By default Microsoft Edge browser does not isolate web file downloads in Windows 10 or 8 OS. You have to use third-part software to prevent exploits and file-less malware from entering your host PC through browser. Now the Windows Defender Application Guard (WDAG) feature can help Enterprise users resolve the security problem and get significant benefits.
How to Download Untrusted Files to Host from Windows Defender Application Guard to Secure Edge
Note: Make sure you are using the latest version of Windows 10 Pro or Windows 10 Enterprise RS4 Builds.
First turn On the Windows Defender Application Guard on your machine
* Open the Control Panel, click/tap on the Programs and Features > “Turn Windows features on or off” link.
* Check both the Hyper-V and Windows Defender Application Guard boxes, click on OK button, and restart the computer to finish it.
Enable the WDAM for Microsoft Edge session Policy
* Type gpedit.msc or group policy in the search box, select the match one from results to open the Local Group Policy Editor.
* In the left pane, double click on Computer Configuration, navigate to its sub-location:
> Windows Components
* Select the “Windows Defender Application Guard“, and go to the right side pane.
* Double click on the “Allow files to download and save to the host operating system from Windows Defender Application Guard” policy.
* Check Enabled box, click on OK button, and then restart Windows 10 to apply that.
Once the WDAG session is running, all downloaded files are nested inside the Downloads folder and only run inside the container. If you disable the Download to host feature completely in future, you could not open those files and get “This app can’t run in Windows Defender Application Guard” warning.