Bork Tuesday, Any Problems Yet?

Discussion in 'other software & services' started by Daveski17, Nov 12, 2014.

  1. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    When are you even gonna need that thing
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    You need it because you can't rely on kernel patch protection(KPP) anymore since it has been bypassed multiple times.
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    Well idk about you, but on my system, I have it off, taken from powershell "Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard" from https://docs.microsoft.com/en-us/wi...ualization-based-protection-of-code-integrity

    AvailableSecurityProperties : {1, 2}
    CodeIntegrityPolicyEnforcementStatus : 0
    InstanceIdentifier : 4ff40742-2649-41b8-bdd1-e80fad1cce80
    RequiredSecurityProperties : {0}
    SecurityServicesConfigured : {0}
    SecurityServicesRunning : {0}
    UsermodeCodeIntegrityPolicyEnforcementStatus : 0
    Version : 1.0
    VirtualizationBasedSecurityStatus : 0

    I've heard that the "Hypervisor enforced code integrity" / "Virtualization Based Security" adds cpu cycles to each process and might break some kernel drivers, which only makes sense considering what it does (I imagine that's why it's off by default). I can't run it on my pc, but it looks like it's a "malware has already been ran and this tries to prevent it from doing bad stuff" feature. And I think this is a bad approach, we should not let malware run and then complain because it messed with the kernel or drivers or w/e because we were missing a performance-draining compatibility-requiring feature. On top of that, if we go to that microsoft page I linked above, we can see that the "Enable HVCI" article which I linked to is put below the "Memory integrity" category, which is put below the "Device Guard" category, implying that the "core isolation" is indeed equivalent to the "device guard" category, that's why there's no option turn it off/on from windows defender security center and the latter says it's on, while the HVCI/VBS is actually the memory integrity protection (since according to the microsoft site, it's on the same "level"), the one that I click on the slider, it goes to yes, tells me it needs to reboot, and then on reboot it's off again, meaning that my pc the way it is now is incompatible with it. Reading some more from the microsoft articles:

    "Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016."

    Yeah, it can block those malware, which can also be done by an anti-exe and other security tools. Another quote from one of the articles:

    4. The entire configurable code integrity enforcement mechanism can be protected by HVCI, where even if a vulnerability exists in kernel mode code, the likelihood that an attacker could successfully exploit it is significantly diminished. Why is this relevant? That’s because an attacker that compromises the kernel would otherwise have enough privilege to disable most system defenses and override the application control policies enforced by configurable code integrity or any other application control solution

    Once again, that exploit is not gonna suddenly appear out of thin air and magically bypass all our defenses and do whatever it wants, in the worst case scenario. This is just another useless feature from microsoft.
     
  4. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    This shouldn't be a noticable difference, even in benchmarks.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    Confirming the Reddit postings, I can no longer activate HVCI/Memory Protection on 1809. So I guess these requirements no longer apply at least to older hardware and Microsoft needs to update their documentation:


     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    @XIII , found a Dell link where you can download the latest ver. of the CCTK utility: https://www.dell.com/support/articl...ell-client-configuration-toolkit-cctk?lang=en . Although it doesn't officially support Win 10, it does support Win 8.1. My gut is telling me it will work on Win 10. If not, you can try to run it in Win 8.1 compatibility mode.

    Per the link I posted previously on how to disable virtualization. I would download the documentation to see if the following command line execution is still applicable:
    Note: eliminate the leading and trailing space shown in the above "C : Program" commands. I had to post it that way to get rid of a smiley showing.
     
    Last edited: Dec 17, 2018
  7. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,164
    Thanks! I think I found the same (the newer version is too new for this system).

    Unfortunately I don't have access to the laptop for a couple of days, but I will try this when I do have access again!
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,103
    On Win 7 64-bit installed the out-of-band Cumulative Security Update for Internet Explorer 11 - 19 December 2018.
    KB4483187

    So far so good.
     
  9. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,438
    Location:
    Milan and Seoul
    Cumulative Update for Windows 10 version 1809 (x64) KB4483235, build now 17763.195
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    Appears this has fixed my dual BIOS initialization loop issue at boot time with virtualization enabled.:thumb:
     
  11. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,438
    Location:
    Milan and Seoul
    Good news...
     
  12. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    493
    Location:
    USA
    I received 234: December 19, 2018—KB4483234 (OS Build 17134.472) for 1803.
     
    Last edited: Dec 20, 2018
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,462
    Location:
    Under a bushel ...
    Yes, I see that also now ...went to check if I need to 'Check for updates' (which seems inadvisable these days), and see that KB with: 'Restart required'.

    That's on my Pro machine (now set to 'Semi-Annual Channel' because I had issues with v1809). My Home machine (set to 'Metered connection') has nothing ... wondering if I should risk a manual check :cautious:.
     
    Last edited: Dec 21, 2018
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    On my 1809 build, this equivalent update auto downloaded. No check for updates required.

    My guess is Microsoft is now penalizing those who set metered connections on to avoid receiving Win Updates automatically. Suspect if you set metered connection off, the update will auto download. Finally, also suspect you will not auto receive the 1809 Feature upgrade since that is supposedly only offered if you manually check for Win Updates.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,462
    Location:
    Under a bushel ...
    :thumb: Thanks @itman, set metered connection off again and will see what happens! :rolleyes:

    Edit: Sure enough, KB4483234 (OS Build 17134.472) for 1803, came through.
     
    Last edited: Dec 22, 2018
  16. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I'm not yet getting it using WuMgr. I don't know how it interacts with the update servers. It downloads wsusscn2.cab via offline mode, so I thought it always show the most recent update. Unless the update you're talking about is one of those in preview.
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    Found my first app issue with 1809.

    Abode Reader is crashing and it's a strange one. Appears its the IE11 add-on that is causing the crash. It is always a memory violation in windows.storage.dll. The strange part is part is the crash is not apparent and a downloaded .pdf displays and can be browsed w/o issue. Tried various mitigations to no success. Also not related to its corresponding Win app exploit settings. Only think enabled in ASLR randomization and no entries exist in the Win event security-mitigations log.

    -EDIT- Further testing shows that crash is occurring after the .pdf document is closed and Adobe Reader is being terminated by IE11. Weird indeed.
     
    Last edited: Dec 22, 2018
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    Finally got my Adobe Reader issue straightened out and I believe it has nothing to do with 1809.

    For some unknown reason, .pdf formatting is the issue. For example if I download the latest Banking Protection test from the Malware Research Group web site, no Reader crash at .pdf close time. However if I download the latest .pdf 360 test report, Reader crashes at .pdf shutdown. Of note is this latest 360 report is formatted differently than previous MRG test reports. So it appears the issue lies in the IE11 add-on Reader is using or again, the way the .pdf is formatted/created.
     
  20. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,164
    Finally had time on this system again. Unfortunately the link does not work how I hoped.

    After entering the service tag the only download available is the A10 BIOS which is already installed; no CCTK...

    Anyone able to download this in another way?
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    Did you try this?
    https://www.neowin.net/forum/topic/823660-dell-latitude-d620-with-intel-core-duo/

    Appears the virtualization setting is in the Post behavior section of the BIOS. If it shows as above; i.e. -off, believe that means it is not enabled.
     
  22. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,164
    Unfortunately I can’t; there’s no such option...

    The only options in POST Behavior here are:
    • Adapter Warnings
    • Fn Key Emulation
    • Fast Boot
    • Keypad (Embedded)
    • Mouse/Touchpad
    • Numlock LED
    • USB Emulation
     
  23. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,164
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    Is Core Isolation in Win Security Center -> Device Center section enabled in Win 10 1803? On my Gigabyte AMD MB, that is only shown if Virtualization is enabled in the BIOS.

    If Core Insolation is not enabled on your build, then indeed Virtualization is not the problem in your 1809 upgrade. If Core Insolation is shown then Virtualization is enabled in the BIOS. Only the Memory Integrity option within Core Isolation requires “Intel VT-x with Extended Page Tables” to enable Hyper-V base security options within Windows 1803/1809.

    -EDIT- Also as far as I am aware of, there is no way to disable Core Isolation in 1803 except to disable Virtualization in the BIOS.
     
    Last edited: Dec 25, 2018
  25. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    77,466
    Location:
    U.S.A.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.