- I-Microsoft Defender Application Guard ihlukanisa amasayithi namadokhumenti angathembekile esitsheni se-Hyper-V ukuze ivikele uhlelo kanye nedatha yenkampani.
- Ukufakwa kwayo kudinga izinhlelo ezithile namalayisense e-Windows, kanye nokuhambisana nezidingo ze-virtualization kanye nokucushwa kwenethiwekhi.
- Ukuphepha kanye nolwazi lomsebenzisi kulawulwa ngezinqubomgomo zeqembu ezilawula ibhodi lokunamathisela, ukulanda, ukuphrinta, izandiso, kanye nokufinyelela izinsiza.
- Amathuluzi okuxilonga, ukuhlola, kanye nokusekela avumela ukuhlonza ukungqubuzana, ukwenza ngcono ukusebenza, kanye nokugcina ibhalansi phakathi kokuvikela kanye nokukhiqiza.
Uma usebenza ngolwazi olubucayi noma uphequlula amawebhusayithi asolisayo nsuku zonke, I-Microsoft Defender Application Guard (MDAG) Kungenye yalezo zici ze-Windows ezingenza umehluko phakathi kokwethusa kanye nenhlekelele. Akuyona nje enye uhlelo lwe-antivirus, kodwa ungqimba olwengeziwe oluhlukanisa izinsongo ohlelweni lwakho kanye nedatha.
Emigqeni elandelayo uzobona ngokucacile Iyini ngempela i-Application Guard, isebenza kanjani ngaphakathi, ungayisebenzisa kumaphi amadivayisi, futhi uyilungiselela kanjani? Sizohlanganisa kokubili ukusetshenziswa okulula kanye nokwebhizinisi. Sizobuyekeza nezimfuneko, izinqubomgomo zeqembu, amaphutha avamile, kanye nemibuzo ehlukahlukene evame ukubuzwa lapho uqala ukusebenza ngalobu buchwepheshe.
Iyini i-Microsoft Defender Application Guard futhi isebenza kanjani?
I-Microsoft Defender Application Guard iyisici sokuphepha esithuthukisiwe esenzelwe Hlukanisa amawebhusayithi namadokhumenti angathembekile esitsheni esibonakalayo Kususelwa ku-Hyper-V. Esikhundleni sokuzama ukuvimba ukuhlaselwa ngakunye ngakunye, kudala "ikhompyutha encane elahlekayo" lapho ibeka khona izinto ezisolisayo.
Leso sitsha sisebenza ku- ihlukile ohlelweni lokusebenza oluyinhlokongesibonelo sayo esiqinile se-Windows futhi akukho ukufinyelela okuqondile kumafayela, iziqinisekiso, noma izinsiza zenkampani zangaphakathi. Ngisho noma isayithi elinonya likwazi ukuxhaphaza isiphequluli noma ubuthakathaka be-Office, umonakalo uhlala ngaphakathi kwaleyo ndawo ehlukanisiwe.
Endabeni ye-Microsoft Edge, i-Application Guard iqinisekisa ukuthi noma yisiphi isizinda esingamakwanga njengesithembekile Ivula ngokuzenzakalelayo ngaphakathi kwaleso sitsha. Ku-Office, yenza okufanayo ngamadokhumenti e-Word, Excel, kanye ne-PowerPoint avela emithonjeni inhlangano engayibheki njengephephile.
Isihluthulelo ukuthi lokhu kuhlukaniswa kungokwezinhlobo zehadiwe: I-Hyper-V idala indawo ezimele kusuka kumphathi, okunciphisa kakhulu amathuba okuba umhlaseli agxume esuka esimisweni esihlukanisiwe aye ohlelweni lwangempela, eba idatha yenkampani, noma esebenzisa iziqinisekiso ezigciniwe.
Ngaphezu kwalokho, isitsha siphathwa njengendawo engaziwa: Ayizuzi amakhukhi, amaphasiwedi, noma amaseshini omsebenzisi njengefa.Lokhu kwenza impilo ibe nzima kakhulu kubahlaseli abathembele ekuqoleni noma ekwebeni amasu ngezikhathi ezithile.
Izinhlobo zamadivayisi ezinconyiwe zokusebenzisa i-Application Guard
Nakuba i-Application Guard ingasebenza ngobuchwepheshe ezimweni ezahlukahlukene, yenzelwe ngokukhethekile izindawo zenkampani namadivayisi aphethweI-Microsoft ihlukanisa izinhlobo eziningana zemishini lapho i-MDAG inengqondo khona kakhulu.
Okokuqala kukhona ideskithophu yebhizinisi ehlanganiswe nesizindaLezi zivame ukuphathwa nge-Configuration Manager noma i-Intune. Ziyikhompyutha zendabuko zasehhovisi, ezinabasebenzisi abajwayelekile futhi zixhunywe kunethiwekhi yenkampani enezintambo, lapho ingozi ivela khona ikakhulukazi ekuphequluleni i-inthanethi nsuku zonke.
Bese siba ne ama-laptop ezinkampaniLawa futhi amadivayisi ahlanganiswe yisizinda futhi aphethwe yisikhungo, kodwa axhumeka kumanethiwekhi e-Wi-Fi angaphakathi noma angaphandle. Lapha, ingozi iyanda ngoba idivayisi ishiya inethiwekhi elawulwayo futhi ivezwe ku-Wi-Fi emahhotela, ezikhumulweni zezindiza, noma kumanethiwekhi asekhaya.
Elinye iqembu yi-BYOD (Bring Your Own Device), ama-laptop e-BYOD (Bring Your Own Device), imishini yomuntu siqu engeyona eyenkampani kodwa ephethwe ngezixazululo ezifana ne-Intune. Ngokuvamile zisezandleni zabasebenzisi abanamalungelo okuphatha endawo, okwandisa indawo yokuhlasela futhi kwenza ukusebenzisa ukuhlukaniswa ukuze kufinyelelwe ezinsizeni zenkampani kukhange kakhulu.
Ekugcineni, kukhona amadivayisi omuntu siqu angalawulwa ngokupheleleLawa amawebhusayithi angewona awanoma yisiphi isizinda futhi lapho umsebenzisi elawula khona ngokuphelele. Kulezi zimo, i-Application Guard ingasetshenziswa kwimodi yokuzimela (ikakhulukazi i-Edge) ukuhlinzeka ngesendlalelo esengeziwe sokuvikela lapho uvakashela amawebhusayithi angaba yingozi.
Ama-Windows Editions kanye neLayisensi Edingekayo
Ngaphambi kokuthi uqale ukumisa noma yini, kubalulekile ukucacisa ngalokhu. Kumaphi ama-edishini e-Windows ongawasebenzisa i-Microsoft Defender Application Guard futhi yiziphi amalungelo okuthola ilayisensi.
Ngokuba Imodi yokuzimela ye-Edge (okungukuthi, ukusebenzisa i-Application Guard kuphela njenge-sandbox yesiphequluli ngaphandle kokuphathwa kwebhizinisi okuthuthukisiwe), kusekelwa ku-Windows:
- IWindows pro
- IWindows Enterprise
- Imfundo ye-Windows Pro / SE
- Imfundo yeWindows
Kulesi simo, amalungelo elayisensi ye-MDAG ayanikezwa uma unelayisensi efana ne- I-Windows Pro / Pro Education / SE, i-Windows Enterprise E3 noma i-E5 kanye ne-Windows Education A3 noma i-A5Empeleni, kuma-PC amaningi ochwepheshe ane-Windows Pro usungakwazi kakade ukusebenzisa lesi sici ukuze usisebenzise ngokuyisisekelo.
Ngokuba imodi yebhizinisi elingaphandle kanye nokuphathwa kwebhizinisi (lapho iziqondiso ezithuthukisiwe kanye nezimo eziyinkimbinkimbi kakhulu zisebenza khona), ukwesekwa kuncishisiwe:
- IWindows Enterprise y Imfundo yeWindows I-Application Guard isekelwa kule modi.
- I-Windows Pro kanye ne-Windows Pro Education/SE cha Banokusekelwa kwalolu hlobo lwebhizinisi.
Ngokuphathelene namalayisense, lokhu kusetshenziswa kwebhizinisi okuthuthukile kudinga I-Windows Enterprise E3/E5 noma i-Windows Education A3/A5Uma inhlangano yakho isebenzisa i-Pro kuphela ngaphandle kokubhalisela kwe-Enterprise, uzokhawulelwa kwimodi yokuzimela ye-Edge.
Izimfuneko zesistimu kanye nokuhambisana kwayo
Ngaphezu kohlelo lwe-Windows, ukuze i-Application Guard isebenze kahle udinga ukuhlangana nayo. uchungechunge lwezidingo zobuchwepheshe okuhlobene nokusekelwa kwenguqulo, ihadiwe, kanye nokwenza i-virtualization.
Ngokuphathelene nohlelo lokusebenza, kuyimpoqo ukusebenzisa Windows 10 1809 noma kamuva (Isibuyekezo sika-Okthoba 2018) noma inguqulo efanayo ye-Windows 11. Akuhloselwe ama-SKU eseva noma izinhlobo ezincishisiwe kakhulu; kusobala ukuthi ihloselwe amakhompyutha amakhasimende.
Ezingeni lehadiwe, imishini kumele ibe nayo ukwenziwa kwe-virtualization okusekelwe kwihadiwe kuvunyelwe (Usekelo lwe-Intel VT-x/AMD-V kanye nokuhumusha ikheli lesigaba sesibili, njenge-SLAT), njengoba i-Hyper-V iyisici esiyinhloko sokudala isitsha esihlukanisiwe. Ngaphandle kwalesi sendlalelo, i-MDAG ngeke ikwazi ukusetha indawo yayo ephephile.
Kubalulekile futhi ukuba izindlela zokuphatha ezihambisanayo Uma uzoyisebenzisa phakathi nendawo (isibonelo, iMicrosoft Intune noma i-Configuration Manager), njengoba kuchazwe ezidingweni zesofthiwe yebhizinisi. Ukuze kube lula ukuyisebenzisa, i-interface ye-Windows Security ngokwayo izokwanela.
Okokugcina, phawula lokho I-Application Guard isenqubweni yokuyekiswa ukusebenza. KuMicrosoft Edge kwezebhizinisi, nokuthi ama-API athile ahlobene nezinhlelo zokusebenza ezizimele ngeke esabuyekezwa. Noma kunjalo, kusalokhu kujwayelekile kakhulu ezindaweni lapho kudingeka khona ukuvinjelwa kwengozi yesikhathi esifushane nesesikhathini esiphakathi.
Ukusetshenziswa: ukuphepha uma kuqhathaniswa nokukhiqiza
Enye yezinkinga zakudala ekuphepheni kwe-inthanethi ukuthola ibhalansi efanele phakathi ukuvikela ngempela, hhayi ukuvimba umsebenzisiUma uvumela amawebhusayithi ambalwa "abusisiwe", unciphisa ingozi, kodwa ubulala umkhiqizo. Uma ukhulula imikhawulo, izinga lokudalulwa liyakhuphuka.
Isiphequluli singenye ye- izindawo zokuhlasela eziyinhloko yalo msebenzi, ngoba inhloso yawo ukuvula okuqukethwe okungathembekile okuvela emithonjeni ehlukahlukene: amawebhusayithi angaziwa, okulandwayo, izikripthi ezivela eceleni, ukukhangisa okunolaka, njll. Kungakhathaliseki ukuthi uyithuthukisa kangakanani injini, kuzohlala kukhona ubuthakathaka obusha umuntu azozama ukubusebenzisa.
Kulo modeli, umphathi uchaza ngokunembile ukuthi yiziphi izizinda, ububanzi be-IP, kanye nezinsiza zamafu abazibona zithembekile. Noma yini engekho kulolo hlu iya esitsheni ngokuzenzakalelayoLapho, umsebenzisi angaphequlula ngaphandle kokwesaba ukuthi ukwehluleka kwesiphequluli kuzobeka engcupheni ezinye izinhlelo zangaphakathi.
Umphumela uba ukuzulazula okuguquguqukayo kwesisebenzi, kodwa nge umngcele ovikelwe kakhulu phakathi kwalokho okuyizwe langaphandle elingathembekile nalokho okuyimvelo yenkampani okumele ivikelwe ngazo zonke izindleko.
Izici zakamuva kanye nezibuyekezo ku-Application Guard ku-Microsoft Edge
Kuzo zonke izinguqulo ezahlukene ze-Microsoft Edge ezisekelwe ku-Chromium, i-Microsoft ibilokhu ingeza Ukuthuthukiswa okuqondile kwe-Application Guard ngenhloso yokuthuthukisa ulwazi lomsebenzisi nokunikeza umphathi ukulawula okwengeziwe.
Esinye sezici ezintsha ezibalulekile yi- ukuvimba ukulayishwa kwamafayela kusuka esitsheniKusukela ku-Edge 96, izinhlangano zikwazile ukuvimbela abasebenzisi ukuthi balayishe amadokhumenti kusuka kudivayisi yabo yasendaweni baye efomini noma kusevisi yewebhu ngaphakathi kweseshini ehlukanisiwe, besebenzisa inqubomgomo ApplicationGuardUploadBlockingEnabledLokhu kunciphisa ingozi yokuvuza kolwazi.
Enye intuthuko ewusizo kakhulu yi- imodi yokwenziwa, itholakala kusukela ku-Edge 94. Uma ivuselelwa yinqubomgomo ApplicationGuardPassiveModeEnabledI-Application Guard iyeka ukuphoqelela uhlu lwesayithi futhi ivumela umsebenzisi ukuthi aphequlule i-Edge "ngokuvamile," noma ngabe isici sihlala sifakiwe. Kuyindlela elula yokuba nobuchwepheshe bulungile ngaphandle kokuqondisa kabusha ithrafikhi okwamanje.
Amathuba we iye wanezela vumelanisa izintandokazi zomsingathi nesitshaLokhu kwakuyinto amakhasimende amaningi ayicelile ukuze agweme ukuba nokuhlangenwe nakho okubili kokuphequlula okungaxhunyiwe ngokuphelele. Kusukela ku-Edge 91, inqubomgomo ApplicationGuardFavoritesSyncEnabled Ivumela izimpawu ezintsha ukuthi zivele ngokulinganayo ngaphakathi kwendawo ehlukanisiwe.
Endaweni yokuxhumana, i-Edge 91 ifake ukwesekwa kwe- ilebula ithrafikhi ephuma esitsheni ngenxa yesiqondiso ApplicationGuardTrafficIdentificationEnabledLokhu kuvumela izinkampani ukuthi zithole futhi zihlunge lowo mgwaqo nge-proxy, isibonelo ukukhawulela ukufinyelela kusethi encane kakhulu yamasayithi lapho uphequlula kusuka ku-MDAG.
I-proxy ephindwe kabili, izandiso kanye nezinye izimo ezithuthukisiwe
Ezinye izinhlangano zisebenzisa i-Application Guard ezindaweni eziyinkimbinkimbi lapho zidinga khona qapha ngokucophelela ithrafikhi yeziqukathi kanye namakhono esiphequluli ngaphakathi kwaleyo ndawo ehlukanisiwe.
Kulezi zimo, i-Edge inokusekelwa kwe- ummeleli ophindwe kabili Kusukela kunguqulo ezinzile engu-84 kuqhubeke, ingalungiseka ngesiqondiso ApplicationGuardContainerProxyUmqondo uwukuthi ithrafikhi evela esitsheni idluliselwa ngeproksi ethile, ehlukile kuleyo esetshenziswa yi-host, okwenza kube lula ukusebenzisa imithetho ezimele kanye nokuhlolwa okuqinile.
Esinye isicelo esiphindaphindwayo esivela kumakhasimende kwakuwukuthi kungenzeka ukuthi sebenzisa izandiso ngaphakathi kwesitshaKusukela ku-Edge 81, lokhu kwenzeke, ngakho-ke izithiyo zezikhangiso, izandiso zangaphakathi zezinkampani, noma amanye amathuluzi angasetshenziswa uma nje ehambisana nezinqubomgomo ezichaziwe. Kubalulekile ukumemezela updateURL kwesandiso ezinqubweni zokuhlukaniswa kwenethiwekhi ukuze kubhekwe njengomthombo ongathathi hlangothi otholakala ku-Application Guard.
Izimo ezamukelekile zifaka phakathi ukufakwa okuphoqelelwe kwezandiso kumsingathi Lezi zandiso zibe sezivela esitsheni, okuvumela ukususwa kwezandiso ezithile noma ukuvimba ezinye ezibhekwa njengezingafuneki ngezizathu zokuphepha. Kodwa-ke, lokhu akusebenzi kuzandiso ezithembele ezingxenyeni zokuphatha imiyalezo zomdabu. Azihambisani ngaphakathi kwe-MDAG.
Ukuze kusizwe ekuxilongweni izinkinga zokuma noma zokuziphatha, i-a ikhasi elithile lokuxilonga en edge://application-guard-internalsUkusuka lapho, ungahlola, phakathi kwezinye izinto, ukuthi i-URL ethile ibhekwa njengethembekile noma cha ngokwezinqubomgomo ezisetshenziswe ngempela kumsebenzisi.
Okokugcina, maqondana nezibuyekezo, i-Microsoft Edge entsha izokwenza Iphinde izibuyekeze ngaphakathi kwesitshaIlandela isiteshi kanye nenguqulo efanayo nesiphequluli esiphethe. Akusaxhomekile kumjikelezo wokubuyekeza wesistimu yokusebenza, njengoba kwakunjalo ngenguqulo ye-Legacy ye-Edge, okwenza kube lula kakhulu ukugcinwa.
Indlela yokuvula i-Microsoft Defender Application Guard ku-Windows
Uma ufuna ukuyisebenzisa kudivayisi ehambisanayo, isinyathelo sokuqala yilesi sebenzisa isici se-Windows okuhambisanayo. Inqubo, ezingeni eliyisisekelo, ilula impela.
Indlela esheshayo ukuvula ibhokisi lengxoxo ethi Run nge Win + R, Ukubhala appwiz.cpl bese ucindezela u-Enter ukuze uye ngqo kuphaneli ethi "Izinhlelo Nezici". Ukusuka lapho, ohlangothini lwesobunxele, uzothola isixhumanisi esithi "Vula noma Vala izici zeWindows."
Ohlwini lwezingxenye ezitholakalayo, kuzodingeka uthole okufakiwe “Isivikelo Sezicelo Zokuvikela seMicrosoft” bese uyikhetha. Uma iyamukela, i-Windows izolanda noma ivule amandla ama-binary adingekayo futhi ikucele ukuthi uqale kabusha ikhompyutha yakho ukuze usebenzise izinguquko.
Ngemva kokuqala kabusha, kumadivayisi ahambisanayo anezinguqulo ezifanele ze-Edge, kufanele ukwazi ukwenza kanjalo Vula amafasitela amasha noma amathebhu ahlukanisiwe ngezinketho zesiphequluli noma, ezindaweni eziphethwe, ngokuzenzakalelayo ngokuya ngokucushwa kohlu lwamasayithi angathembekile.
Uma ungaziboni izinketho ezifana ne-"New Application Guard window" noma isitsha singavuli, kungenzeka ukuthi Imiyalelo oyilandelayo kungenzeka ukuthi isiphelelwe yisikhathi.Lokhu kungenzeka ukuthi uhlelo lwakho lwe-Windows alusekelwa, awunayo i-Hyper-V evuliwe, noma inqubomgomo yenhlangano yakho ikhubaze lesi sici.
Ukuhlela i-Application Guard nge-Group Policy
Ezindaweni zebhizinisi, yonke imishini ayihlelwa ngesandla; kunalokho, kusetshenziswa uhlelo oluchazwe kusengaphambili. inqubomgomo yeqembu (GPO) noma amaphrofayili okucushwa ku-Intune ukuze kuchazwe inqubomgomo phakathi nendawo. I-Application Guard incike kumabhulokhi amabili okucushwa ayinhloko: ukuhlukaniswa kwenethiwekhi kanye namapharamitha athile ohlelo lokusebenza.
Izilungiselelo zokuhlukaniswa kwenethiwekhi zitholakala ku- Computer Configuration\Administrative Templates\Network\Network IsolationYilapho, isibonelo, kuchazwa khona okulandelayo: ububanzi benethiwekhi yangaphakathi kanye nezizinda ezibhekwa njengezizinda zenkampaniokuzophawula umngcele phakathi kwalokho okuthembekile nalokho okufanele kuphonswe emgqonyeni.
Enye yezinqubomgomo ezibalulekile yilezo "Izikhawu zenethiwekhi yangasese zezinhlelo zokusebenza"Lesi sigaba sichaza, ohlwini oluhlukaniswe ngamakhoma, ububanzi be-IP obungokwenethiwekhi yenkampani. Ama-endpoints kula mabanga azovuleka ku-Edge evamile futhi ngeke atholakale endaweni ye-Application Guard.
Enye inqubomgomo ebalulekile yilena yokuthi "Ama-domain ezinsizakusebenza zebhizinisi aphethwe ngamafu"esebenzisa uhlu oluhlukaniswe ngumlingiswa | Ukukhombisa izizinda ze-SaaS kanye nezinsizakalo zamafu zenhlangano okufanele ziphathwe njengezingaphakathi. Lokhu kuzokwenziwa nase-Edge ngaphandle kwesitsha.
Ekugcineni, isiqondiso sika "Izizinda ezihlukaniswe njengezomuntu siqu nezomsebenzi" Ikuvumela ukuthi umemezele izizinda ezingasetshenziswa kokubili ngezinjongo zomuntu siqu nezebhizinisi. Lawa masayithi azofinyeleleka kokubili kusuka endaweni evamile ye-Edge kanye ne-Application Guard, njengoba kufanele.
Ukusebenzisa ama-wildcard kuzilungiselelo zokuhlukaniswa kwenethiwekhi
Ukuze kugwenywe ukubhala isizinda ngasinye ngasinye ngasinye, uhlu lokusekelwa kokwahlukaniswa kwenethiwekhi izinhlamvu ze-wildcard kumagama esizindaLokhu kuvumela ukulawulwa okungcono kwalokho okubhekwa njengokuthembekile.
Uma kuchazwe kalula contoso.comIsiphequluli sizothemba kuphela lelo nani elithile hhayi ezinye izizinda eziqukethe lona. Ngamanye amazwi, sizophatha lelo nani elingokoqobo kuphela njengelebhizinisi. impande eqondile futhi cha www.contoso.com noma izinhlobo.
Uma kuchaziwe www.contoso.com, kunjalo kuphela lowo msingathi othize kuzobhekwa njengokuthenjwa. Amanye ama-subdomain afana nalawa shop.contoso.com Babezoshiywa ngaphandle futhi bangagcina besemgqonyeni wokulahla imfucuza.
Ngefomethi .contoso.com (isikhathi esingaphambi) sibonisa ukuthi Noma yisiphi isizinda esigcina ngo-“contoso.com” sithembekile. Lokhu kuhlanganisa kusuka contoso.com up www.contoso.com noma ngisho nezibopho ezifana spearphishingcontoso.comNgakho-ke kumele isetshenziswe ngokucophelela.
Ekugcineni, uma isetshenziswa ..contoso.com (ikholoni yokuqala), wonke amazinga ohlu lwezikhundla olutholakala kwesobunxele sesizinda athembekile, isibonelo shop.contoso.com o us.shop.contoso.com, kodwa Impande ethi “contoso.com” ayithembekile Kuyindlela engcono kakhulu yokulawula lokho okubhekwa njengemithombo yebhizinisi.
Iziqondiso eziqondene ngqo ne-Guard Isicelo Esiyinhloko
Isethi yesibili enkulu yezilungiselelo itholakala ku- Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application GuardKusukela lapha izwe libuswa ukuziphatha okuningiliziwe kwesitsha kanye nalokho umsebenzisi angakwenza noma angenakukwenza ngaphakathi kwayo.
Enye yezinqubomgomo ezifanele kakhulu yile “Izilungiselelo zebhodi lokunamathisela”Lokhu kulawula ukuthi kungenzeka yini ukukopisha nokunamathisela umbhalo noma izithombe phakathi kwe-host kanye ne-Application Guard. Kumodi ephethwe, ungavumela ukukopisha kuphela kusuka esitsheni, kuphela ohlangothini oluphambene, noma ukhubaze ngokuphelele ibhodi lokunamathisela.
Ngokufanayo, umyalelo we- “Izilungiselelo zokuphrinta” Iyanquma ukuthi okuqukethwe kungaphrintwa kusukela esitsheni, nokuthi ngamafomethi anjani. Ungavumela ukuphrinta ku-PDF, XPS, amaphrinta endawo axhunyiwe, noma amaphrinta enethiwekhi achazwe ngaphambilini, noma uvimbele wonke amakhono okuphrinta ngaphakathi kwe-MDAG.
Okukhethwa kukho "Vuma ukuphikelela" Lesi silungiselelo sinquma ukuthi idatha yomsebenzisi (amafayela alandiwe, amakhukhi, izintandokazi, njll.) igcinwa yini phakathi kwezikhathi ze-Application Guard noma iyahlanzwa isikhathi ngasinye lapho imvelo ivaliwe. Ukunika amandla lokhu kumodi ephethwe kuvumela isitsha ukuthi sigcine lolu lwazi lwezikhathi zesikhathi esizayo; ukuyikhubaza kuholela endaweni ehlanzekile cishe njalo lapho uqala.
Uma unquma ukuyeka ukuvumela ukuphikelela kamuva, ungasebenzisa ithuluzi wdagtool.exe ngamapharamitha cleanup o cleanup RESET_PERSISTENCE_LAYER ukusetha kabusha isitsha bese ulahla ulwazi olukhiqizwe yisisebenzi.
Enye inqubomgomo ebalulekile yile "Sebenzisa i-Application Guard kumodi ephethwe"Lesi sigaba sichaza ukuthi lesi sici sisebenza yini ku-Microsoft Edge, i-Microsoft Office, noma kokubili. Le nqubomgomo ngeke isebenze uma idivayisi ingahlangabezani nezimfuneko noma ihlelwe ukuhlukaniswa kwenethiwekhi (ngaphandle kwezinye izinguqulo zakamuva ze-Windows lapho ingasadingeki khona ku-Edge uma kufakwe izibuyekezo ezithile ze-KB).
Ukwabelana ngamafayela, izitifiketi, ikhamera, kanye nokuhlola
Ngaphezu kwezinqubomgomo ezishiwo ngenhla, kunezinye iziqondiso ezithinta indlela isitsha esihlobana ngayo nesistimu yomsingathi kanye nezinto ezisetshenziswayo.
Ezombusazwe "Vumela amafayela ukuthi alandwe ohlelweni lokusebenza lomsingathi" Inquma ukuthi umsebenzisi angawagcina yini amafayela alandiwe endaweni ehlukanisiwe aye kumphathi. Uma ivuliwe, idala umthombo owabiwe phakathi kwezindawo zombili, ovumela nokulayishwa okuthile okuvela kumphathi kuya esitsheni—kuwusizo kakhulu, kodwa okufanele kuhlolwe ngokombono wokuphepha.
Ukucushwa kwe- “Nika amandla ukwenziwa kwe-hardware okusheshayo” Ivumela ukusetshenziswa kwe-GPU nge-vGPU ukuthuthukisa ukusebenza kwehluzo, ikakhulukazi uma kudlala ividiyo nokuqukethwe okunzima. Uma kungekho hardware ehambisanayo etholakalayo, i-Application Guard izobuyela ekunikezelweni kwe-CPU. Ukunika amandla le nketho kumadivayisi anabashayeli abangathembekile, nokho, kungandisa ingozi kumphathi.
Kukhona futhi umyalelo wokuthi vumela ukufinyelela kukhamera nemakrofoni ngaphakathi kwesitsha. Ukuyivumela kuvumela izinhlelo zokusebenza ezisebenza ngaphansi kwe-MDAG ukuthi zisebenzise lawa madivayisi, okwenza kube lula ukwenza izingcingo zevidiyo noma izingqungquthela ezivela ezindaweni ezikude, yize futhi kuvula ithuba lokweqa izimvume ezijwayelekile uma isitsha sisengozini.
Enye inqubomgomo ivumela i-Application Guard sebenzisa iziphathimandla ezithile zesitifiketi sempande yokusingathaLokhu kudlulisela esitsheni izitifiketi ezinezigxivizo zeminwe ezicacisiwe. Uma lokhu kukhutshaziwe, isitsha ngeke sizuze lezo zitifiketi njengefa, okungase kuvimbele ukuxhumana nezinsizakalo ezithile zangaphakathi uma zithembele kuziphathimandla ezizimele.
Ekugcineni, inketho ye "Vumela imicimbi yokuhlola" Kubangela ukuthi imicimbi yesistimu ekhiqizwe esitsheni ilogwe futhi izinqubomgomo zokuhlolwa kwedivayisi zitholwe njengefa, ukuze ithimba lezokuphepha likwazi ukulandelela okwenzekayo ngaphakathi kwe-Application Guard kusukela ku-host log.
Ukuhlanganiswa nokusekelwa kanye nezinhlaka zokwenza ngokwezifiso
Uma kukhona okungahambi kahle ku-Application Guard, umsebenzisi ubona i- ibhokisi lengxoxo yephutha Ngokuzenzakalelayo, lokhu kufaka phakathi incazelo yenkinga kanye nenkinobho yokuyibika ku-Microsoft nge-Feedback Hub. Kodwa-ke, lokhu okuhlangenwe nakho kungenziwa ngokwezifiso ukuze kube lula ukusekela kwangaphakathi.
Endleleni Administrative Templates\Windows Components\Windows Security\Enterprise Customization Kukhona inqubomgomo umphathi angayisebenzisa Engeza ulwazi lokuxhumana lwesevisi yokusekelaIzixhumanisi zangaphakathi noma imiyalelo emfushane. Ngale ndlela, lapho isisebenzi sibona iphutha, sizokwazi ngokushesha ukuthi sizoxhumana nobani noma ukuthi yiziphi izinyathelo okufanele sizithathe.
Imibuzo evame ukubuzwa kanye nezinkinga ezivamile nge-Application Guard
Ukusetshenziswa kwe-Application Guard kukhiqiza inani elikhulu lezinto ezisetshenziswayo. imibuzo ephindaphindayo ekusetshenzisweni komhlaba wangempela, ikakhulukazi maqondana nokusebenza, ukuhambisana, kanye nokuziphatha kwenethiwekhi.
Omunye wemibuzo yokuqala ukuthi ingabe ingavulwa yini ku- amadivayisi ane-RAM engu-4 GB kuphelaNakuba kunezimo lapho kungasebenza khona, empeleni ukusebenza kuvame ukwehla kakhulu, njengoba isitsha cishe singenye yezinhlelo zokusebenza ezisebenza ngesikhathi esisodwa.
Elinye iphuzu elibucayi ukuhlanganiswa amaphroksi enethiwekhi kanye nezikripthi ze-PACImiyalezo efana nokuthi “Ayikwazi ukuxazulula ama-URL angaphandle avela kusiphequluli se-MDAG: ERR_CONNECTION_REFUSED” noma “ERR_NAME_NOT_RESOLVED” uma ukufinyelela ifayela le-PAC kwehluleka ngokuvamile kubonisa izinkinga zokucushwa phakathi kwesitsha, i-proxy, kanye nemithetho yokuhlukaniswa.
Kukhona futhi izinkinga ezihlobene Ama-IME (abahleli bezindlela zokufaka) awasekelwa Kwezinye izinguqulo ze-Windows, ukungqubuzana nabashayeli bokubethela ama-disk noma izixazululo zokulawula idivayisi kuvimbela isitsha ekuqedeni ukulayisha.
Abanye abaphathi bahlangabezana namaphutha afana nalawa “I-ERROR_VIRTUAL_DISK_LIMITATION” Uma kukhona imikhawulo ehlobene nama-virtual disk, noma ukwehluleka ukukhubaza ubuchwepheshe obufana ne-hyperthreading obuthinta ngokungaqondile i-Hyper-V kanye, ngokwengeziwe, i-MDAG.
Kuphakanyiswa nemibuzo mayelana nokuthi kanjani themba izizinda ezithile kuphela, maqondana nemikhawulo yosayizi wohlu lwesizinda noma ukuthi ungakhubaza kanjani ukuziphatha lapho ithebhu yomsingathi ivala ngokuzenzakalelayo lapho uzulazula uye kusayithi elivuleka esitsheni.
I-Application Guard, imodi ye-IE, i-Chrome kanye ne-Office
Ezindaweni lapho Imodi ye-IE ku-Microsoft EdgeI-Application Guard iyasekelwa, kodwa i-Microsoft ayilindele ukusetshenziswa kabanzi kwalesi sici kule modi. Kunconywa ukubhukha imodi ye-IE ye-[izinhlelo zokusebenza/ukusetshenziswa okuthile]. amasayithi angaphakathi athembekile futhi sebenzisa i-MDAG kuphela kumawebhusayithi abhekwa njengangaphandle futhi angathembekile.
Kubalulekile ukwenza isiqiniseko sokuthi wonke amasayithi ahlelwe kumodi ye-IEInethiwekhi, kanye namakheli ayo e-IP ahlobene nayo, kumele futhi ifakwe ezinqubweni zokuhlukaniswa kwenethiwekhi njengezinsiza ezithembekile. Ngaphandle kwalokho, kungase kwenzeke ukuziphatha okungalindelekile lapho kuhlanganiswa imisebenzi yomibili.
Ngokuphathelene ne-Chrome, abasebenzisi abaningi bayabuza ukuthi kuyadingeka yini faka isandiso se-Application GuardImpendulo ithi cha: ukusebenza kuhlanganiswe ngokwendabuko ku-Microsoft Edge, futhi isandiso se-Chrome esidala asiyona ilungiselelo elisekelwayo uma usebenza ne-Edge.
Kumadokhumenti eHhovisi, i-Application Guard ivumela Vula amafayela e-Word, Excel, kanye ne-PowerPoint esitsheni esihlukanisiwe lapho amafayela ebhekwa njengangathembekile, ngaleyo ndlela kuvinjelwe ama-macro anonya noma amanye ama-vector okuhlasela ukuthi angafinyeleli kumphathi. Lokhu kuvikelwa kungahlanganiswa nezinye izici ze-Defender kanye nezinqubomgomo ze-file trust.
Kukhona ngisho nenketho yenqubomgomo yeqembu evumela abasebenzisi ukuthi "bathembe" amafayela athile avulwe ku-Application Guard, ukuze aphathwe njengaphephile futhi aphume esitsheni. Leli khono kufanele liphathwe ngokucophelela ukuze kugwenywe ukulahlekelwa yinzuzo yokuzihlukanisa.
Ukulanda, ibhodi lokunamathisela, izintandokazi, kanye nezandiso: ulwazi lomsebenzisi
Ngokombono womsebenzisi, eminye yemibuzo ewusizo kakhulu imayelana yini engenziwa futhi engenakukwazi ukwenziwa ngaphakathi kwesitshaikakhulukazi ngokulandwa, ukukopisha/ukunamathisela, kanye nezandiso.
Ku-Windows 10 Enterprise 1803 kanye nezinguqulo zakamuva (ezinobunye kuye ngohlobo), kungenzeka vumela ukulanda amadokhumenti kusuka esitsheni kuya kumphathi Lolu khetho belungatholakali ezinguqulweni zangaphambilini noma kwezinye izinhlelo ezifana ne-Pro, yize kwakungenzeka ukuphrinta ku-PDF noma ku-XPS bese ulondoloza umphumela kudivayisi ephethe.
Ngokuphathelene nebhodi lokunamathisela, inqubomgomo yenkampani ingavumela lokho Izithombe ngefomethi ye-BMP kanye nombhalo ziyakopishwa ukuya nokubuya endaweni ehlukanisiwe. Uma abasebenzi bekhala ngokuthi abakwazi ukukopisha okuqukethwe, lezi zinqubomgomo ngokuvamile kuzodingeka zibuyekezwe.
Abasebenzisi abaningi babuza nokuthi kungani Abaziboni izintandokazi zabo noma izandiso zabo kuseshini ye-Edge ngaphansi kwe-Application Guard. Lokhu kuvame ukubangelwa ukuvumelanisa ibhukhimakhi okukhutshaziwe noma inqubomgomo yezandiso ku-MDAG engasebenzi. Uma lezi zinketho sezilungisiwe, isiphequluli esisesitsheni singazuza amabhukhimakhi nezandiso ezithile, njalo ngemikhawulo eshiwo ngaphambilini.
Kukhona ngisho nezimo lapho kuvela khona isandiso kodwa "asisebenzi." Uma sincike ezingxenyeni zokuphatha imiyalezo zomdabu, lowo msebenzi ngeke utholakale ngaphakathi kwesitsha, futhi isandiso sizobonisa ukuziphatha okulinganiselwe noma okungasebenzi nhlobo.
Ukusebenza kwezithombe, i-HDR, kanye nokusheshiswa kwehadiwe
Esinye isihloko esivame ukuvela yileso esithi ukudlala ividiyo nezici ezithuthukisiwe njenge-HDR ngaphakathi kwe-Application Guard. Uma isebenza ku-Hyper-V, isitsha asikwazi njalo ukufinyelela ngqo kumakhono e-GPU.
Ukuze ukudlala kwe-HDR kusebenze kahle endaweni ehlukanisiwe, kubalulekile ukuthi Ukusheshisa kwehadiwe ye-vGPU kunikwe amandla ngenqubomgomo yokunikeza okusheshayo. Ngaphandle kwalokho, uhlelo luzoncika ku-CPU, futhi izinketho ezithile ezifana ne-HDR ngeke zivele kuzilungiselelo zesidlali noma zewebhusayithi.
Ngisho noma ukusheshisa kuvuliwe, uma ihadiwe yehluzo ingabhekwa njengephephile noma engahambisani ngokwanele, i-Application Guard ingase buyisela ngokuzenzakalelayo ekunikezelweni kwesofthiweokuthinta ukugeleza kwamanzi kanye nokusetshenziswa kwebhethri kuma-laptop.
Okunye ukuthunyelwa kubonise izinkinga ngokuqhekeka kwe-TCP kanye nokungqubuzana ne- Ama-VPN angabonakali eqala ukusebenza lapho ithrafikhi idlula esitsheni. Kulezo zimo, ngokuvamile kuyadingeka ukubuyekeza izinqubomgomo zenethiwekhi, i-MTU, ukucushwa kwe-proxy, futhi ngezinye izikhathi ukulungisa indlela i-MDAG ehlangana ngayo nezinye izingxenye zokuphepha ezifakiwe kakade.
Ukusekela, ukuxilongwa kanye nokubika izehlakalo
Uma, naphezu kwakho konke, kuvela izinkinga ezingenakuxazululwa ngaphakathi, i-Microsoft iyatusa vula ithikithi lokusekela elithile ye-Microsoft Defender Application Guard. Kubalulekile ukuqoqa ulwazi kusengaphambili ekhasini lokuxilonga, amalogi emicimbi ahlobene, kanye nemininingwane yokucushwa okusetshenziswe kudivayisi.
Ukusetshenziswa kwekhasi edge://application-guard-internals, kuhlanganiswe ne imicimbi yokuhlola enikwe amandla kanye nokukhishwa kwamathuluzi anjenge wdagtool.exeNgokuvamile inikeza ithimba losekelo idatha eyanele yokuthola umthombo wenkinga, kungakhathaliseki ukuthi inqubomgomo engachazwanga kahle, ukungqubuzana nomunye umkhiqizo wokuphepha, noma ukulinganiselwa kwehadiwe.
Ngaphezu kwakho konke lokhu, abasebenzisi bangenza ngezifiso imiyalezo yamaphutha kanye nolwazi lokuxhumana ebhokisini lengxoxo losekelo lobuchwepheshe be-Windows Security, okwenza kube lula ngabo ukuthola usizo olufanele. Ungabambeki ungazi ukuthi uzophendukela kubani uma isitsha singavuli njengoba bekulindelekile noma singavuli njengoba bekulindelekile.
Sekukonke, i-Microsoft Defender Application Guard inikeza inhlanganisela enamandla yokuhlukaniswa kwehadiwe, ukulawulwa kwenqubomgomo ehlanganisiwe, kanye namathuluzi okuxilonga, uma esetshenziswa kahle, anganciphisa kakhulu ingozi ehlotshaniswa nokuphequlula amasayithi angathembekile noma ukuvula amadokhumenti avela emithonjeni engabazekayo ngaphandle kokubeka engcupheni umkhiqizo wansuku zonke.
Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.