How virtualisation is changing Windows application security Sandboxes, minimal processes, Hyper-V containers, Device Guard: virtualisation delivers a lot more than VMs in modern Windows February 4, 2019 https://www.techrepublic.com/article/how-virtualisation-is-changing-windows-application-security/
Yes sure...look cool...in real life situation, unless you only depends on Win10 built-in security, it is way too buggy and 3rd party security vendors aren't ready for it... Results: Buggy: the damn thing aka Core Isolation enables itself during OS installation without asking and cant be turned off despite tweaking the reg entry. Incompatibility: many security apps won't be able to work properly (at best), or will generate a BSOD loop if it is enabled (at worst).
This had me stumped the first time it happened. I was unable to turn on WDAG and it turns out the feature is disabled unless you turn off Core Isolation. Microsoft, why aren't you sharing that with us? Also, seems pretty stupid they both can't be enabled at the same time.
Exactly, it looks cool but most of this stuff is for Win 10 Pro only and I wonder how would security apps profit from it. Haven't seen any real life applications yet.
No. Core Isolation is enabled by default on all Win 10 1803 and 1809 versions, possibly only x(64) versions, as long as virtualization is enabled in the BIOS/UEFI. Presently, that is the only way I have found to disable it. There are a few registry options regarding Memory Integrity which is not enabled by default. I am still looking for ones that apply to Core Isolation with no success to date.
Same here, the big issue is that if in the BIOS you don't have the option to disable it, then you are done, you can't use some security softs like Spyshelter. @Rasheed187 On Win10 enterprise, you have Windows Defender Application Guard which isolate Edge even more. And if you use Group Policy , you have DeviceGuard which use hyper-V to empower stuff like secureboot and co.