Specifies whether Virtualization Based Security is enabled.Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices.Virtualization Based Protection of Code IntegrityThis setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled kernel mode memory protections are enforced and the Code Integrity validation path is protected by the virtualization based security feature.Warning: All drivers on the system must be compatible with this feature or the system may crash. Ensure that this policy setting is only deployed to computers which are known to be compatible. Credential GuardThis setting lets you decide whether users can turn on Credential Guard with virtualization-based security to help protect credentials. Disabling these settings does not remove the feature from the computer. Instead you must also remove the security functionality from each computer with a physically present user in order to clear configuration persisted in Secure Boot.Please refer to the documentation for a complete set of requirements to securely configure this feature.
Turn On Virtualization Based Security
You May Also Like
More From Author
2Comments
Add yoursComments are closed.
HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!EnableVirtualizationBasedSecurity; HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!RequirePlatformSecurityFeatures HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!HypervisorEnforcedCodeIntegrity HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!LsaCfgFlags
System -> Device Guard