Windows 10 Core Isolation deactivation via registry

You can deactivate the Windows 10 Core Isolation function by changing the following Registry Key and therefore do "Tampering with Windows 10 Device Protection Security - Switching off Core Isolation or HypervisorEnforcedCodeIntegrity" 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
Set "Enabled" to
  • 0 = deactivated (off)
  • 1 = activated (on)
Microsoft about Windows 10 Core Isolation or HypervisorEnforcedCodeIntegrity: "Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. Select 'Core isolation details' to enable, disable, and change the settings for core isolation features."

Mitre ATT&CK tactic: Persistence, Defense Evasion
Mitre ATT&CK sub-technique of T1060 or T1019
Required Permissions: HKEY_LOCAL_MACHINE keys require administrator access to create and modify
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

GitLab add role to project member - e.g. from Developer to Maintaner role

GitLab introduced roles. Sometimes in e.g. protected branches or similar events you have to have the Maintaner role, not only the Developer ...