Unveiling Microsoft’s Latest Memory Integrity Tool: Enhancing System Security

May 11, 2023 – New Developments in Memory Integrity for Enhanced System Security

In a move aimed at bolstering system security, Microsoft has unveiled a cutting-edge compatibility scanning tool called hvciscan.exe. This innovative tool is designed to assess the compatibility of Hypervisor-protected Code Integrity (HVCI) across a range of operating systems, including Windows 11, Windows 10, and Windows Server. Notably, hvciscan.exe is available exclusively in a 64-bit version, catering to both x86 and Arm architectures.

Memory integrity stands as a crucial feature, rooted in the concept of virtualization-based security (VBS), which serves to safeguard the kernel against the perils of malicious code. By operating within a secure, isolated virtualized environment provided by the Windows Hypervisor, the Kernel Mode Code Integrity (KMCI) ensures the integrity of kernel-mode code execution, effectively shielding it from external threats.

To achieve these heightened security standards, certain hardware requirements are essential. As a result, AMD Ryzen 1000 (Zen1) processors and earlier, along with Intel’s seventh-generation chips, unfortunately, fall short of the necessary criteria for running Windows 11. However, a select few special seventh-generation Intel Core processors do meet the requirements.

Microsoft’s strict hardware prerequisites stem from the advanced hardware-based virtual machine management program acceleration capabilities found in modern AMD and Intel processors. These hardware enhancements enable more efficient handling of code integrity, bolstering overall system security.

Referred to as Mode-Based Execution Control (MBEC) in Intel processors and Guest Mode Execute Trap (GMET) in AMD processors, these features facilitate the implementation of VBS. It is important to note, however, that the adoption of VBS may have performance implications, albeit vital for ensuring comprehensive security measures.

As illustrated in the accompanying image provided by IT Home, users can easily assess the compatibility of their systems by running the hvciscan.exe tool via the command prompt or PowerShell.

HVCIScan – AMD64


Leave a Reply