New
#130
Anyone care to test if Core Isolation>Memory Integrity works for them in RS5/1809? it used to work for me on the PC that's listed in the specs in RS4, but no longer does. Apparently the PC is no longer compatible, even though it's a relatively modern Z370 platform with the latest BIOS and a fresh, clean RS5.
I've ran the Device Guard readiness script, and this is the (shortened) output:
From my understanding, HSTI failing could be the reason. The 8700K has TPM 2.0 in its onboard PTT implementation, but I never bothered enabling it and was not necessary for Memory Integrity in RS4. SMM Mitigation also seems absent, which I really don't know anything about. Drivers all seem to be compatible.Code:Completed scan. List of Compatible Modules can be found at C:\DGLogs\DeviceGuardCheckLog.txt No Incompatible Drivers found ====================== Step 2 Secure boot present ====================== True Secure Boot is present Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "SecureBoot" /t REG_DWORD /d 2 /f Output: The operation completed successfully. ====================== Step 3 MS UEFI HSTI tests ====================== Copying HSTITest.dll Kernel32::LoadLibrary 64bit --> 0x00007FFF24240000 HstiTest2::QueryHSTIdetails 64bit --> 0x00007FFF24241120 HSTI Duple Count: 3 HSTI Blob size: 8584 String: 01,00,00,00,03,00,00,00,2C,00,00,00 (many, many numbers removed here due to length) HSTIStatus: False HSTI validation failed ====================== Step 4 OS Architecture ====================== 64-bit 64 bit arch..... ====================== Step 5 Supported OS SKU ====================== OSNAME:microsoft windows 10 pro|c:\windows|\device\harddisk0\partition4 Role=0 Standalone Workstation This PC edition is Supported for DeviceGuard Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "OSSKU" /t REG_DWORD /d 2 /f Output: The operation completed successfully. ====================== Step 6 Virtualization Firmware ====================== VMMonitorModeExtensions True VirtualizationFirmwareEnabled True HyperVisorPresent False Virtualization firmware check passed Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "Virtualization" /t REG_DWORD /d 2 /f Output: The operation completed successfully. ====================== Step 7 TPM version ====================== TPM is absent or not ready for use Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "TPM" /t REG_DWORD /d 0 /f Output: The operation completed successfully. ====================== Step 8 Secure MOR ====================== DG_obj DG_obj.AvailableSecurityProperties.length .AvailableSecurityProperties.length isSecureMOR= 1 Secure MOR is available Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "SecureMOR" /t REG_DWORD /d 2 /f Output: The operation completed successfully. ====================== Step 9 NX Protector ====================== DG_obj DG_obj.AvailableSecurityProperties.length .AvailableSecurityProperties.length isNXProtected= 1 NX Protector is available Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "UEFINX" /t REG_DWORD /d 2 /f Output: The operation completed successfully. ====================== Step 10 SMM Mitigation ====================== DG_obj DG_obj.AvailableSecurityProperties.length .AvailableSecurityProperties.length isSMMMitigated= 0 SMM Mitigation is absent Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "SMMProtections" /t REG_DWORD /d 0 /f Output: The operation completed successfully. ====================== End Check ====================== ====================== Summary ====================== Device Guard / Credential Guard can be enabled on this machine
Just to be clear, I wouldn't call this a huge bug as I never really bothered much with this feature, but I am annoyed at having it work in RS4 only to stop doing so in RS5. I typically use Kaspersky but I have learned to trust Windows 10 more and more over these 2 years, KIS still has some UI/features advantage, but it costs money, and it caused some interference with Edge in the past that made me remove it.
So anyone willing to try and enable this in RS5? Thanks.
Really? You can just turn it on and it stays on? On the PC listed on your specs? Cause it looks like a custom built PC, like mine. Or is it on some secondary OEM prebuilt/laptop? Those come with some security stuff like TPM and encryption typically activated from the get go.
I wonder what it could be for me.
Anyone else willing to give this feature a try see if it runs on properly?