Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
36 Views

Win Defender Device Guard: VTSS driver not loadable on Win 10 1703 and BSOD on Win 10 1709

Dear forum,

we recently ran into a problem with Intel VTune™ Amplifier 2018 update 1:

  • Win 10 1703: Failing to start VTSS driver: error 0xfffffffa on "net start vtss"
  • Win 10 1709: BSOD when starting the VTSS driver

After quite a lot of troubleshooting we narrowed the problem down to the following:

  • Together with rolling out Win 10 in the company, our IT department decided to increase security by activating Windows Defender Device Guard
  • If I take away the respective registry keys, everything runs as expected again.

Now our questions:

  • Is there already a version of VTSS (maybe also beta) that is compatible with device guard
  • When will there be an officially released version of VTune / VTSS fully compatible with Defender Device Guard
  • Are there known workarounds for the problem other than deactivation of Device Guard?

Thanks a lot for your help in advance and best wishes,
Brainlab Team

 

0 Kudos
2 Replies
Highlighted
Beginner
36 Views

Just a quick additional note from our IT team regarding what parts of Device Guard we activated - explicitely actually a very small part of it:

We only configure and use the "Credential Guard" but as I just learned that also means that "Isolated LSA", "Virtualization Based Security" and "Hyper-V Hypervisor" + "User Isolation Mode" are e.g. implicitly activated as a result.

Here what we do NOT intend to use:

  • HVCI: Hypervisor Based Code Integrity

  • KMCI: Kernel Mode Code Integrity

  • CCI: Configurable Code Integrity

 

0 Kudos
Highlighted
Employee
36 Views

Hello,

At the moment, this is what we recommend to our customers working on Windows 10 RS3 operating system (version 1709) or later:

The Hyper-V has optional security features: Device Guard and Credential Guard. When either or both of them are enabled, accessing non-architectural PMU MSRs triggers (required for the driver-based hardware event sampling analysis) a general protection fault. For example, offcore response MSRs and uncore related MSRs are non-architectural MSRs. To collect these events, you must disable the security features as follows:

  1. Make sure the security features are running on your system:

    1. Run the msinfo32 command to open the System Information dialog.

    2. In the System Summary, check whether the Virtualization-based Security Services Running item includes Hypervisor enforced Code Integrity and/or Credential Guard values.

  2. Disable these security features by running the Microsoft* DG-CG-Readiness-Tool, available at https://www.microsoft.com/en-us/download/details.aspx?id=53337:

    1. Open Powershell as an administrator and go to the tool installation directory.

    2. Run the tool as follows:

      .\DG_Readiness_Tool_v2.1.ps1 -Disable -CG -DG
    3. Reboot the system.

    4. Make sure the device guard is turned off. The output from msinfo32 should NOT include either Hypervisor enforced Code Integrity or Credential Guard.

0 Kudos