Published by


Brink's Avatar
Administrator

Posts: 16,575

Show Printable Version 


How to Verify if Device Guard is Enabled or Disabled in Windows 10

information   Information
Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 (available in Enterprise and Education desktop SKUs and in all Server SKUs) to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.

Device Guard references: (recommend to read)


This tutorial will show you how to verify if Device Guard virtualization-based security is enable or disable on your Windows 10 Enterprise or Windows 10 Education PC.


CONTENTS:
  • Option One: To Verify if Device Guard is Enabled or Disabled in System Information
  • Option Two: To Verify if Device Guard is Enabled or Disabled in PowerShell





Device Guard - Verify if Enabled or Disabled in Windows 10 OPTION ONE Device Guard - Verify if Enabled or Disabled in Windows 10
To Verify if Device Guard is Enabled or Disabled in System Information

1. Press the Win+R keys to open Run, type msinfo32, and click/tap on OK to open System Information. (see screenshot below)

2. The Device Guard properties (if enabled and running) are displayed at the bottom of the System Summary section.

Click image for larger version. 

Name:	Verify_Device_Guard_msinfo32.jpg 
Views:	25 
Size:	171.1 KB 
ID:	108876






Device Guard - Verify if Enabled or Disabled in Windows 10 OPTION TWO Device Guard - Verify if Enabled or Disabled in Windows 10
To Verify if Device Guard is Enabled or Disabled in PowerShell

1. Open PowerShell.

2. Enter the command below into PowerShell, and press Enter.

Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard

3. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled.

Click image for larger version. 

Name:	Verify_Device_Guard_PowerShell.png 
Views:	9 
Size:	103.8 KB 
ID:	108877


Properties Description Valid values
AvailableSecurityProperties This field helps to enumerate and report state on the relevant security properties for Device Guard.
  • 0. If present, no relevant properties exist on the device.
  • 1. If present, hypervisor support is available.
  • 2. If present, Secure Boot is available.
  • 3. If present, DMA protection is available.
  • 4. If present, Secure Memory Overwrite is available.
  • 5. If present, NX protections are available.
  • 6. If present, SMM mitigations are available.

Note: 4, 5, and 6 were added as of Windows 10, version 1607.
InstanceIdentifier A string that is unique to a particular device. Determined by WMI.
RequiredSecurityProperties This field describes the required security properties to enable virtualization-based security.
  • 0. Nothing is required.
  • 1. If present, hypervisor support is needed.
  • 2. If present, Secure Boot is needed.
  • 3. If present, DMA protection is needed.
  • 4. If present, Secure Memory Overwrite is needed.
  • 5. If present, NX protections are needed.
  • 6. If present, SMM mitigations are needed.

Note: 4, 5, and 6 were added as of Windows 10, version 1607.
SecurityServicesConfigured This field indicates whether the Credential Guard or HVCI service has been configured.
  • 0. No services configured.
  • 1. If present, Credential Guard is configured.
  • 2. If present, HVCI is configured.
SecurityServicesRunning This field indicates whether the Credential Guard or HVCI service is running.
  • 0. No services running.
  • 1. If present, Credential Guard is running.
  • 2. If present, HVCI is running.
Version This field lists the version of this WMI class. The only valid value now is 1.0.
VirtualizationBasedSecurityStatus This field indicates whether VBS is enabled and running.
  • 0. VBS is not enabled.
  • 1. VBS is enabled but not running.
  • 2. VBS is enabled and running.
PSComputerName This field lists the computer name. All valid values for computer name.


That's it,
Shawn