Aug 30 2018 02:39 PM
Aug 30 2018 02:39 PM
Tryout the Virtualization Based Security (VBS) and Hypervisor Enforced Code Integrity (HVCI) using Windows Insider Lab for Enterprise (Olympia Corp).
What is Virtualization Based Security (VBS) and Hypervisor Enforced Code Integrity (HVCI)?
Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016.
Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called configurable code integrity (CI), while simultaneously hardening the OS against kernel memory attacks through the use of virtualization-based protection of code integrity (more specifically, HVCI). Please click here for reference and more details.
Virtualization Based Security (VBS) and Hypervisor Enforced Code Integrity (HVCI) protect Windows from compromise by bad drivers and malicious system files. Windows devices everywhere will soon be protected by VBS and HVCI. In this quest, Windows users can enable HVCI on desktop devices to protect them from malicious apps and files, and provide feedback about any impact HVCI has on Windows’ function and performance.
How to Enable (HVCI)?
Note: Alternatively you can download Device guard readiness tool to if your hardware is ready for Device Guard and to enable feature from here https://www.microsoft.com/en-us/download/details.aspx?id=53337
How to Check HVCI - Verification:
In order to check the state of your device, Open System Information.
Virtualization-based security Services Running: HYPERVISOR ENFORCED CODE INTEGRITY
Windows Insider Lab for Enterprise has Quests published that you can use to follow the steps to tryout and assess HVCI as well as many other new Windows 10 Enterprise and Security features. Are you a Windows Insider Interested in joining Windows Insider Lab for Enterprise? It's easy - just fill out the survey at https://aka.ms/RegisterOlympia
Sep 10 2019 07:39 AM
Dec 27 2021 10:49 PM
Feb 13 2022 04:30 AM
Important to know that HVCI requires Intel Core 7th gen processor or newer and all drivers must be HVCI compliant.
If you use an older processor, the performance will be very bad because they dont have the MBEC extension.
And if the driver is not compliant with HVCI, the device might not work when HVCI is enabled or the PC might get bluesceens. @Shrikant Joshi