OpenSource Ghost
Member
I want to keep Virtualization Based Security (VBS) and Hypervisor-based Core Isolation, Memory Integrity, Kernel-mode Hardware Enforced Stack Protection, and Credential Guard, but I do not want Windows Defender. I already have exact registry entries for all VBS features I list. They all exist under Device Guard in both registry and Group Policy.
Is Device Guard the only component I need to preserve? What abouth other Hypervisor components? Some guides say Credential Guard needs Hyper-V enabled in Features.
How do I test if VBS enabled? Registry entries are not indicative of VBS working and some system report tools simply read those entries to make (a false) conclusion that VBS is enabled, even when I disable Virtualization for CPU in BIOS/UEFI to test validy of mentioned conclusions. VBS cannot work without CPU Virtualization instructions and as such, those reporting tools cannot be trusted.
Is Device Guard the only component I need to preserve? What abouth other Hypervisor components? Some guides say Credential Guard needs Hyper-V enabled in Features.
How do I test if VBS enabled? Registry entries are not indicative of VBS working and some system report tools simply read those entries to make (a false) conclusion that VBS is enabled, even when I disable Virtualization for CPU in BIOS/UEFI to test validy of mentioned conclusions. VBS cannot work without CPU Virtualization instructions and as such, those reporting tools cannot be trusted.