How virtualisation is changing Windows application security

Discussion in 'sandboxing & virtualization' started by guest, Feb 4, 2019.

  1. guest

    guest Guest

    How virtualisation is changing Windows application security
    Sandboxes, minimal processes, Hyper-V containers, Device Guard: virtualisation delivers a lot more than VMs in modern Windows
    February 4, 2019

    https://www.techrepublic.com/article/how-virtualisation-is-changing-windows-application-security/
     
  2. guest

    guest Guest

    Yes sure...look cool...in real life situation, unless you only depends on Win10 built-in security, it is way too buggy and 3rd party security vendors aren't ready for it...

    Results:

    Buggy: the damn thing aka Core Isolation enables itself during OS installation without asking and cant be turned off despite tweaking the reg entry.
    Incompatibility: many security apps won't be able to work properly (at best), or will generate a BSOD loop if it is enabled (at worst).
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Sandboxie is great
     
  4. guest

    guest Guest

    ReHIPS is greater :p
     
  5. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    This had me stumped the first time it happened. I was unable to turn on WDAG and it turns out the feature is disabled unless you turn off Core Isolation. Microsoft, why aren't you sharing that with us?

    Also, seems pretty stupid they both can't be enabled at the same time.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Exactly, it looks cool but most of this stuff is for Win 10 Pro only and I wonder how would security apps profit from it. Haven't seen any real life applications yet.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    No.

    Core Isolation is enabled by default on all Win 10 1803 and 1809 versions, possibly only x(64) versions, as long as virtualization is enabled in the BIOS/UEFI. Presently, that is the only way I have found to disable it. There are a few registry options regarding Memory Integrity which is not enabled by default. I am still looking for ones that apply to Core Isolation with no success to date.
     
  8. guest

    guest Guest

    Same here, the big issue is that if in the BIOS you don't have the option to disable it, then you are done, you can't use some security softs like Spyshelter.

    @Rasheed187 On Win10 enterprise, you have Windows Defender Application Guard which isolate Edge even more. And if you use Group Policy , you have DeviceGuard which use hyper-V to empower stuff like secureboot and co.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.