| Channel | Publish Date | Thumbnail & View Count | Actions |
|---|---|---|---|
 | Publish Date not found |  0 Views |
This video dives deep into the heart of Windows security, revealing 3 critical registry changes that activate Core Isolation even when incompatible drivers aren’t listed! If you see listed incompatible drivers, check out our Part 1 guide: [https://youtu.be/eIKSmU7VAfU].
Now, in Part 2, we’ll guide you through:
5 essential precautions to protect your PC before registry edits (Don’t skip this bonus!)
3 powerful registry hacks to bypass driver conflicts and enable Memory Integrity
Advanced tips & tricks for bulletproof Windows security including the most secure login possible!
No more driver frustrations! Join us as we unlock the full potential of Core Isolation and keep your PC safe from memory attacks. Watch now and experience the power of a truly secure system!
======
Why do incompatible drivers prevent using Memory integrity?
1.https://answers.microsoft.com/en-us/windows/forum/all/can-not-enable-memory-integrity-shows-no/5702e3eb-cbf9-46d7-8757-08ea53a67878
2. https://answers.microsoft.com/en-us/windows/forum/all/windows-11-how-can-i-identify-incompatible-drivers/01efdc26-89d6-4f45-96cb-a02cb53c5e94
======
Time Codes:
00:00 Intro
00:18 Explainer
00:40 Memory Integrity Check
01:30 Safety Steps Registry Edit
02:11 Hypervisor Enforced Code Integrity Reg Chg 1
03:35 Enable Data Execution Prevention SystemPropertiesAdvanced.exe
04:23 Memory Management FeatureSettingsOverride Reg Chg 2
05:02 Kernel Mode Hardware Enforced Stack Protection Reg Chg 3
05:47 **Bonus** Most Secure Win Login!
06:07 Review of All Changes for Fix
6:37 Wrap
Commands
Kernel Mode Hardware Enforced Stack Protection (Registry Change 1/3)
Computer//HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//DeviceGuard//Scenarios//HypervisorEnforcedCodeIntegrity
Enabled dword:00000001
Data Execution Prevention (DEP) : ais a security feature that helps protect your computer from malware and other attacks. It does this by preventing code from being executed from memory that is not intended for code execution.
SystemPropertiesAdvanced.exe: Allows DEP control through system settings.
bcdedit.exe /set {current} nx alwayson
Set to always on and cannot be changed by system settings
bcdedit.exe /set {current} nx OptIn
This will re-enable SystemPropertiesAdvanced.exe ability to control DEP
Kernel protected mode (KPM) Features settings override (Registry Change 2/3)
Computer//HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//Session Manager//Memory Management
FeaturesSettingsOveride dword:00000009
Kernel Protected Mode Feature (KPM) protects the kernel from malicious attacks. KPM is an older feature using software preventing attackers from modifying the kernel. It does this by creating a separate memory space for the kernel, preventing access by user-mode programs. KPM can be bypassed by attackers who have access to the kernel itself.
The difference between a value of 3 and 9 for KPM Features override DWORD values: 3 enables all kernel protected mode features except for the NX bit, & 9 enables all kernel protected mode features, including the NX bit. NX bit prevents code from being executed from memory that is marked non-executable.
The NX bit (No Execute bit) prevents code from executing from memory that is marked non-executable. This protects the system from malware attacks that exploit buffer overflow vulnerabilities.
Setting the value to 9 provides an additional layer of security by preventing malware from executing code from memory that is marked as non-executable. It can also have a negative impact on performance. If you are more concerned about performance, then setting the value to 3 may be more appropriate.
Core Isolation Memory Integrity Protection (Registry Change 3/3)
Computer//HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//DeviceGuard//Scenarios//KernelShadowStacks
Enabled dword:00000001
WasEnabledBy dword:00000001
On boot-up /”WasEnabledBy/” registry value is checked to determine whether memory integrity should be enabled. A value of 1 or 2 will enable it. Boot failure will not disable memory integrity unless the value is 1 and the system detects a problem with memory integrity. If the value is 2, the system will not disable memory integrity even if it detects a problem with memory integrity which could complicate bootup with an errant driver.
Kernel Mode Hardware Enforced Stack Protection (KMHESP) protects the kernel from malicious attacks. KMHESP is a newer feature that uses hardware support to prevent attackers from modifying the stack (memory used by the kernel to store temporary data). Makes it more difficult for attackers to exploit stack-based buffer overflow vulnerabilities. A common way to attack the kernel. Being based on hardware it is more advanced than KPM, but is not fully compatible with all hardware.
#KernelMode #StackProtection #WindowsSecurity #MemoryIntegrity #CoreIsolation
Please take the opportunity to connect and share this video with your friends and family if you find it useful.
