If you open the Command Prompt and run the command net user on your Windows 11/10 system, you may see a WDAGUtilityAccount entry. What is this? Is it malware? What exact role does it play, and is it safe to delete it? Let us find answers to these questions in today’s post.
WDAGUtilityAccount in Windows 11/10
WDAGUtilityAccount is a user account that is managed and used by the system for Windows Defender Application Guard scenarios.
WDAGUtilityAccount is part of the Windows Defender Application Guard. It remains disabled until Application Guard is enabled on your system. There are multiple system accounts that are built-in to Windows and WDAGUtilityAccount is one of them.
When enabled, you may see an alert in your log solution for a new local account created for username: WDAGUtilityAccount (Event ID 4720 or 4722). It can at times get in your way – for instance, when trying to delete a file, you are prompted with Access is denied, administrator permission is necessary message. When you choose to ignore it and press ‘Continue’ you get another message saying you need the permission of another account – WDAGUtilityAccount. But this is for your security.
You can verify if WDAGUtilityAccount is active on your system as follows:
- Open WinX Menu
- Select Computer Management
- Expand System Tools
- Expand Local Users and Groups
- Double-click the Users folder, and there you will see it!
Double-clicking on it will open its Properties. Here you will be able to see if it is active or not.
Can you delete or rename WDAGUtility account
Since the WDAGUtility account is a special ‘system managed account’ in Windows 10, we do not recommend that you rename or delete it using the Administrator account.
I hope this helps.