deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

added revision from Anthony

Browse Source
This commit is contained in:
Justin Hall
2017-11-27 10:26:05 -08:00
parent 7c28f2b604
commit cfcf7756a3
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
View File

@ -16,11 +16,12 @@ ms.date: 11/07/2017
- Windows 10 - Windows 10
- Windows Server 2016 - Windows Server 2016
Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity checks for kernel-mode memory pages are performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.
Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.
Some applications, including device drivers, may be incompatible with HVCI. Some applications, including device drivers, may be incompatible with HVCI.
This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself.
If this happens, see the [Troubleshooting section](#troubleshooting) for remediation steps. If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709) ## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709)
@ -34,7 +35,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT
1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab). 1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab).
2. Open the cabinet file. 2. Open the cabinet file.
3. Right-click the SIPolicy.p7b file and extract it to the following location: 3. Right-click the SIPolicy.p7b file and extract it. Then copy or move the file to the following location:
C:\Windows\System32\CodeIntegrity C:\Windows\System32\CodeIntegrity