[Suggestion]: Offer the mandatory mode for VBS and memory integrity in Device Guard category

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

https://hotcakex.github.io

MIT License

1.84k stars 143 forks source link

[Suggestion]: Offer the mandatory mode for VBS and memory integrity in Device Guard category #379

Closed HotCakeX closed 2 weeks ago

HotCakeX commented 3 weeks ago

Are you sure the Security measure is not already implemented?

[X] Yes, I have checked and the Security measure I'm suggesting to be implemented is not duplicate. 🫡

Please explain your new Security measure suggestion

Virtualization based security can be enabled in mandatory mode: https://learn.microsoft.com/en-us/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity

Will be offering this as an optional sub-category of the Device Guard category. Will further harden the system and its critical high security components.

beerisgood commented 3 weeks ago

Maybe this is helpfully?: https://github.com/Harvester57/Security-ADMX/releases/tag/1.0.36

HotCakeX commented 3 weeks ago

@beerisgood Thanks but it's simply a reg key and it's in the MS learn website i linked https://learn.microsoft.com/en-us/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity

I'm implementing it as optional sub-category because 👇