Windows 10 Standard hardware security

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
What do I need to do in order to enable this feature, and is it worth the trouble?
Under the category of "Device security" I have Memory integrity on, and Secure boot on.
But I see the message "Standard hardware security not supported."
I have a new desktop, with intel 9th gen, and no discrete GPU.

Windows 10 x64 version 2004
 
F

ForgottenSeer 85179

And for best security you should try to archive "exceeds the requirements for enhanced hardware security".

Sadly my current Ryzen 5-2600 only provide "enchanted" without the "exceeds" but 3000+ Ryzen has the SMM feature. I just wait for 4000 serie and then switch :)
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
F

ForgottenSeer 85179

I see. Not sure how important it is for me to encrypt this desktop, it sits at home.
Encryption is always important. You're protected against thief, against agencies (even if that's not important for normal people) and also most important: your data don't need be wiped as the encryption protects you. Very practical if the drive is to be sold or if it breaks down.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
After I upgraded to 2004, I discovered that if you try to enable memory integrity, and Windows refuses, there is a clickable text at the bottom of the screen that gives you a list of the problems.
I clicked, and found a bunch of Conexant drivers from a fax modem I am not using anymore. I deleted the drivers (I needed to take ownership of them first) and then I was able to enable memory integrity.
 
F

ForgottenSeer 85179

I know that AMD Radeon Software does not support memory integrity turned on.
I use enabled HVCI and use Radeon software without problems.

Only sometimes I get system freeze but that's only once a week so i don't know if it's because of HVCI or driver as the driver still has its own problems
 
Last edited by a moderator:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
After I upgraded to 2004, I discovered that if you try to enable memory integrity, and Windows refuses, there is a clickable text at the bottom of the screen that gives you a list of the problems.
I clicked, and found a bunch of Conexant drivers from a fax modem I am not using anymore. I deleted the drivers (I needed to take ownership of them first) and then I was able to enable memory integrity.
Great find. (y)
I have one incompatible driver:
Aantekening 2020-07-09 095156.png
Searched about it on Google:
IGDKMd64 stands for Intel Graphics Driver Kernel Mode 64-bit
Is there a solution for this on my laptop with Intel HD graphics 4600?
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Great find. (y)
I have one incompatible driver:
View attachment 244003
Searched about it on Google:

Is there a solution for this on my laptop with Intel HD graphics 4600?
Check what graphics driver is actually in use, you should be able to get driver details like that in Device Manager. If you have a newer driver in use, my guess is that you can delete the old one with impunity.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Check what graphics driver is actually in use, you should be able to get driver details like that in Device Manager. If you have a newer driver in use, my guess is that you can delete the old one with impunity.
Thank you for pointing me in the right direction. (y)
After deleting the old Intel driver with Driver Store Explorer, I could enable memory integrity without any problems.
So, now I have Memory Integrity and Secure Boot enabled.
Standard hardware security is not supported because of the lack of an TPM chip in my old Acer laptop.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
Windows tell you if it can't enable it after you try to do.

Also it may be your hardware which doesn't support something so Windows disable it.
See also Enable virtualization-based protection of code integrity - Windows security
What's weird is that I can turn on Memory Integrity and it survives multiple power cycles, but it usually (not always) gets turned off when I do a version update. It has also silently turned itself off a few times, seemingly at random, with no error message.

I found that Microsoft (under Settings> Apps) lists much newer graphics drivers for my HD 520 than Device Manager does, Nov. 2019 vs Nov. 2018 to be precise. Apps also shows WiFi drivers a year newer than what appears in Device Manager. I wonder if one of the old drivers gets loaded randomly at start-up and shuts off Memory Integrity. I may have a look with Driver Store Explorer, though I'm not familiar with that software.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Well, this thread is very beneficial. I'd noticed eons ago that "standard device security is not supported" but never progressed from there because of all the jargon. So, all it boiled down to was going into the BIOS and enabling virtualization, then restarting and toggling Memory Integrity to "on."

Thanks, guys! Very helpful thread, cleared up this small but potentially important issue. And it was so simple. (y)

devsec.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top