This policy setting allows you to configure additional sources for untrusted files.
If you enable this setting, you must select one or more of the following:
1. Removable media: Files opened or copied from removable media will always open in Windows Defender Application Guard.
2. Network shares: Files opened or copied from network shares will always open in Windows Defender Application Guard. If you want to explicitly trust a network location and prevent files from that location from opening in Application Guard, use one of the Network Isolation policies.
3. Files with Mark of the Web (MotW): Files stamped with MotW will always open in Windows Defender Application Guard.
If you disable or don't configure this setting, only files downloaded from Application Guard for Microsoft Edge will open in Application Guard for Microsoft Word, Excel, or PowerPoint.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\AppHVSI\FileTrustOrigin |
Value Name | FileTrustOriginRemovableMedia |
Value Type | REG_DWORD |
Default Value | 1 |
True Value | 1 |
False Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\AppHVSI\FileTrustOrigin |
Value Name | FileTrustOriginNetworkShare |
Value Type | REG_DWORD |
Default Value | 1 |
True Value | 1 |
False Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\AppHVSI\FileTrustOrigin |
Value Name | FileTrustOriginMarkOfTheWeb |
Value Type | REG_DWORD |
Default Value | 1 |
True Value | 1 |
False Value | 0 |