Event banner

Tech Community Live: AMA - Windows Security

Event Ended

Thursday, Apr 07, 2022, 09:00 AM PDT

Online

Event details

Join us for a special Ask Microsoft Anything (AMA) live stream on Windows 11 security! Our engineering and product teams will be answering your questions about the latest features and capabilities av...

Heather_Poulsen

Updated Dec 27, 2024

AMA

andersonnnunes_

Occasional Reader

Apr 07, 2022

Could a SMM isolation policy prevent a rootkit on SMM from modifying WinLogon.exe's process memory? What about MSEdge.exe's process memory? Only kernel memory? I found a rootkit that breaches from firmware to Windows memory space and uses memory injection on WinLogon.exe to do things like force a shutdown and steal files. It can also breach Chromium based browsers for more nefarious deception to the user about visited pages. If not by SMM policy, what other way does the new security measures of Windows 11 can neutralize a threat like that?

Carlos_Mayol

Microsoft

Apr 07, 2022

Those who want to know more about what SMM is: you can read more about SMM and System Guard Secure Launch here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection

Date and Time

Apr 7, 20229:00 AM - 10:00 AM PDT