Cyber attacks have changed over past few years. Rogue hackers can now take over your PC and lock down files unless you are ready to pay them money. These types of attacks are called as Ransomware, and they use kernel-level exploits that attempt to run malware with the highest privileges, e.g., WannaCry and Petya ransomware. In order to mitigate these types of attack, Microsoft has rolled out a feature which allows you to enable Core Isolation and Memory Integrity to prevent such attacks.
Windows Defender Security Center offers this feature. Called Device Security, it offers status reporting and management of security features built into your devices – including toggling features on to provide enhanced protection. However, It doesn’t work on a software level; the hardware needs to support it as well. Your firmware should support Virtualization, which enables the Windows 10 PC to run applications in a container, so they don’t get access to other parts of the system.
Enable Core Isolation & Memory Integrity
Sign in as an administrator and open Windows Defender Security Center, and look for Device Security option. Here you should check if Core Isolation under Virtualization is enabled on your PC. Core isolation provides virtualization-based security features to protect core parts of your device.
Click on Core isolation details, and you will be offered to enable Memory Integrity. Memory integrity (hypervisor-protected code integrity) is a security feature of Core isolation that prevents attacks from inserting malicious code into high-security processes. Toggle to turn it On.
Once enabled, it will ask you to restart the PC to completely enable Memory Integrity.
If later on, you face application compatibility issues, you may need to turn this off.
That said, there are two more options that might be available depending on the hardware of your PC.
- Security Processor only shows up if you have TPM available with your PC hardware. They are discrete chips soldered to a computer’s motherboard by the OEM. To get the most out of TPM, OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. The newer TPMs can also provide security and privacy benefits to the system hardware itself. So make sure to check for all of these if you are buying a new PC.
- Secure Boot prevents malicious code to load up before your OS. They are hard to crack but with secure boot its taken care.
Windows 10 also offers Hypervisor Protected Code Integrity (HVCI) when you start with clean installs. Those who are on old hardware, you will have the ability to opt-in post the upgrade using the UI in Windows Defender Security Center (WDSC). This enhancement will ensure that the kernel process that verifies code integrity runs in a secure runtime environment.
- Tags: Windows Defender