I try to run a secure Windows as possible and there I have as many Windows Defender setting enabled as possible, also Windows Defender Application Control – in this case just in Audit mode. After upgrading to Windows 10 1803 my primary browser  Microsoft Edge stating to crash, but I got a solution from my very good friend and fellow MVP Jesper Nielsen  he pointed my to this error: Edge crashes when AppLocker is enabled with DLL enforcement Windows 1803 that described the same issue as I had, just with Applocker. Read more on Jesper’s feedback 

 

 


The reason for the mess in the first place is my Intune Endpoint Protection profile where I enable Windows Defender Application Guard in Audit mode:

Edge crach on 1803 with WDAC - Audit - 01

 


The solution was to set this regkey:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Spartan]
“RAC_LaunchFlags”=dword:00000035

In the event log you can see that Microsoft Edge is crashing:

Edge crach on 1803 with WDAC - Eventlog - 01

Edge crach on 1803 with WDAC - Eventlog - 02

 

 


How to fix it with Intune Management Extentions:

Start the Microsoft 365 device management portal : https://devicemanagement.portal.azure.com

  1. Click Device Configuration
  2. Click PowerShell scripts
  3. Click Add

Edge crach on 1803 with WDAC - Intune - 01

  1. Enter a name: Edge Crash WDAC fix
  2. Upload the file : File is on GitHub
  3. Select Configure
  4. Set Run this script using the logged on credentials to Yes

Edge crach on 1803 with WDAC - Intune - 02


The powershell script I run from Intune:

New-Item -Path HKCU:\Software\Microsoft\Internet Explorer\Spartan –Force
$registryPath = "HKCU:\Software\Microsoft\Internet Explorer\Spartan"

#Fix Edge on 1803 with WDAG or Applocker enabled
$Name = "RAC_LaunchFlags"
$value = "00000035"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType String -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType String -Force | Out-Null}
<pre>

Happy testing – and please remember that this is not a official Microsoft fix.


Read more:
Windows Defender Application Control