Jul 31 2022 08:36 PM
Hi,
I want to get a full understanding of what happens when you enable Microsoft Defender Application Control (MDAC) aka Windows Defender Application Control (WDAC) with Virtualization Based Security (VBS) and Hypervisor-protected Code Integrity (HVCI) and without it. I know there is no dependency between the two but i want to measure the increase in security when MDAC\WDAC is enabled with VBS and HVCI.
The key questions are:
1. When MDAC\WDAC is enabled with VBS and HVCI, does it store the code integrity (CI) policy within VBS?
And
when MDAC\WDAC is enabled without VBS and HVCI, where doesn't it store the code integrity (CI) policy? and how secure is that approach?
2. When MDAC\WDAC is enabled without VBS and HVCI but Microsoft Defender Credential Guard is on, will it encrypt\hash the code integrity policy like it does encrypt\hash password, Kerberos tokens?
Aug 01 2022 12:09 PM