- ä¼å¡éå®
- 2023/09/14 æ²è¼
Application Guardã解説ãåé¢ç°å¢ã§Microsoft Edgeã¨Officeã¢ããªã®ä¿è·ãå¯è½ã«
å±±å¸è¯ã®ãã¤ã¯ãã½ããEYE
- ãããã¨ããããã¾ãï¼
- ãããï¼ããè¨äºä¸è¦§ãã¿ã
![photo](https://www.sbbit.jp/article/image/122635/bit202309111243240865.jpg)
Microsoft Defender Application Guardã¨ã¯ä½ãï¼
ããMicrosoft Defender Application Guardãï¼ä»¥ä¸ãApplication Guardï¼ã¨ãWindows Sandboxãã¯ã64ãããï¼x64ï¼çã®Windows 10ãããã³Windows 11ã®Pro以ä¸ã®ã¨ãã£ã·ã§ã³ã§ãµãã¼ããããé«åº¦ãªã»ãã¥ãªãã£æ©è½ã§ããããã®æ©è½ã¯ãWindows Server 2016ã§åãã¦ãµãã¼ããããããã«ãªã£ããã¤ãã¼ãã¤ã¶ã¼åé¢ã¢ã¼ãã®ã³ã³ããæè¡ï¼Windowsã³ã³ãããDockerã¨ã³ã¸ã³ä¸ã§ã®å®è¡ããã¢ã¼ãã®1ã¤ï¼ããWindows 10以éã®ã»ãã¥ãªãã£æ©è½ã«å¿ç¨ãããã®ã§ãããMicrosoft Defender System Guardãã¨ãå¼ã°ãããä»®æ³åãã¼ã¹ã®ã»ãã¥ãªãã£ï¼VBSï¼ããæå¹ãªç°å¢ã§å©ç¨ã§ãã¾ãã
ãVBSãæå¹ãªã·ã¹ãã ã§ã¯ãé常ã®OSã«ã¼ãã«ã¨ã¯å¥ã«ããã¤ãã¼ãã¤ã¶ã¼ã§åé¢ãããç°å¢ã§ã»ãã¥ã¢ã«ã¼ãã«ãåä½ãã¾ãã
ããã®ä¸ã§éè¦ãªã·ã¹ãã ãµã¼ãã¹ï¼åé¢ããããã¼ã«ã«ã»ãã¥ãªãã£æ©é¢ï¼Isolated LSAï¼ãªã©ï¼ãåä½ãããããã¤ã¹ã¬ã¼ããï¼è¨±å¯ããã¦ããªããã©ã¤ãã¼ã®ãã¼ãããããã¯ï¼ããè³æ ¼æ å ±ã¬ã¼ããï¼è³æ ¼æ å ±ãèªã¿åããã¨ãã試ã¿ããããã¯ï¼ã¨ãã£ãã»ãã¥ãªãã£æ©è½ãæä¾ãã¾ãã
ãApplication Guardã¨Windows Sandboxãã¾ããé常ã®OSã¨ã¯ãã¤ãã¼ãã¤ã¶ã¼ã§åé¢ãããã¢ããªã±ã¼ã·ã§ã³ã®å®è¡ç°å¢ãæä¾ãããã®ã§ãï¼ç»é¢1ãç»é¢2ï¼ã
ãé常ã®ä»®æ³ãã·ã³ï¼Hyper-Vä»®æ³ãã·ã³ãªã©ï¼ã§ããåé¢ãããå®è¡ç°å¢ãæä¾ãããã¨ãã§ãã¾ãããApplication Guardã¨Windows Sandboxã¯ä»®æ³ãã·ã³ã§ã¯ãªããDockerãã¼ã¹ã®ã³ã³ããã¢ããªã¨åæ§ã«ãã¢ããªã±ã¼ã·ã§ã³å®è¡ç°å¢ãæä¾ããã®ããHyper-Våé¢ã³ã³ããã§ããã¨ããç¹ãç°ãªãã¾ãã
Hyper-Våé¢ã³ã³ããã¼ã¨ä»®æ³ãã·ã³ã®éã
ãHyper-Våé¢ã³ã³ããã¯ãApplication GuardãWindows Sandboxããã¹ãããåé¢ããå¥ã®ã«ã¼ãã«ãå®è¡ãããã®ä¸ã§Windowsãµã¼ãã¹ãã¢ããªã±ã¼ã·ã§ã³ãå®è¡ããã¾ããOSã®ã·ã¹ãã ãã¡ã¤ã«ã¯ãã¹ãã®OSã®ãã®ãå©ç¨ããããããä»®æ³ãã·ã³ã®ãããªå¤§ããªä»®æ³ãã¼ããã£ã¹ã¯ããã¦ã³ãã¼ãããå¿ è¦ã¯ããã¾ãããããããã¯ã¼ã¯ã¯NATã¹ã¤ããã«ããåé¢ããã¾ãããã¤ã³ã¿ã¼ãããã¢ã¯ã»ã¹ã¯å¯è½ã§ãããã¹ãã¨ã®ãã¡ã¤ã«ã·ã¹ãã ãã¬ã¸ã¹ããªã®å·®åã¯ãä¸æãã¡ã¤ã«ï¼sandbox.vhdxï¼ã«ä¿åãããç ´æ£å¯è½ã§ãã
ãããã¦ãä»®æ³ãã·ã³ã¨ã¯ç°ãªããã«ã¼ãã«ã¹ã±ã¸ã¥ã¼ã©ã¼ã®çµ±åãã¡ã¢ãªå ±æãä»®æ³GPUãªã©ã§ãããã©ã¼ãã³ã¹ãæé©åãããä»®æ³ãã·ã³ã§å®è£ ããããããå°ãªãã³ã³ãã¥ã¼ãã£ã³ã°ãªã½ã¼ã¹ã¨ãã£ã¹ã¯é åã§åä½ãã¾ãï¼å³1ï¼ã
ãç»é¢3ã¯ãMicrosoft Edgeç¨Application Guardã¨Windows Sandboxã®ãããããåä½ãã¦ããã¨ãã®ãã¡ã¤ã«I/OãProcess Monitorï¼Windows Sysinternalsã®ã¦ã¼ãã£ãªãã£ï¼ã§ç£è¦ãããã®ã§ãã
ãvmmemMDAGã¨vmmSandBoxã¨ããããã»ã¹åã®éãã¯ããã¾ãããåããããªãã¡ã¤ã«I/Oãè¡ã£ã¦ãããã¨ããããã§ãããã
ãã³ã³ããã®ã·ã¹ãã ãã¡ã¤ã«ã®ã¤ã¡ã¼ã¸ã¯ããC:\ProgramData\Microsoft\Windows\Containers\BaseImagesãã®ä¸ã«æºåããï¼å¤§é¨åã¯ãã¹ãOSã®C:\Windowså ã®ãã¡ã¤ã«ã¸ã®ãªã³ã¯ï¼ãå¤æ´å·®åããC:\ProgramData\Microsoft\Windows\Containers\...\sandbox.vhdxãã«æ¸ãè¾¼ã¾ãããsandbox.vhdxãã¯é©åãªã¿ã¤ãã³ã°ã§ç ´æ£ããããã¨ã«ãªãã¾ãã
é¢é£ã³ã³ãã³ã
é¢é£ã³ã³ãã³ã
PR
PR
PR