Windows 10 Device Guard against Malware Intrusion


I hope you all found my previous post on Threat Mitigation capabilities of Windows 10 helpful in how these capabilities enables a more secured computing by making things harder for attackers to exploit Windows.

Today, I am going to write about another great feature of Windows 10 Enterprise known as Device Guard which helps a great deal against Malware attack.

Device Guard is designed to lock down a PC to run only trusted applications and Code.  Previous version of Windows has feature called KMCI – Kernel Mode Code Integrity, which allows only signed code to run in the Kernel Mode and protects the sanctity of the Windows Kernel against breaches and exploitation.

With Windows 10, the Code Integrity is now extended to User Mode as well, which means organizations have now better control on the code that runs in the User mode of the OS and protects the device against Malware.

You can configure Code Integrity Policy to run only signed code in the User Mode Environment, which means if there is an unsigned binary attached to an Signed Package, it would not be able to execute.

As we speak today, more than 90 percent of malware out there are all unsigned, So if the policy on the system restricts the execution of Unsigned binary, malware would not be able execute their line of code.

So think of a scenario, you receive a malware infected excel attachment in your Inbox and the email is crafted so well to trick you to open the excel attachment, This will allow the excel sheet to open as Excel.exe is a trusted code and signed by Microsoft, however if there is an attached code in the form of Macro which probably calls a malware executables from someplace else will not execute as that line of code is not signed by anyone.

I have created this small demo video on how Windows Device Guard protects against malware intrusions including Ransomwares like WannaCry and Petya.

In this demo, you’ll see how a well crafted phishing email will trick a user to enable the macro on a excel attachment and injects WannaCry Ransomware on a Windows 7 machine,

We’ll then see how Windows 10 Device Guard blocks the attached code to this excel sheet and prevents the attack.

Enjoy the video


To Learn more about Windows 10 Device Guard. Click Here

If you want to deploy Device Guard on your Windows 10 Enterprise fleet, check this deployment guide.

Do share your comments and feedback