From 0771d79753350650bdaadb219a4cc6bc22ee0f68 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 17 Nov 2017 18:05:24 -0800 Subject: [PATCH 1/5] fixed toc --- windows/device-security/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/device-security/TOC.md b/windows/device-security/TOC.md index 8682940443..13af847a45 100644 --- a/windows/device-security/TOC.md +++ b/windows/device-security/TOC.md @@ -125,7 +125,7 @@ ## [Encrypted Hard Drive](encrypted-hard-drive.md) -## [How to opt-in to HVCI](how-to-opt-in-to-hvci-for-windows-devices.md) +## [Enable HVCI](enable-virtualization-based-protection-of-code-integrity.md) ## [Security auditing](auditing\security-auditing-overview.md) ### [Basic security audit policies](auditing\basic-security-audit-policies.md) From ac3d2a272af206f7e41ab8c68ab75c5b66c0a968 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 17 Nov 2017 18:19:16 -0800 Subject: [PATCH 2/5] revised UI step --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md index 8450dfa0f6..2a98cf928d 100644 --- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md @@ -45,7 +45,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT a. Click Start, type **Turn Windows Features on or off** and press ENTER. - b. Select **Hyper-V** > **Hyper-V Platform** > **Hypervisor** and click **OK**. + b. Select **Hyper-V** > **Hyper-V Platform** > **Hyper-V Hypervisor** and click **OK**. ![Turn Windows features on or off](images\turn-windows-features-on-or-off.png) From b3053aef0c8d08293bc4eeb1e798894a727d5a8a Mon Sep 17 00:00:00 2001 From: Jeffrey Sutherland Date: Wed, 22 Nov 2017 22:07:42 +0000 Subject: [PATCH 3/5] Updated enable-virtualization-based-protection-of-code-integrity.md --- ...nable-virtualization-based-protection-of-code-integrity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md index 2a98cf928d..b96f6d2368 100644 --- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md @@ -16,7 +16,7 @@ ms.date: 11/07/2017 - Windows 10 - Windows Server 2016 -Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity checks for kernel-mode memory pages are performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. +Virtualization-based protection of code integrity (herein referred to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode memory against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Some applications, including device drivers, may be incompatible with HVCI. This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. @@ -34,7 +34,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT 1. Download the Enable HVCI cabinet file. 2. Open the cabinet file. -3. Right-click the SIPolicy.p7b file and extract it to the following location: +3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: C:\Windows\System32\CodeIntegrity From 293f1bfe02b2135696f5842e2195879720c338c5 Mon Sep 17 00:00:00 2001 From: Jason Gerend Date: Wed, 22 Nov 2017 23:30:20 +0000 Subject: [PATCH 4/5] Revert "Merged PR 4645: Updated enable-virtualization-based-protection-of-code-integrity.md Updated enable-virtualization-based-protection-of-code-integrity.md" --- ...nable-virtualization-based-protection-of-code-integrity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md index b96f6d2368..2a98cf928d 100644 --- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md @@ -16,7 +16,7 @@ ms.date: 11/07/2017 - Windows 10 - Windows Server 2016 -Virtualization-based protection of code integrity (herein referred to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode memory against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. +Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity checks for kernel-mode memory pages are performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Some applications, including device drivers, may be incompatible with HVCI. This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. @@ -34,7 +34,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT 1. Download the Enable HVCI cabinet file. 2. Open the cabinet file. -3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: +3. Right-click the SIPolicy.p7b file and extract it to the following location: C:\Windows\System32\CodeIntegrity From 405750bd75543adec3005db4db2ccadc06c781bb Mon Sep 17 00:00:00 2001 From: Jason Gerend Date: Wed, 22 Nov 2017 23:37:06 +0000 Subject: [PATCH 5/5] Revert "Merged PR 4650: Revert "Updated enable-virtualization-based-protection-of-code-integrity.md" Revert !4645" --- ...nable-virtualization-based-protection-of-code-integrity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md index 2a98cf928d..b96f6d2368 100644 --- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md @@ -16,7 +16,7 @@ ms.date: 11/07/2017 - Windows 10 - Windows Server 2016 -Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity checks for kernel-mode memory pages are performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. +Virtualization-based protection of code integrity (herein referred to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode memory against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Some applications, including device drivers, may be incompatible with HVCI. This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. @@ -34,7 +34,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT 1. Download the Enable HVCI cabinet file. 2. Open the cabinet file. -3. Right-click the SIPolicy.p7b file and extract it to the following location: +3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: C:\Windows\System32\CodeIntegrity