deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

added revision from Anthony

Browse Source
This commit is contained in:
Justin Hall
2017-11-27 10:26:05 -08:00
parent 7c28f2b604
commit cfcf7756a3
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
View File

@ -16,11 +16,12 @@ ms.date: 11/07/2017
- Windows 10
- Windows Server 2016
Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity checks for kernel-mode memory pages are performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.
Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.
Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.
Some applications, including device drivers, may be incompatible with HVCI.
This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself.
If this happens, see the [Troubleshooting section](#troubleshooting) for remediation steps.
If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709)
@ -34,7 +35,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT
1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab).
2. Open the cabinet file.
3. Right-click the SIPolicy.p7b file and extract it to the following location:
3. Right-click the SIPolicy.p7b file and extract it. Then copy or move the file to the following location:
C:\Windows\System32\CodeIntegrity