Advice Request Does the sandbox work when Windows' 10 Core Isolation is active?

[rsonic]

Core Isolation disallows virtualization as it uses hyper-v. Is that an issue with Comodo's sandboxing features?

 

[shmu26]

Comodo is incompatible with Core isolation at the present time. I reported this on the Comodo beta forum a while back.

 

[Deleted member 178]

Go Microsoft, go ! with time their built-in security features will send all those vendors using workarounds to dust. LOL


itwt

 

[Azure]

Comodo is incompatible with Core isolation at the present time. I reported this on the Comodo beta forum a while back.

You mean incompatible with the default core isolation or memory integrity?

 

[Deleted member 178]

You mean incompatible with the default core isolation or memory integrity?

Default i guess, same as you can't use a VM while enabling Core Isolation.

 

[shmu26]

You mean incompatible with the default core isolation or memory integrity?

Please explain to me the difference. On my Windows 10 pro x64 1803 machine, they seem to be one and the same.

 

[Azure]

Please explain to me the difference. On my Windows 10 pro x64 1803 machine, they seem to be one and the same.

https://www.howtogeek.com/357757/what-are-core-isolation-and-memory-integrity-in-windows-10/
Apparently core isolation is enabled by default if the following conditions are met.

"Some Core Isolation features are enabled by default on Windows 10 PCs that meet certain hardware and firmware requirements, including having a 64-bit CPU and TPM 2.0 chip. It also requires your PC supports the Intel VT-x or AMD-V virtualization technology, and that it’s enabled in your PC’s UEFI settings."

If you go to security dashboard and click on device security, do you see a section that says 'Core isolation: virtualization-based security is running to protect core parts of your device'?

 

[shmu26]

What Are “Core Isolation” and “Memory Integrity” in Windows 10?
Apparently core isolation is enabled by default if the following conditions are met.

"Some Core Isolation features are enabled by default on Windows 10 PCs that meet certain hardware and firmware requirements, including having a 64-bit CPU and TPM 2.0 chip. It also requires your PC supports the Intel VT-x or AMD-V virtualization technology, and that it’s enabled in your PC’s UEFI settings."

If you go to security dashboard and click on device security, do you see a section that says 'Core isolation: virtualization-based security is running to protect core parts of your device'?

Ah, I see you are right. I did not read the fine print carefully enough. Even if I toggle Memory integrity off, I still see that it says: 'Core isolation: virtualization-based security is running to protect core parts of your device'.
I don't think it was like that when 1803 was first released. I remember that it was an all-or-nothing deal.
So getting back to Comodo: when I found Comodo not to be compatible, that was with memory isolation enabled.

I would like to know what Core isolation is actually doing, if memory isolation is disabled.

EDIT: I see that the "how to geek" article you linked me to answers my question. It says this about Memory integrity:

This feature is a subset of Core Isolation. Windows normally requires digital signatures for device drivers and other code that runs in low-level Windows kernel mode. This ensures they haven’t been tampered with by malware. When “Memory Integrity” is enabled, the “code integrity service” in Windows runs inside the hypervisor-protected container created by Core Isolation. This should make it nearly impossible for malware to tamper with the code integrity checks and gain access to the Windows kernel.