6 Replies Latest reply on Jun 15, 2016 10:24 PM by NoSpamPleaze

    Coexistence with new Windows 10 security features

    ralish Enthusiast

      Hi all,

       

      The release of Windows 10 has introduced several new security features that are of particular interest to those of us who operate on secured networks. In particular, Device Guard and Credential Guard (Isolated User Mode). Together, these features provide what Microsoft refers to as Virtualisation Based Security. It's worth taking the time to read up on both of these features for the technical details, but at a high-level, they provide code integrity and credential theft protection respectively by virtualising the bulk of the OS with a small "secure kernel" and "secure user-mode" being responsible for enforcing the relevant security controls across the rest of the system. The idea is that compromise of the underlying OS, even up to and including kernel-mode privileges, shouldn't undermine the protections these features can provide short of a hypervisor exploit as the secure system runs at a higher privilege level than the rest of the operating system, including the NT kernel itself.

       

      The problem is that both of these features require Hyper-V to be enabled, as they're built on top of the virtualisation technology it provides. This is a problem for VMware Workstation as it refuses to run when Hyper-V is enabled. Does VMware have any plans to support coexistence with Hyper-V in certain contexts? Particularly wrt. support for systems where Device and/or Credential Guard are enabled? Are there any unofficial/unsupported workarounds for being able to use VMware Workstation without having to remove these features?

       

       

      Thanks in advance,

      -SDL