Kana uchishandisa Windows 10 kana Windows 11 uye uchinetseka nezvekuchengetedzwa, pamwe wakamboona mu Windows kuchengetedzeka sarudzo dze Kuzviparadzanisa kwepakati y ndangariro kupereraVashandisi vazhinji vanoona yambiro dzakadai sekuti "Memory integrity yakadzimwa, mudziyo wako ungangove uri panjodzi," uye hazvisi nyore nguva dzose kuti zvinorevei kana kuti ungaigonesa sei pasina kukonzera matambudziko. Kana uchida kudzidza zvakawanda, Maitiro ekuchengetedza Windows yako Unogona kutsvaga mamwe mazano.
Mugwaro iri muchawana tsananguro yakakwana, asi mumutauro wakajeka, yekuti chii chaizvo. Kuparadzaniswa Pakati Pepfungwamashandiro azvo ndangariro kupereraGwaro iri rinotsanangura zvinodiwa, maitiro ekuigonesa kuburikidza neWindows graphical options, command line, kana advanced policies, uye zvekuita kana ukasangana nezvikanganiso, blue screens, kana matambudziko ekushanda mushure mekuivhura. Chinangwa ndechekukubatsira kuita sarudzo ine ruzivo nezvekuti unoda here kuigonesa uye, pamusoro pezvose, kuigadzirisa nechivimbo. Unogona zvakare kutarisa [link to relevant documentation/guide/etc.] yedu. gwara rakazara rekuchengetedza uye kuvanzika.
Chii chinonzi Core Isolation uye chii chinoita kuti ndangariro irambe yakasimba?
Iko kufona Kuzviparadzanisa kwepakati Iyi tekinoroji yepamusoro yekuchengetedza yakabatanidzwa muWindows inoshandisa virtualization-based chengetedzo (VBS)Chaizvoizvo, Windows inogadzira nharaunda diki, yakaparadzana yepamhepo mukati mesystem pachayo, iyo inoshanda senzvimbo yekuvimba zvakanyanya uye kubva ipapo zvinoitwa musystem zvinotariswa. kernel uye mune mamwe maitiro akakosha.
Munzvimbo iyoyo yakachengetedzwa, zvinotevera zvinoshanda: ndangariro kuperera, inozivikanwawo se HVCI (Kutendeseka kweHypervisor-Enforced Code)Chinhu ichi chinoda kuti kodhi iri kushanda mu kernel mode isainwe zvakanaka uye iongororwe, uye inodzora zvakanyanya magoverwo uye kugadziriswa kwezviwanikwa. ndangariro yekernel, ichivhara kuedza kunowanzoitwa nemarudzi akawanda emalware kuzvipinza mukati mesystem.
Paunogonesa Core Isolation uye Memory Integrity, Windows inovaka rudzi rwe "virtual wall" yakakomberedza kernel: iyo Windows hypervisor Inoparadzanisa chikamu chendangariro uko kunoongororwa kuvimbika kwekodhi, uye kernel pachayo inodzorwa zvakanyanya. Izvi zvinoomesa basa remunhu chero upi zvake anorwisa achigadzirisa maumbirwo emukati mesystem kana kurodha madhiraivha ane hukasha.
Zvese izvi chikamu chekuchinja kweWindows security model: kernel haichafungidzirwi kuti haibatike, asi inofungidzirwa kuti inogona kurwiswa uye izvi zvinosimbiswa nekuwedzera layer kunomhanya pa kernel iyoyo. isolated virtual environmentInzira yakafanana nekuva ne "micro operating system" yakatsaurirwa kutarisa system huru.
Mabasa uye mabhenefiti ekuchengetedza ndangariro
Kuvimbika kwendangariro hakusi "imwe switch" muWindows Security. Chinhu chakakosha muVBS uye chinopa mabhenefiti akati wandei. zvidimbu zvekudzivirira zvakananga kurwisa kurwiswa kwekernel nevatyairi.
Kune rumwe rutivi, basa iri rinodzivirira Mepu yebitmap yeControl Flow Guard (CFG) Kune vanodzora kernel-mode, CFG itekinoroji inoedza kudzivirira kufamba kwechirongwa kuti chisaendeswe kunzvimbo dzekurangarira dzisingatarisirwi.
Uyezve, kuvimbika kwendangariro inodzivirira maitiro acho pachawo, kodhi integrity mu kernel modeSangano iri rine basa rekuona kuti maitiro nevanodzora vane zvitupa zvinoshanda uye havana kukanganiswa. Nenzira iyi, havasi vamwe chete vanotariswa, asiwo vaongorori pachavo, zvichideredza njodzi yekuti nzira dzekuchengetedza dziparadzwe.
Chimwe chinhu chakakosha ndechekuti inoganhurira zvakanyanya kugoverwa kwendangariro dzekernelNzira dzakawanda dzekusimudzira kodzero kana kuti rootkits dzinosanganisira kuita kuti system ichengetedze ndangariro nenzira chaiyo yekuisa kodhi yakaipa.
Mukuita, zvese izvi zvinoshandura kuvandudzika kunoonekwa mu Muenzaniso wekutyisidzira kweWindowsKernel iyi inobva pakuva chinangwa chiri nyore kuwana kune dzimwe mhuri dzine malware akanyanya kunaka kusvika pakuva yakachengetedzwa zvakanyanya, kunyanya kana ikabatanidzwa nezvimwe zvinhu zvakaita seCredential Guard kana zvimwe zvinodzivirira zvinoenderana nehardware, pamwe chete ASR paWindows.
Mukuita, zvese izvi zvinoshandura kuvandudzika kukuru muWindows threat model: kernel inotangira pakuva chinangwa chinowanikwa nyore nyore kune dzimwe mhuri dzemalware dzakaoma kusvika pakuva yakachengetedzwa zvakanyanya, kunyanya kana ikabatanidzwa nezvimwe zvinhu zvakaita seCredential Guard kana zvimwe zvinodzivirira zvinoenderana nehardware.
Chii chaizvo chinodzivirira Core Isolation paPC yako?
Kuti unzwisise zvizere zvinopihwa nebasa iri, zvinobatsira kusiyanisa pakati midziyo yepakutanga y zvishandiso zvekunzeKupatsanurwa kwemukati uye kuchengetedzwa kwendangariro zvinonyanya kutarisisa kuchengetedza nzira inobatanidza sisitimu kune iyo huru hardware (motherboard, CPU, GPU, RAM, main storage unit…), ndipo panoitika zvinhu zvakaoma zvikuru.
Panguva iyi, zvese zvakabatana kuburikidza USB kana mamwe maports Zvishandiso zvekuchengetera zvinhu zvekunze (zvakaita semakonzo, makiyibhodhi, maprinta, uye nharembozha) zvinoonekwa semidziyo yekunze. Kunyange hazvo zvishandiso izvi zvisiri izvo zvinonyanya kukosha pakombuta, zvinonyanya kukonzera malware. Kusava nepfungwa dzakaipa kunobatsira kuti zviomere malware kurwisa kernel zvakananga, kunyangwe chimwe chezvishandiso izvi chakakanganiswa kana kushandisa driver isina simba.
Zvakakosha kuziva kuti basa iri Hazvitsivi software yeantivirus.Windows Defender (kana Microsoft Defender) ichiri kukosha pakuongorora mafaira, maitiro, uye traffic yenetiweki, uye chikamu chehurongwa hwe Dzivirira PC yako kubva kumatsotsi nekurwiswaKupatsanurwa kwekernel uye kuchengetedzwa kwendangariro zvinoshanda sechikamu chekuwedzera chepasi chinoshanda kana kurwiswa kwaedza kunanga zvakananga sisitimu yekushandisa. Musanganiswa wezvose zviri zviviri unosimbisa zvikuru kuchengetedzeka kwese.
Zvisinei, dziviriro iyi yekuwedzera ine zvayakaipira. mutengo muzviwanikwaKungofanana nesystem yekudzora kupinda ine matanho akawanda inotora nguva yakareba kuti upinde mumba mako, macheki akawanda anoita Windows pakodhi yakaiswa mu kernel, inotora nguva yakawanda nesimba reCPU. Izvi zvinogona kuonekwa pamasystem asina kunyanya kushanda kana mumamiriro ezvinhu akadai semitambo inoda simba rakawanda.
Zvakanakira nezvayakaipira: kuchengetedzeka vs kushanda zvakanaka
Kugonesa Core Isolation uye ndangariro dzakanaka zvinowedzera zviri pachena kuchengeteka kwemaitiroAsi hazvisi zvese zvinonaka. Vazhinji vashandisi vakaona kuti, mushure mekushandisa sarudzo idzi, FPS mumitambo yaderedzwa kana kuti system yacho inonzwa kunge yakarema zvishoma, kunyanya pamakomputa aitove pamuganhu wehardware.
Kunewo zviitiko apo, kana core isolation yaitwa, zvinotevera zvinoonekwa zvidzitiro zvebhuruu zverufu (BSOD) kana zvipingamupinyi zvisinganzwisisike. Muzviitiko zvakawanda izvi, mavambo acho anowanzova akafanana: vatyairi vasingaenderani kana kuti yakagadzirwa zvisina kunaka isingasangane nemitemo yakasimba yekuvimbika kwekodhi inodiwa neHVCI.
Kune rumwe rutivi, kana mashandisirwo ekombuta yako achichengetedza zvishoma (hautore software isingawanzoitiki, unoshanyira mawebhusaiti anovimbwa nawo, unochengetedza system yako ichivandudzwa, uye unosiya Microsoft Defender ichishanda), ungasaona mutsauko mukuru mukuchengetedzeka kana ukavhura Core Isolation, nepo ungaona kurasikirwa kwekushanda, kunyanya mumitambo kana maapplication akanyanya.
Zvinokurudzirwa zvine musoro ndezvinotevera: kana michina yako iri yemazuva ano, Inosangana nezvinodiwa zve virtualizationKana usingaone zvikanganiso paunenge uchivhura chinhu ichi uye usingaone matambudziko makuru ekushanda, zvakakosha kuti Core Isolation ishande. Zvisinei, kana ukatanga kuona kudzikira kwakanyanya kwekushanda kana kusagadzikana, ungafunga kuidzima kana kuishandisa panguva dzakatarwa chete.
Chero zvazvingava, kunyangwe mabasa ese aya achishanda, chinhu chakakosha chinoramba chiri mushandisi: dzivisa kudhawunirodha zvinhu zvisinganzwisisikeKusavhura zvinongedzo zvinofungirwa, kusashanyira mawebhusaiti asina kunaka, uye kuchengetedza zvese zvichivandudzwa kunoramba kuri dziviriro yakanakisisa. Tekinoroji inobatsira, asi haishande zvishamiso kana ukasangwarira paunenge uchitarisa.
Maitiro ekugonesa Core Isolation uye Memory Integrity kubva kuWindows Security
Nzira yakatwasuka uye inooneka yekusimbisa kupatsanurwa kwemukati uye kuchengetedzeka kwendangariro ndeyekuburikidza ne Windows Security applicationiyo yakabatanidzwa muWindows 10 neWindows 11. Matanho acho akafanana zvikuru mumasisitimu ese ari maviri, kunyange zvazvo zita remenyu richichinja zvishoma.
MuWindows 11, unogona kuvhura application nekudzvanya Windows + ini kuti uende kuZvirongwa wozopinda Zvekuchengetedzwa uye Kuchengetedzwa > Kuchengetedzwa kweWindowskwauchaona bhatani rekuvhura. Unogona zvakare kutsvaga "Windows Security" kubva paStart menu kana kudzvanya chiratidzo che blue shield chinowanzoonekwa mu system tray.
Kana wangopinda muWindows Security, enda kuchikamu Kuchengetedzwa kwemidziyoIkoko uchawana chikamu chinonzi Kuparadzaniswa Pakati PepfungwaUngangoona meseji inoratidza kuti Kutendeseka kwendangariro kwakadzimwa uye kuti mudziyo wako ungave usina simba kana ukasaushandisa.
Dzvanya Core insulation detailsChidzitiro chichavhurwa chine sarudzo dzakati wandei dzepamusoro. Chinonyanya kukosha iswichi. Memory kupereraNekuivhura, Windows inotanga kushandisa marongero aya akasimbiswa ekuvimbika kwekodhi ku kernel, zvichidzivirira kurodha kwevatyairi kana kodhi inogona kuva nengozi.
Muchikamu chimwe chete ichocho unogona zvakare kuwana, zvichienderana neshanduro yako yeWindows, sarudzo Microsoft Blocklist yeVatyairi VanotamburaChinhu ichi, icho chinowanzo bvumidzwa nehurongwa hwekare, chinodzivirira mamwe madhiraivha anozivikanwa kuti ane matambudziko akakomba kubva pakurodha. Pamwe chete nekuchengetedza ndangariro, chinopa imwe nhanho yekudzivirira kubva kune madhiraivha ane matambudziko.
Maitiro ekugonesa kuchengetedzwa kwendangariro uye VBS uchishandisa mirairo uye registry
Kana uchitarisira makombiyuta akawanda kana kuti uchida kudzora zviri nani, izvozvo zvinogonekawo. Gonesa Core Isolation uye Memory Integrity kuburikidza nemutsetse wemirairoIzvi zvinosanganisira kugadzirisa zvakananga makiyi chaiwo muWindows Registry. Izvi zvinobatsira zvikuru munzvimbo dzemakambani kana paunenge uchida kugadzirisa otomatiki.
Kutanga, vhura Command Prompt seMutungamiririDzvanya Windows + S, nyora "cmd", tinya kurudyi pa "Command Prompt" wobva wasarudza "Run as administrator". Bvuma chikumbiro cheUser Account Control kana chikaonekwa.
Chinhu chikuru chinoita kuti ndangariro dzive dzakachengeteka chiri mu HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrityMukati mebazi iroro, kukosha akwanise Izvi zvinodzora kana HCVI yakabatidzwa (1) kana kuti yakadzimwa (0). Unogona kuibatidza nemurairo wakafanana neuyu:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v Enabled /t REG_DWORD /d 1 /f
Kuparadzaniswa kwepakati kunoenderana ne virtualization-based chengetedzo (VBS) inogoneswa. Izvozvo zvinodzorwa nekiyi. HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuardIpapo une zvinhu zvakakosha zvakati wandei: semuenzaniso, EnableVirtualizationBasedSecurity (kuti ndibatidze VBS), InodaPlatformSecurityFeatures (kuda dziviriro yakachengeteka yeboot uye DMA ine mavalue akasiyana) uye rakakiyiwa (kuratidza kana UEFI locking yakasimbiswa kana kwete).
Seti yakajairika yemirairo yekugadzirisa VBS neHVCI pasina kukiya zvachose chero chinhu mufirmware inogona kutaridzika seizvi, inogara ichiitwa mukombuta ine ropafadzo dzakakwira:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f
Kushandisa App Control yeBhizinesi nePowerShell
Mumasangano anoshandisa mitemo yekuchengetedza pamakomputa akawanda, Microsoft inopa imwe nzira yekugonesa kuchengetedzwa kwendangariro: Kudzora Mapurogiramu Ebhizinesi, mutsivi weWindows Defender Application Control. Kubva ipapo, HVCI inogona kuiswa sechikamu chemutemo wepakati.
Imwe nzira yakajairika ndeyekushandisa Mubatsiri weKudzora Mapurogiramuiyo inokutungamira pakugadzira kana kugadzirisa mutemo. Mukati memuroyi iyeye, pane peji remitemo yemutemo, unogona kusarudza sarudzo Kuvimbika kwekodhi kunodzivirirwa ne hypervisorIzvi zvinoratidza kuti unoda kugonesa kuchengetedzwa kwendangariro pamidziyo yese inoshandisa mutemo iwoyo.
Imwe nzira ndeyekushandisa PowerShell cmdlet Set-HVCIOptionsIzvi zvinokutendera kuti ugadzire nzira dzakasiyana dzekushanda dzeHVCI, dzakadai sekuongorora, kumanikidzwa kushanda, nezvimwewo. Izvi zvinobatsira zvikuru kana uchida kuyedza kuenderana kwevatongi vako mukuongorora usati wachinja kuenda kumaitiro ekumanikidzwa zvakanyanya.
Chekupedzisira, chero munhu ane ruzivo muXML anogona kugadzirisa zvakananga Faira remutemo weApp Control uye gadzirisa kukosha kwechinhu chacho <HVCIOptions>Izvi zvinobvumira kudzora kwakanyatsojeka pamusoro pekuti kuchengetedzwa kwendangariro kunoshandiswa sei munzvimbo umo makomputa mazhinji anotarisirwa panguva imwe chete.
Maitiro aya ese akanyanya kunangana nemabhizinesi, asi zvakanaka kuziva kuti kuchengetedzwa kwendangariro kunogona kudzorwa kubva pakushandisa uye kubva kumaturusi ekutonga marongero nemanyorerwo, zvichienderana nezvinodiwa nenzvimbo yega yega.
Maitiro ekutarisa kana VBS uye ndangariro integrity zviri kushanda zvechokwadi
Kana wangobvumira VBS uye ndangariro yakasimba, zvine musoro kubvunza kana Vari kushanda zvechokwadi kana kana chimwe chinhu chisina kugadziriswa. Windows inopa nzira dzakasiyana siyana dzekutarisa izvi, zvese nemifananidzo uye kuburikidza nemirairo.
Imwe yedzakanyanya kuzara ndeyekushandisa kirasi yeWMI Win32_DeviceGuardIzvi zvinowanikwa kubva kuPowerShell session ine kodzero dzemutariri. Kumhanyisa murairo wakadai kunogona kugadzira mushumo wakadzama:
Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
Zvinobuda mumurairo uyu zvinosanganisira minda yakaita se Zvivakwa zvekuchengetedza zviripoiyo inonyora kuti ndeapi maficha ekuchengetedza akavakirwa pahardware aripo (hypervisor support, secure boot, DMA protection, NX protections, SMM mitigations, MBEC/GMET, APIC virtualization, nezvimwewo), uye ZvinodiwaZvinhu Zvekuchengetedza, zvinoratidza kuti ndeapi maproperties anodiwa kuti VBS ikwanise kushanda nemazvo.
Uchaonawo minda yakaita se SecurityServicesConfigured y SecurityServicesRunningizvo zvinoratidza kana masevhisi akaita se Credential Guard kana the ndangariro kuperera Dzakagadzirirwa uye kana dziri kushanda zvechokwadi. Semuenzaniso, kukosha kunosanganisira "2" kunowanzo ratidza kuti ndangariro dzakarongeka kana kuti dziri kushanda, zvichiteerana.
Imwe nzvimbo huru ndeye VirtualizationBasedSecurityStatusIzvi zvichakuudza kana VBS yakadzima (0), yakabatidzwa asi isiri kushanda (1), kana kuti yakabatidzwa uye ichishanda zvizere (2). Kuti Core Isolation ishande nemazvo, kukosha uku kunofanirwa kunge kuri 2.
Kana uchida chimwe chinhu chinooneka uye chisina kunyanya kushandiswa pakugadzira zvinhu, unogona kushandisa msinfo32.exeMhanyai purogiramu iyi (semuenzaniso, nekunyora "msinfo32" mubhokisi rekutsvaga reWindows) kubva pachikamu cheropafadzo chakakwirira. Pasi pe Kuongorora kwesisitimu Uchaona bhokisi rakatsaurirwa kuzvinhu zveVBS, richiratidza kana rakabatidzwa uye kuti ndedzipi dziviriro dzine chekuita naro dziri kushanda.
Kuvimbika kwendangariro mumichina chaiyo yeHyper-V
Kuvimbika kwendangariro uye Core Isolation hazvisi zvemidziyo chaiyo chete. Zvinogonawo kugoneswa mukati... Muchina chaiwo weHyper-Vchero bedzi zvimwe zvinodiwa zvikazadzikiswa. Muchiitiko ichocho, VM ine dziviriro yakafanana nePC chaiyo kubva kumalware anoedza kurwisa kernel yemuchina wevashanyi.
Nekuti izvi, izvo Mupi weHyper-V Inofanira kushanda neWindows Server 2016 kana Windows 10 vhezheni 1607, uye muchina wevirtual unofanira kunge uri we chizvarwa 2 uye shandisa vhezheni inoenderana neWindows. Mukati meVM, matanho ekugonesa Core Isolation akafanana neepakombiyuta yenguva dzose.
Zvakakosha kunzwisisa kuvimbika kwendangariro mumuchina chaiwo Chengetedza muenzi, kwete muridzi weimbaMutariri wehost achiri kugona kudzora magadzirirwo eVM uye anogona, kutaura chokwadi, kudzima kutora chikamu kwemuchina wevirtual muVBS nemirairo yakaita se:
Set-VMSecurity -VMName <NombreVM> -VirtualizationBasedSecurityOptOut $true
Core Isolation uye Memory Integrity zvinhu zviviri zvakakosha pakusimbisa Windows security: kushandisa hardware virtualization, zvinowedzera dziviriro yakadzika pamusoro pekernel nemadhiraivha, zvichikwanisa kumisa kurwiswa kwakanyanya kwaimbove ne free rein; zvisinei, kuvhurwa kwavo kunoda kusangana nezvimwe zvinodiwa zvehardware uye kugamuchira kuti, pane mamwe masisitimu kana pakushandiswa kwakaoma, panogona kunge paine mutengo wekubhadhara mukushanda kana kushandira madhiraivha, saka zvinokurudzirwa kunyatsofunga nezvekushandiswa kwavo uye kugara uchivimba nemaitiro akanaka ekuchengetedza paunenge uchitarisa nekuisa software.
