Home

Virtualization Based Security (VBS) and Hypervisor Enforced Code Integrity (HVCI) for Olympia Users!

%3CLINGO-SUB%20id%3D%22lingo-sub-240571%22%20slang%3D%22en-US%22%3EVirtualization%20Based%20Security%20(VBS)%20and%20Hypervisor%20Enforced%20Code%20Integrity%20(HVCI)%20for%20Olympia%20Users!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-240571%22%20slang%3D%22en-US%22%3E%3CP%3ETryout%20the%20Virtualization%20Based%20Security%20(VBS)%20and%20Hypervisor%20Enforced%20Code%20Integrity%20(HVCI)%20using%20%3CA%20href%3D%22https%3A%2F%2Fna01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Folympia.windows.com%252F%26amp%3Bdata%3D04%257C01%257C%257C08d02bdd76ce42f8879d08d60e08bce4%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636711828018180018%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%253D%253D%257C-1%26amp%3Bsdata%3DZVbB7M2RmPwQ5c274Decnb6FvP6OpgPqRoYmH2Mv0xw%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Insider%20Lab%20for%20Enterprise%3C%2FA%3E%20(Olympia%20Corp).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20is%20Virtualization%20Based%20Security%20(VBS)%20and%20Hypervisor%20Enforced%20Code%20Integrity%20(HVCI)%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fmemory-integrity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMemory%20integrity%3C%2FA%3E%20is%20a%20powerful%20system%20mitigation%20that%20leverages%20hardware%20virtualization%20and%20the%20Windows%20Hyper-V%20hypervisor%20to%20protect%20Windows%20kernel-mode%20processes%20against%20the%20injection%20and%20execution%20of%20malicious%20or%20unverified%20code.%20Code%20integrity%20validation%20is%20performed%20in%20a%20secure%20environment%20that%20is%20resistant%20to%20attack%20from%20malicious%20software%2C%20and%20page%20permissions%20for%20kernel%20mode%20are%20set%20and%20maintained%20by%20the%20Hyper-V%20hypervisor.%20Memory%20integrity%20helps%20block%20many%20types%20of%20malware%20from%20running%20on%20computers%20that%20run%20Windows%2010%20and%20Windows%20Server%202016.%3C%2FP%3E%0A%3CP%3EWindows%2010%20includes%20a%20set%20of%20hardware%20and%20OS%20technologies%20that%2C%20when%20configured%20together%2C%20allow%20enterprises%20to%20%22lock%20down%22%20Windows%20systems%20so%20they%20operate%20with%20many%20of%20the%20properties%20of%20mobile%20devices.%20In%20this%20configuration%2C%20specific%20technologies%20work%20together%20to%20restrict%20devices%20to%20only%20run%20authorized%20apps%20by%20using%20a%20feature%20called%20configurable%20code%20integrity%20(CI)%2C%20while%20simultaneously%20hardening%20the%20OS%20against%20kernel%20memory%20attacks%20through%20the%20use%20of%20virtualization-based%20protection%20of%20code%20integrity%20(more%20specifically%2C%20HVCI).%20Please%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fash%2F2016%2F03%2F02%2Fwindows-10-device-guard-and-credential-guard-demystified%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eclick%20here%3C%2FA%3E%20for%20reference%20and%20more%20details.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F44539iF185A2EF8FFAB4FF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image001.png%22%20title%3D%22image001.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fna01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows%252Fdevice-security%252Fdevice-guard%252Fintroduction-to-device-guard-virtualization-based-security-and-code-integrity-policies%26amp%3Bdata%3D04%257C01%257C%257C08d02bdd76ce42f8879d08d60e08bce4%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636711828018190024%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%253D%253D%257C-1%26amp%3Bsdata%3DQgs99Q6Qs4G8z3guYYUHm6xZy2DOELXxqREXkTs67H4%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EVirtualization%20Based%20Security%20(VBS)%20and%20Hypervisor%20Enforced%20Code%20Integrity%20(HVCI)%3C%2FA%3E%20protect%20Windows%20from%20compromise%20by%20bad%20drivers%20and%20malicious%20system%20files.%26nbsp%3B%20Windows%20devices%20everywhere%20will%20soon%20be%20protected%20by%20VBS%20and%20HVCI.%26nbsp%3B%20In%20this%20quest%2C%20Windows%20users%20can%20enable%20HVCI%20on%20desktop%20devices%20to%20protect%20them%20from%20malicious%20apps%20and%20files%2C%20and%20provide%20feedback%20about%20any%20impact%20HVCI%20has%20on%20Windows%E2%80%99%20function%20and%20performance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20to%20Enable%20(HVCI)%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ELaunch%20the%20%22Windows%20Security%22%20app.%3C%2FLI%3E%0A%3COL%3E%0A%3CLI%3ESearch%20for%20Windows%20Security%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CLI%3ENavigate%20to%20%22Device%20Security%22%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%22Core%20isolation%20details%22%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EEnable%20HVCI%3C%2FSTRONG%3E%20-%20Click%20to%20toggle%20%22Memory%20integrity%22%20to%20%22On%22%3C%2FLI%3E%0A%3COL%3E%0A%3CLI%3EIf%20the%20toggle%20is%20Off%20and%20reads%20%22This%20setting%20is%20managed%20by%20your%20administrator%22%20then%20this%20quest%20will%20not%20work%20for%20you.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CLI%3EThere%20will%20be%20prompt%20from%20Device%20Security%20to%20Restart.%20Restart%20to%20apply%20these%20protection%20changes.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENote%3A%3C%2FSTRONG%3E%20Alternatively%20you%20can%20download%20Device%20guard%20readiness%20tool%20to%20if%20your%20hardware%20is%20ready%20for%20Device%20Guard%20and%20to%20enable%20feature%20from%20here%20%3CA%20href%3D%22https%3A%2F%2Fna01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-us%252Fdownload%252Fdetails.aspx%253Fid%253D53337%26amp%3Bdata%3D04%257C01%257C%257C08d02bdd76ce42f8879d08d60e08bce4%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636711828018200033%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%253D%253D%257C-1%26amp%3Bsdata%3DayBYNjd8X1FT7LtFiv2D3%252FJAEQZdtRKQOgDEnncxP3k%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D53337%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20to%20Check%20HVCI%20-%20Verification%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EIn%20order%20to%20check%20the%20state%20of%20your%20device%2C%26nbsp%3B%20Open%20%3CEM%3ESystem%20Information%3C%2FEM%3E.%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3ESearch%20for%20System%20Information%3C%2FLI%3E%0A%3CLI%3EYou%20should%20see%20the%20following%20settings%20and%20feature%20statuses%20%3A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CUL%3E%0A%3CLI%3ESecure%20Boot%20State%3A%20ON%3C%2FLI%3E%0A%3CLI%3EVirtualization-based%20security%3A%20RUNNING%3C%2FLI%3E%0A%3CLI%3EVirtualization-based%20security%20Required%20Security%20Properties%3A%20BASE%20VIRTUALIZATION%20SUPPORT%2C%20SECURE%20BOOT%3C%2FLI%3E%0A%3CLI%3EVirtualization-based%20security%20Available%20Security%20Properties%3A%20BASE%20VIRTUALIZATION%20SUPPORT%2C%20SECURE%20BOOT%2C%20DMA%20PROTECTION%3C%2FLI%3E%0A%3CLI%3EVirtualization-based%20security%20Services%20Configured%3A%20HYPERVISOR%20ENFORCED%20CODE%20INTEGRITY%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EVirtualization-based%20security%20Services%20Running%3A%20HYPERVISOR%20ENFORCED%20CODE%20INTEGRITY%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWindows%20Insider%20Lab%20for%20Enterprise%20has%20Quests%20published%20that%20you%20can%20use%20to%20follow%20the%20steps%20to%20tryout%20and%20assess%20HVCI%20as%20well%20as%20many%20other%20new%20Windows%2010%20Enterprise%20and%20Security%20features.%20Are%20you%20a%20Windows%20Insider%20Interested%20in%20joining%26nbsp%3BWindows%20Insider%20Lab%20for%20Enterprise%3F%20It's%20easy%20-%20just%20fill%20out%20the%20survey%20at%20%3CA%20href%3D%22https%3A%2F%2Fna01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Faka.ms%252FRegisterOlympia%26amp%3Bdata%3D04%257C01%257C%257C08d02bdd76ce42f8879d08d60e08bce4%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636711828018200033%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%253D%253D%257C-1%26amp%3Bsdata%3DwaXfaP3gkcxSLX3hXAf2rdsoyqoxQjYbOUgQ6YPp6vw%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FRegisterOlympia%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846754%22%20slang%3D%22en-US%22%3ERe%3A%20Virtualization%20Based%20Security%20(VBS)%20and%20Hypervisor%20Enforced%20Code%20Integrity%20(HVCI)%20for%20Olympia%20Us%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846754%22%20slang%3D%22en-US%22%3EGreat%20features%2C%20is%20there%20any%20updates%20to%20this%20post%3F%3C%2FLINGO-BODY%3E
Shrikant Joshi
Microsoft

Tryout the Virtualization Based Security (VBS) and Hypervisor Enforced Code Integrity (HVCI) using Windows Insider Lab for Enterprise (Olympia Corp).

 

What is Virtualization Based Security (VBS) and Hypervisor Enforced Code Integrity (HVCI)?

Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016.

Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called configurable code integrity (CI), while simultaneously hardening the OS against kernel memory attacks through the use of virtualization-based protection of code integrity (more specifically, HVCI). Please click here for reference and more details.

image001.png

Virtualization Based Security (VBS) and Hypervisor Enforced Code Integrity (HVCI) protect Windows from compromise by bad drivers and malicious system files.  Windows devices everywhere will soon be protected by VBS and HVCI.  In this quest, Windows users can enable HVCI on desktop devices to protect them from malicious apps and files, and provide feedback about any impact HVCI has on Windows’ function and performance.

 

How to Enable (HVCI)?

 

  1. Launch the "Windows Security" app.
    1. Search for Windows Security
  2. Navigate to "Device Security"
  3. Click on "Core isolation details"
  4. Enable HVCI - Click to toggle "Memory integrity" to "On"
    1. If the toggle is Off and reads "This setting is managed by your administrator" then this quest will not work for you.
  5. There will be prompt from Device Security to Restart. Restart to apply these protection changes.

 

Note: Alternatively you can download Device guard readiness tool to if your hardware is ready for Device Guard and to enable feature from here https://www.microsoft.com/en-us/download/details.aspx?id=53337

 

How to Check HVCI - Verification:

 

In order to check the state of your device,  Open System Information

    1. Search for System Information
    2. You should see the following settings and feature statuses :
  • Secure Boot State: ON
  • Virtualization-based security: RUNNING
  • Virtualization-based security Required Security Properties: BASE VIRTUALIZATION SUPPORT, SECURE BOOT
  • Virtualization-based security Available Security Properties: BASE VIRTUALIZATION SUPPORT, SECURE BOOT, DMA PROTECTION
  • Virtualization-based security Services Configured: HYPERVISOR ENFORCED CODE INTEGRITY

Virtualization-based security Services Running: HYPERVISOR ENFORCED CODE INTEGRITY

 

Windows Insider Lab for Enterprise has Quests published that you can use to follow the steps to tryout and assess HVCI as well as many other new Windows 10 Enterprise and Security features. Are you a Windows Insider Interested in joining Windows Insider Lab for Enterprise? It's easy - just fill out the survey at https://aka.ms/RegisterOlympia

1 Reply
Great features, is there any updates to this post?
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies