none
Windows 10 "Device Guard", will it protect against runtime "binary patching" RRS feed

  • Question

  • Hi,

    Windows 10 "Device Guard" Is used to Control/Prevent execution of specific ( potentially malware ) modules/drivers, and thus, code that is not properly signed will not run, OR, execution of signed code identified to be malecios could be prevented, having that said, does "Device Guard" incorporate any new mechanisms for preventing runtime kernel binary patching, OR, does this runtime protection stay under KPP responsibility and is un-changed on Windows 10 ( Comparing with Windows 8 ) ?

      


    Nadav Rubinstein, See my Blog @ http://nadavrub.wordpress.com


    • Edited by Nadav Rub Saturday, July 18, 2015 5:31 AM
    Saturday, July 18, 2015 5:31 AM

All replies

  • Meaning, it'll prevent having memory pages set with the Execute and Write privileges at the same time ( using the CR0 register )? Isn't this, to a certain extent, redundant to KPP ?

    Nadav Rubinstein, See my Blog @ http://nadavrub.wordpress.com


    • Edited by Nadav Rub Sunday, July 19, 2015 3:08 AM
    Sunday, July 19, 2015 3:06 AM