Jump to content

Spring Creators Update adds new features to Windows Defender, What is Core Isolation?


Matsuda

Recommended Posts

IWP5AjV.jpg



Core isolation provides virtualization-based security features to protect core parts of your device. 

In an upcoming release of Windows 10, we will be bringing a subset of VBS features to all editions of Windows to ensure our customers remain safe from increasingly sophisticated attacks. Devices that meet hardware and firmware requirements will have parts of VBS enabled by default. 


Virtualization-based security, or VBS, uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system. Windows can use this "virtual secure mode" to host a number of security solutions, providing them with greatly increased protection from vulnerabilities in the operating system, and preventing the use of malicious exploits which attempt to defeat protections.+


VBS uses the Windows hypervisor to create this virtual secure mode, and to enforce restrictions which protect vital system and operating system resources, or to protect security assets such as authenticated user credentials. With the increased protections offered by VBS, even if malware gains access to the OS kernel the possible exploits can be greatly limited and contained, because the hypervisor can prevent the malware from executing code or accessing platform secrets.
 

One such example security solution is Hypervisor-Enforced Code Integrity (HVCI), which uses VBS to significantly strengthen code integrity policy enforcement. Kernel mode code integrity checks all kernel mode drivers and binaries before they're started, and prevents unsigned drivers or system files from being loaded into system memory.
 

Similarly, user mode configurable code integrity policy checks applications before they're loaded, and will only start executables that are signed by known, approved signers. HVCI leverages VBS to run the code integrity service inside a secure environment, providing stronger protections against kernel viruses and malware.

The hypervisor, the most privileged level of system software, sets and enforces page permissions across all system memory. Pages are only made executable after code integrity checks inside the secure region have passed, and executable pages are not writable. That way, even if there are vulnerabilities like a buffer overflow that allow malware to attempt to modify memory, code pages cannot be modified, and modified memory cannot be made executable.


Additionally, as part of this effort, Hypervisor protected code integrity (HVCI) will also be available and turned on by default in clean installs; for older systems, customers will have the ability to opt in post upgrade using the UI in Windows Defender Security Center (WDSC). This enhancement will ensure that the kernel process that verifies code integrity runs in a secure runtime environment provided by VBS.

With Memory integrity protection, kernel memory pages are only made executable after passing code integrity checks inside the secure runtime environment, and executable pages themselves are never writable. This is an enhancement to intrusion prevention capabilities in Windows Defender Exploit Guard. 
 

Application compatibility
 

In Core isolation, you can turn Memory integrity (hypervisor-protected code integrity) on or off. In some scenarios where you may encounter application compatibility issues, you may need to turn this off. This will require a system reboot.

How to Turn On or Off Core Isolation Memory Integrity in Windows 10


1. Open the Windows Defender Security Center, and click/tap on the Device security icon. (see screenshot below)


Name:  Windows_Defender_Memory_integrity-1.jpg
Views: 1016
Size:  51.5 KB


2. Click/tap on the Core isolation details link. (see screenshot below)


Name:  Windows_Defender_Memory_integrity-2.png
Views: 1015
Size:  46.6 KB


3. Turn On or Off (default) Memory integrity for what you want. (see screenshots below)


Name:  Windows_Defender_Memory_integrity-4.png
Views: 1009
Size:  39.6 KB Name:  Windows_Defender_Memory_integrity-3.png
Views: 998
Size:  39.6 KB


4. Click/tap on Yes when prompted by UAC.

5. Restart the computer to apply. (see screenshots below)

Name:  Windows_Defender_Memory_integrity-6.png
Views: 1007
Size:  37.8 KB Name:  Windows_Defender_Memory_integrity-5.png
Views: 1002
Size:  38.1 KB


 



Sources

Link to comment
Share on other sites

  • Replies 8
  • Views 2.4k
  • Created
  • Last Reply
Airstream_Bill

I like it.

Link to comment
Share on other sites

A lot of people.

 

It does its job, but of course it can’t prevent you to cross the road when it’s the car’s turn.

Link to comment
Share on other sites

Funnily enough, WDefender is quite decent nowadays. I switched from Kaspersky because it is more lightweight, and nowadays I know what I'm browsing/downloading, so it's more than enough.

Link to comment
Share on other sites

i've set it on and my intel graphic driver just stopped working.... i've been scratting my head for why it stopped working and after many try's (mostly thinkinig on what i've done on the day WD reported the issue with a device) finnaly i tried to turn it of (had to got to the Registry and set its value to 0) and now i got my graphics driver working again :)

Link to comment
Share on other sites

On 4/8/2018 at 9:07 AM, manju said:

i've set it on and my intel graphic driver just stopped working.... i've been scratting my head for why it stopped working and after many try's (mostly thinkinig on what i've done on the day WD reported the issue with a device) finnaly i tried to turn it of (had to got to the Registry and set its value to 0) and now i got my graphics driver working again :)

 

Same here. Sounds like Intel made need to add support for this to properly work. 

Link to comment
Share on other sites

On 4/10/2018 at 6:06 PM, sam3971 said:

 

Same here. Sounds like Intel made need to add support for this to properly work. 


In my case it may be due to my low end hardware but WUMT did reported to have a intel graphic driver update from March 2017 i think when i was tryind to "fix" this issue...

Link to comment
Share on other sites

Microsoft needs to do something for the System Impact of Windows Defender.

Many users find Windows Defender to be Heavy on their PCs.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...