to something that was already dead simple, all in order for Mozilla to claim fake one-to-one compatability that doesn’t actually exist.
It would be interesting if Firefox could install Chrome Addons directly from the Chrome Web Store. Although there would probably be some incompatibility, perhaps there’s a shim to translate some Chrome-specific WebExtension APIs over to Firefox. Microsoft Edge can install extensions directly from the Chrome Web Store, but Edge is using the same Blink web engine as Chrome so that makes things easy.
Don’t really care about importing as I never use that feature.
Just retire Gecko and join the Blink bandwagon already, Mozilla. Then you can guarantee 100% Chrome extension compatibility! /s
Not like your browser is getting much attention let alone budget compared to your other woke social justice initiatives.
Hello,
does anyone know if the STG has issues with the sidebar at the moment? I just added it and can not find any option to use it in the sidebar. I am also using an add-on for tree style tab…this might be the source of the problem?
Greetings, Anja
tried typing- about:config -in the search bar -( I want to enable javascript) but it simply will NOT open!
I tried Firefox Translate, but it doesn’t do Chinese or Japanese, and that’s a deal-breaker for me. I uninstalled it and am sticking with the Google Translate extension.
“…Vivaldi and Brave use self-hosted solutions, which still require connections, but offer better privacy than an integration of Google Translate or other third-party translation services would offer.”
While I like Brave as a browser, their translation “solution” just plain sucks. I’d rather have the data sent to Google or Bing, than have a translate feature that just doesn’t work properly. Not only is it not possible to select just a section of text to translate, but to make it worst, most of the time translating the whole page in Brave is either really unbearably slow, or more often than not, it just won’t translate the page at all and displays a “This page couldn’t be translated” error. It’s pretty pointless if their users need to keep using something else to translate pages and have to give up their privacy anyway.
The native translate feature in Firefox sounds like a much better solution than what Brave use.
Great news, thanx FF devs! Hopefully, more languages will be available in the future. So happy!
Floorp comes with its own built-in translator. It’s been like that ever since the first release in fact.
https://floorp.app/download
Article title: Firefox 117: native language translations, last Firefox 102 update and security fixes
https://www.ghacks.net/2023/08/29/firefox-117-native-language-translations-last-firefox-102-update-and-security-fixes/
I think for now every time I comment on an article I am going to put the title of the article and/or the URL of said article because I am seeing my own comments which are from another Firefox related article but not exactly this one.
In regards to this website Martin does not have administrative access to the back end of the website. It would fall on softonic international to fix it now which seems to be of very low priority.
This might be the straw that broke the camels back for ghacks which is a shame because it had many good comments and articles that go way back. Moving away from it would suck.
Maybe try contacting them here to see if you can get any action.
https://hello.softonic.com/contact/
Can you help me please.
Latest version, they pust their VPN (powered by Mullvad) yet again. Instead of writing version changes. sigh. https://imgur.com/g6N20bN
Luckily I had a recent backup available. Firefox was no longer giving me access to profiles when I reinstalled version 116.03 and was asking me to create a new profile. It asked me to upgrade last night and to my surprise all theJS scripts were gone.
https://github.com/xiaoxiaoflood/firefox-scripts/issues/265
Firewall: “Deny [Firefox] outgoing connections to domain nextdns.io”
Firewall: “Deny [plugin-container] outgoing connections to domain cloudflare-dns.com (including mozilla.cloudflare-dns.com)”
It’s exciting to hear that Mozilla is actively working on a design refresh for their Firefox web browser, internally referred to as Photon. The last major redesign, known as Proton, was introduced in Firefox 57 back in November 2017. Since then, Mozilla has made some interface changes, including the controversial address bar overhaul in Firefox 75 Stable.
While specific details about the design refresh are currently limited, Mozilla has created a meta bug on Bugzilla to track the changes. Although no mockups or screenshots have been shared yet, the bug names provide some insights into the elements that will receive a refresh, such as the address bar, tabs bar, main menu, infobars, doorhangers, context menus, and modals.
The new design is scheduled to be released in Firefox 89, which was initially planned for a mid-2021 release, specifically May 18, 2021. However, as development work is still ongoing, there is a possibility of a delayed release.
@ Zibtek,
I’m already using Photon on Floorp which is a fork of Firefox. Here’s a pix of what it looks like:
https://i.postimg.cc/8PsK7DjV/floorp-photon.png I enabled the menu bar at the top, but you can turn it off if you don’t like it.
Floorp is a Japanese browser based on FF102. I’ve been using it as my default browser ever since ‘owl’ pointed it out on the Ghacks site last year (or was it this year, can’t remember exactly when). In any event it contains many more enhancements than the vanilla version of Firefox. It also comes with searXNG search engine in the list of search engines provided which saves having to install it yourself.
Floorp download: https://floorp.app/en/
My comment is regarding the following,
Article title:
Mozilla patches critical WebP security issue in Firefox and Thunderbird
>> ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/#respond
Indeed, today, those patch versions were applied through automatic updates.
However, since I had disabled the “WebP” function, I was not interested in that topic (Google, etc.).
Regarding Thunderbird:
Today finally,
My Thunderbird 102.14.0 (en-US) was updated with “Thunderbird 102.15.1 (x64)” through the automatic update feature.
By the way,
Naturally, it will not be automatically updated to 115 (Supernova).
Anyway,
it is clear from Bugzilla that the bug fixes related to migration from 102 to 115 are not complete, so existing users of “102” should refrain from manually updating to 115.
>> ghacks.net/2023/09/08/thunderbird-102-to-115-upgrades-are-now-enabled/#comment-4573569
Betterbird has been released 115.2.1-bb11 (12 September 2023) . Betterbird make Thunderbird a faithful upstream.
Betterbird: Release Notes
>> betterbird.eu/releasenotes/?locale=en-US&version=115.2.1&channel=default&os=WINNT&buildid=20230911203543
@Martin Brinkmann,
I posted in response to an article published on 2023/09/13.
Article title: Mozilla patches critical WebP security issue in Firefox and Thunderbird. >> ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/
However, the link was to an unrelated article published on 2019/09/27.
>> ghacks.net/2019/09/27/how-to-import-tabs-from-chrome-to-firefox-and-vice-versa/
This kind of “disorder of Articles and Comments” has been going on for another month.
Is this an obvious (by Softonic, which operates and manages ghacks.net) act of sabotage against Martin and Ashwin?
It’s really frustrating!
[ My comment is on “Mozilla patches critical WebP security issue in Firefox and Thunderbird” https://www.ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/ though not directly related to that article ]
What happened to gHacks? When the site was bought out, Martin assured us it wouldn’t go downhill and he’d maintain editorial control, but the AI-written articles are ruining the quality of the site. I’ve been tempted to drop the site from my RSS reader because of this. Is there an RSS feed with only the human-written articles? Individual feeds for each author isn’t a good solution.
Article Title: Mozilla patches critical WebP security issue in Firefox and Thunderbird
Article URL: https://www.ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/
If anyone was unaware you should download the extension “Don’t Accept WebP” regardless of the patch. WebP is absolute trash that is unnecessary and clearly an issue. I would rather my images be in their native format and not some recompiled trash such as WebP.
I have absolutely no love for the parent company of this website.
I agree, this is so atrocious – most of the time you can even tell by the URL what format the original image was in – this “reconvert-on-the-fly” nonsense is terrible – but especially so when you’re converting a lossy format, which should be avoided as often as possible.
Sometimes you can edit the image URL to get it to send the right image, unfortunately “don’t accept WebP” doesn’t always work – but that’s why they offer a built in conversion, I suppose.
@ Mystique,
Thanks for the tip (about the addon). I wasn’t aware that Webp was a vulnerability.
I read only Martin Brinkmann’s, Mike Turcotte’s, and Ashwin’s articles. Add uBlock Origin news filter for ghacks:
! 2023-09-13 https://www.ghacks.net/
ghacks.net##.hentry,.home-posts:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
@ https://www.ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/#comment-4573641
I tried your uBlock filter on Brave snap packaga for Ubuntu, but it doesn’t work, do I need to restart the browser?
I have noticed uBO doesn’t fully work on Brave, for instance the Element Picker can’t pick anything while the Zapper do, but not 100%, Nuke Anything works much better, but it’s only temporarily.
“important address bar change” alright calm down… lol
I have gotten rid of the stupid shield and the “not secure” box, and have it set up so that it always displays the full URL (I think…?).
In a perfect world, it should just always show the full url, no icons, or emojis, or anything like that.
“Users may want to know why Firefox is no longer displaying https:// in the address bar” I’ll bet nobody will notice anything – apart from a select few autists like myself who customise everything and don’t like change.
“Users may want to know why Firefox is no longer displaying https:// in the address bar”
Why, I don’t know either (a breeze of madness or is it of love in the air), but there’s an about:config to handle that as well (Firefox) :
// display all parts of the url in the location bar (do not trim)
pref(“browser.urlbar.trimURLs”, false); // Dfault=true
Things, too many, too often are decided in spite of common sens.
Firefox is always copying whatever Chromium does… it is like they are a Chromium browser without the name and having trouble rendering many websites. In fact, it is like they are getting 400million just for existing and adopt anything Google releases or does, like web extensions, widevine, safe browsing and then visual changes like this.
I like how some people think there is a choice, and the choice is better than the leader… while still failing at basic stuff.
What’s the point of these useless changes? Just show the full address with the protocol at all times and be done with it…
I set the User Agent address bar to always show the entire URI in a unmasked format.
Martin, as of 19 September 2023, the gHacks comments system is still severely mangled. Data subjects have considerable rights conferred on them; where those decisions are likely to affect them.
Let’s start again. “I set the User Agent address bar to always show the entire URI in [an] unmasked format.”
Hallowed be the memory of the Lost Souls.
“HTTPS doesn’t mean safe:
Many people assume that an HTTPS connection means that the site is secure. In fact, HTTPS is increasingly being used by malicious sites, especially phishing ones.”
[https://www.kaspersky.com/blog/https-does-not-mean-safe/20725/]
HTTPS doesn’t mean safe
Many people assume that an HTTPS connection means that the site is secure. In fact, HTTPS is increasingly being used by malicious sites, especially phishing ones.
HTTPS doesn’t mean safe
Many people assume that an HTTPS connection means that the site is secure. In fact, HTTPS is increasingly being used by malicious sites, especially phishing ones.
website still wacked huh?
Article: Firefox 119 will launch with an important address bar change
https://www.ghacks.net/2023/09/19/firefox-119-will-launch-with-an-important-address-bar-change/
Just one thing regarding the URL bar as it looks like now in latest Firefox, the relatively new feature where some extensions would add their icon inside the URL bar, how bad can it get?
https://imgur.com/uIlWI58
https://postimg.cc/YvYnpzGh
https://ibb.co/QQT584N
ps. uploaded same pic to several links just to make sure some will work.
(For those who can’t see the pic it’s a snapshot showing a URL bar full of extensions, and also Firefox own built in icons that would appear inside the URL bar depending in some cases on which type of website is being viewed, there’s no space left for the actual thing the URL bar is supposed to view, namely the URL address itself)
Yes, I have several extensions on the toolbar, but the menu bar is pretty full and I want to keep some on the toolbar too, and usually Firefox would also push excessive extensions behind a drop-down menu for access to them as well, but as it looks like now the URL bar is given too little space priority, or is there a way to restrict to a minimum URL bar size?
You can modify Firefox with a “profileFolder/chrome/userChrome.css” file:
/* https://www.reddit.com/r/FirefoxCSS */
/* https://github.com/MrOtherGuy/firefox-csshacks */
@import url(urlbar_info_icons_on_hover.css);
@import url(page_action_buttons_on_hover.css);
@import url(compact_extensions_panel.css);
#urlbar-container:focus-within { min-width: 60vw !important; }
#navigator-toolbox .chromeclass-toolbar-additional { margin-inline: -2px !important; }
#unified-extensions-button { order: 1 !important; }
Well, Mozilla and Firefox are saved because of this and many other changes / ‘news’ in the past days!
A while ago they separated the “Firefox” brand from the “Firefox Browser” brand, now they are abandoning the Firefox brand? Or are they abandoning the Firefox Browser brand? I don’t know.
While that small change would make sense as standalone, it’s unfortunately done in a context where Google (and thus Mozilla) wants to get rid of the URL ultimately and just display search engine data on that bar, going on with that trend of the browser only being a search engine carrier.
Were users forced to use the same account for different Mozilla products ? Maybe those who want their news reading habits to be tracked and monetized by Mozilla Pocket do not want their e-commerce habits to be tracked and monetized by Mozilla Fakespot under the same identity ? This is really starting to look like a Google account. When I think that this Firefox account thing more or less started with just an end-to-end encrypted sync service where Mozilla could not access the data. Now they use accounts to monetize user data. Sigh.
There are probably still drones haunting the web claiming the highly repeated lie that “Mozilla does not even have user personal data” (meaning they only monetized the fuck out of every possible piece of sensitive private user data under other forms, without the risk of breaching GDPR). Well, sure they have, lots of that too.
“users who signed-in using Google or Apple credentials”
Wait, what ?