Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Hypervisor Enforced Code Integrity (HVCI) shows as Disabled (0) on registry but enabled on Windows Defender and System Information
Message
<blockquote data-quote="Andrezj" data-source="post: 1015242" data-attributes="member: 97580"><p>how old is your computer?</p><p>your bios might be out of date and it needs update</p><p>are you running windows 10 or 11?</p><p>what edition - it looks like enterprise? (some features will not work right on enterprise unless managed by active directory or intune or other management)</p><p>are you running windows 11 on compatible hardware (hardware that is from 2016 or before can not be compatible with tpm 2.0, it depends upon oem)?</p><p></p><p>that instance of windows shown in your image is not running in a virtual machine, is it?</p><p></p><p>run tpm.msc and check that tpm version 2.0 is available when running (for windows 11)</p><p>run devmgmt.msc and check security devices to confirm tpm is running</p><p></p><p>bitlocker has nothign to do with code integrity (for sure)</p><p></p><p>vitualization features need to be enabled in bios for code integrity</p><p>[URL unfurl="true"]https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity[/URL]</p><p></p><p>ok, i see, microsoft changed legacy code integrity to memory integrity, apologies for saying that code integrity and memory integrity are not connected</p><p>[URL unfurl="true"]https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement[/URL]</p><p></p><p>you already know the keys, settign the code intgreity key to 1 = enabled might displease you because you do not know why it is disabled, but that is the nature of information technology</p><p>[URL unfurl="true"]https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement[/URL]</p><p></p><p>to be certain, do a clean install of windows or restore from a known good backup image or reset your pc</p><p></p><p>you are obviously an advacnced user, did you play with group policy, did you mess with intune, apply mdac, did you do registry hacks, did you disable services, is the system domain joined - these and other advanced topics can all affect code integrity</p><p></p><p>if system domain joined then admin can disable code integrity</p><p></p><p></p><p>the code integrity disabled in the registry but showing as enabled in the windows gui is a known bug</p><p></p><p>the bigger problem is that the firmware protection is disabled, that firmware managed by administrator is an indication of an underlying problem\compatibility issue with hardware\tpm module if system is not managed by active directory\intune or other way</p><p></p><p>enable code integrity by setting registry key should enable firmware protection after system reboot</p><p>if you enable code integrity in registry and it is showing disabled in registry after system reboot then it can be any of a number of things, namely hardware issue</p></blockquote><p></p>
[QUOTE="Andrezj, post: 1015242, member: 97580"] how old is your computer? your bios might be out of date and it needs update are you running windows 10 or 11? what edition - it looks like enterprise? (some features will not work right on enterprise unless managed by active directory or intune or other management) are you running windows 11 on compatible hardware (hardware that is from 2016 or before can not be compatible with tpm 2.0, it depends upon oem)? that instance of windows shown in your image is not running in a virtual machine, is it? run tpm.msc and check that tpm version 2.0 is available when running (for windows 11) run devmgmt.msc and check security devices to confirm tpm is running bitlocker has nothign to do with code integrity (for sure) vitualization features need to be enabled in bios for code integrity [URL unfurl="true"]https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity[/URL] ok, i see, microsoft changed legacy code integrity to memory integrity, apologies for saying that code integrity and memory integrity are not connected [URL unfurl="true"]https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement[/URL] you already know the keys, settign the code intgreity key to 1 = enabled might displease you because you do not know why it is disabled, but that is the nature of information technology [URL unfurl="true"]https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement[/URL] to be certain, do a clean install of windows or restore from a known good backup image or reset your pc you are obviously an advacnced user, did you play with group policy, did you mess with intune, apply mdac, did you do registry hacks, did you disable services, is the system domain joined - these and other advanced topics can all affect code integrity if system domain joined then admin can disable code integrity the code integrity disabled in the registry but showing as enabled in the windows gui is a known bug the bigger problem is that the firmware protection is disabled, that firmware managed by administrator is an indication of an underlying problem\compatibility issue with hardware\tpm module if system is not managed by active directory\intune or other way enable code integrity by setting registry key should enable firmware protection after system reboot if you enable code integrity in registry and it is showing disabled in registry after system reboot then it can be any of a number of things, namely hardware issue [/QUOTE]
Insert quotes…
Verification
Post reply
Top
