Windows 10 Core Isolation deactivation via registry

You can deactivate the Windows 10 Core Isolation function by changing the following Registry Key and therefore do "Tampering with Windows 10 Device Protection Security - Switching off Core Isolation or HypervisorEnforcedCodeIntegrity"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity

Set "Enabled" to

• 0 = deactivated (off)
  
• 1 = activated (on)
  

Microsoft about Windows 10 Core Isolation or HypervisorEnforcedCodeIntegrity: "Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. Select 'Core isolation details' to enable, disable, and change the settings for core isolation features."

https://support.microsoft.com/en-us/help/4096339/windows-10-device-protection-in-windows-defender-security-center

Mitre ATT&CK tactic: Persistence, Defense Evasion

Mitre ATT&CK sub-technique of T1060 or T1019

Required Permissions: HKEY_LOCAL_MACHINE keys require administrator access to create and modify