Author: Chris Hoffman / Source: howtogeek.com
Windows 10’s April 2018 Update brings “Core Isolation” and “Memory Integrity” security features to everyone. These use virtualization-based security to protect your core operating system processes from tampering, but Memory Protection is off by default for people who upgrade.
What is Core Isolation?
In the original release of Windows 10, virtualization-based security (VBS) features were only available on Enterprise editions of Windows 10 as part of “Device Guard.” With the April 2018 Update, Core Isolation brings some virtualization-based security features to all editions of Windows 10.
Some Core Isolation features are enabled by default on Windows 10 PCs that meet certain hardware and firmware requirements, including having a 64-bit CPU and TPM 2.0 chip. It also requires your PC supports the Intel VT-x or AMD-V virtualization technology, and that it’s enabled in your PC’s UEFI settings.
When these features are enabled, Windows uses hardware virtualization features to create a secure area of system memory that’s isolated from the normal operating system. Windows can run system processes and security software in this secure area. This protects important operating system processes from being tampered with by anything running outside the secure area.
Even if malware is running on your PC and knows an exploit that should allow it to crack these Windows processes, the virtualization-based security is an additional layer of protection that will isolate them from attack.
RELATED: Everything New in Windows 10’s April 2018 Update, Available Now
What Is Memory Integrity?
The feature known as “Memory Integrity” in Windows 10’s interface is also known as “Hypervisor protected Code Integrity” (HVCI) in Microsoft’s documentation.
Memory Integrity is disabled by default on PCs that upgraded to the April 2018 Update, but you can enable it. It will be enabled by default on new installations of Windows 10 going forward.
This feature is a subset of Core Isolation. Windows normally requires digital signatures for device drivers and other code that runs in low-level Windows kernel mode. This ensures they haven’t been tampered with by malware. When “Memory Integrity” is enabled, the “code integrity service” in Windows runs inside the hypervisor-protected container created by Core Isolation. This should make it nearly impossible for malware to tamper with the code integrity checks and gain access to the Windows kernel.
Virtual Machine Problems
As Memory Integrity uses the system’s virtualization hardware, it’s incompatible with virtual machine programs like VirtualBox or VMware. Only one application can use this hardware at a time.
You may see a message saying Intel VT-X or AMD-V is not enabled or available…
The post What Are “Core Isolation” and “Memory Integrity” in Windows 10? appeared first on FeedBox.