Device Guard

Device Guard-    a feature to lock Windows 10. Controlled by set policies to control & prohibit under fined applications. This can be applied and will work on a HyperV and Sandbox because HyperV is configured to run on virtualized layers.

Examples of Threats Devices Guard can Detect and Block:

Malicious Codes: Devices Guard compares codes to set policies. If the detected code is not recognized, Device Guard will block these unallowed codes. In the same note, allowed software can be initiated set unknown software that tries to run are blocked.

Boot Threats & Attacks:   If your system has a UEFI feature or as known as secure Boot, Device Guard will block any changes to the boot settings. So, if Device Guard and secure Boot are enabled and you change the boot settings (Boot entries, legacy setting, Boot order, etc...) You will not be able to load your operating System upon turning on your machine and you will be notified on a block screen.

Kernel Attacks: Device Guard works in a virtualized based security in a way that it secures HyperV and in turn secures the kernel as well as the OS. There is a Virtualized Based Security (VBS) setting that can be enabled to secure the kernel mode. When this is enabled, system files are secured and so loading bad drivers and suspicious files will not be deployed.

Devices Guard works on Kernel mode called KMCI and User Mode called UMCT, meaning, Device Guard secures Windows on hardware and software layers.

ABBREVIATION MEANINGS:

KMCT- Kernel Model Code Integrity

UMCT- User Mode Code Integrity

Note: Device Guard use could be a challenge if your environment setting is using line-of-business apps. Read More