Implementing Microsoft Defender Application Control with and without Virtualization Based Security

Brass Contributor

Hi,

 

I want to get a full understanding of what happens when you enable Microsoft Defender Application Control (MDAC) aka Windows Defender Application Control (WDAC) with Virtualization Based Security (VBS) and Hypervisor-protected Code Integrity (HVCI) and without it. I know there is no dependency between the two but i want to measure the increase in security when MDAC\WDAC is enabled with VBS and HVCI.

 

The key questions are:

 

1. When MDAC\WDAC is enabled with VBS and HVCI, does it store the code integrity (CI) policy within VBS?

And

when MDAC\WDAC is enabled without VBS and HVCI, where doesn't it store the code integrity (CI) policy? and how secure is that approach?

 

2. When MDAC\WDAC is enabled without VBS and HVCI but Microsoft Defender Credential Guard is on, will it encrypt\hash the code integrity policy like it does encrypt\hash password, Kerberos tokens?

  

1 Reply
Hi, please post this question to the Defender for Endpoint forum, to get an answer from the Endpoint experts.