Jump to content

Windows 10 Virtual Secure Mode with David Hepkin


Recommended Posts

I found this informative and interesting video at Microsoft's channel 9:

In this video I spent some time with David Hepkin, a member of the Windows engineering team working on Hyper-V, to get a better understanding of the Windows 10 Virtual Secure Mode. I've had the good fortune of learning a lot about Isolated User Mode with several folks in the kernel team. In this installment David describes how virtualization is helping facilitate these new features and describes how the hypervisor even helps protect against illegal memory access from rogue devices and drivers.

Link to post
Share on other sites

Many good links there at Channel9 - thanks

I like to check it out once a week, usually during my Saturday morning pot of coffee.

My favorites are:  "The Defrag Show" and "Defrag Tools":

Link to post
Share on other sites

  • 1 month later...





Virtualization-based security

In the server world, virtualization technologies like Microsoft Hyper-V have proven extremely effective in isolating and protecting virtual machines (VMs) in the data center. Now, with those virtualization capabilities becoming more pervasive in modern client devices, there is an incredible opportunity for new Windows client security scenarios. Windows 10 can use virtualization technology to isolate core operating system services in a segregated, virtualized environment, similar to a VM. This additional level of protection, called virtualization-based security, ensures that no one can manipulate those services, even if the kernel mode of the host operating system is compromised.

Just like with client Hyper-V, Windows itself can now take advantage of processors equipped with second-level address translation (SLAT) technology and virtualization extensions, such as Intel Virtualization Technology (VT) x and AMD V, to create a secure execution environment for sensitive Windows functions and data. This VBS environment protects the following services:

  • Hypervisor Code Integrity (HVCI). The HVCI service in Windows 10 determines whether code executing in kernel mode is securely designed and trustworthy. It offers Zero Day and vulnerability exploit protection capabilities by ensuring that all software running in kernel mode, including drivers, securely allocate memory and operate as they are intended. In Windows 10, kernel mode code integrity is configurable, which allows organizations to scope preboot code execution to their desired configuration. For more information about configurable code integrity in Windows 10, see the Configurable code integrity section.

  • Local Security Authority (LSA). The LSA service in Windows manages authentication operations, including NT LAN Manager (NTLM) and Kerberos mechanisms. In Windows 10, the Credential Guard feature isolates a portion of this service and helps mitigate the pass-the-hash and pass-the-ticket techniques by protecting domain credentials. In addition to logon credentials, this protection is extended to credentials stored within Credential Manager. For more information about Credential Guard, see the Credential Guard section.


To determine whether virtualization is supported for a client machine model, simply run systeminfo from a command prompt window.


VBS provides the core framework for some of the most impactful mitigations Windows 10 offers. Having client machines within your organization that can employ this functionality is crucial to modern threat resistance. For more information about the specific hardware features that each Windows 10 feature requires, including VBS, see the Windows 10 hardware considerations section.


This is the written documentation of what was shown in the video, from TechNet.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.