diff --git a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md index 4112ed612d..35484fcb77 100644 --- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md @@ -16,11 +16,12 @@ ms.date: 11/07/2017 - Windows 10 - Windows Server 2016 -Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity checks for kernel-mode memory pages are performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. +Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. +Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Some applications, including device drivers, may be incompatible with HVCI. This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. -If this happens, see the [Troubleshooting section](#troubleshooting) for remediation steps. +If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. ## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709) @@ -34,7 +35,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT 1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab). 2. Open the cabinet file. -3. Right-click the SIPolicy.p7b file and extract it to the following location: +3. Right-click the SIPolicy.p7b file and extract it. Then copy or move the file to the following location: C:\Windows\System32\CodeIntegrity