cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Credential Guard and Incompatible Modules

MichaelMartin
Copper Contributor

‎Jun 21 2017 08:52 AM

‎Jun 21 2017 08:52 AM

Credential Guard and Incompatible Modules

When I run the PowerShell script and review the log, DeviceGuardCheckLog.txt, I see that it says "Incompatible HVCI Kernal Driver Modules Found" as well as "HSTI is absent". But it still allows me to enable Device Guard and Credential Guard. Is this a mistake? Is it a "false" enable, leaving me vulnerable??

8,079 Views
1 Like
1 Reply
Reply
1 Reply
best response confirmed by MichaelMartin (Copper Contributor)
Scott Anderson

‎Jun 21 2017 08:59 AM

‎Jun 21 2017 08:59 AM

Solution

Re: Credential Guard and Incompatible Modules

The Readiness Tool is looking for both Device Guard and Credential Guard compatibility. These two warnings are related to Device Guard, so nothing related to Credential Guard is showing as an issue.

 

For the two issues you are mentioning HSTI is optional, lack of HSTI does not prevent anything from running. The advantage of HSTI is to ensure that teh hardware security capabilites are present and enabled. The incompatible HVCI driver output will be color coded, if yellow there is a potential compatibility issue with hypervisor preotecion of Code Integrity, but in many cases it will still work. If red, then there is a blocking issue.

 

You can enable Credential Guard and may well be able to enable Device Guard Virtualization Based Security too.  

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by MichaelMartin (Copper Contributor)
Scott Anderson

‎Jun 21 2017 08:59 AM

‎Jun 21 2017 08:59 AM

Solution

Re: Credential Guard and Incompatible Modules

The Readiness Tool is looking for both Device Guard and Credential Guard compatibility. These two warnings are related to Device Guard, so nothing related to Credential Guard is showing as an issue.

 

For the two issues you are mentioning HSTI is optional, lack of HSTI does not prevent anything from running. The advantage of HSTI is to ensure that teh hardware security capabilites are present and enabled. The incompatible HVCI driver output will be color coded, if yellow there is a potential compatibility issue with hypervisor preotecion of Code Integrity, but in many cases it will still work. If red, then there is a blocking issue.

 

You can enable Credential Guard and may well be able to enable Device Guard Virtualization Based Security too.  

View solution in original post

1 Like
Reply