Virtualization based security is bugging me

[Stickybit]

Hi all

I would seem that virtualization based security is bugging me again - even though policies has been in place for quite some time, disabling System Guard Launch, Credential Guard and Hypervisor Enforced Code Integrity with success. This has been working for quite some time, but new it seems to just be enabled again on various devices - causing that nasty little turtle to appear.

Does anyone know if Microsoft did some recent changes, causing virtualization based security to spoil the fun (again)?

Best regards, Sticky

[scottgus1]

New and updated enablers of Microsoft's Hyper-V should be expected at any time. Very often they show up after a Windows update, quite likely after a major update. Run through HMR3Init: Attempting fall back to NEM (Hyper-V is active) again, and if you learn of anything not mentioned, please let us know and we'll add it.

[Stickybit]

The culprit was a new BIOS settings on Lenovo devices: Memory Protection

When this is enabled in BIOS - Windows just ignores Intune / AD policies and enables core protection among others.

Now - we are a paying customer, and to be honest - I'm starting to wonder if VirtualBox is the best solution for us. The thing is, that we cannot continue to just disable security measures, in order to keep our virtualization solution running. Would anyone know if Oracle is attempting to reach some kind of solution, where we can keep those new security measures in place, while still keeping that darned turtle away?

[scottgus1]

Now - we are a paying customer

That's interesting! I think you're the first person in all my 14 years on the forum, that has actually bought an Oracle support contract! Those things are steep!

In which case, you're asking in the wrong place. You have a support channel that doesn't require this forum. Please use the channel provided, they'd be able to support you much better than we the free Virtualbox users could.

FWIW running Virtualbox under Windows Hyper-V has been a goal since 6.0. If Microsoft would just stop moving the goalposts...

[Stickybit]

I got a ticket with Oracle regarding this challenge, and Oracle has proven most helpful. I currently cannot say what the result will be, but the support and developers surely are stepping in. Thumbs up to Oracle.

[multiOS]

@Stickybit

I wish you every success in your efforts. I'm in the fortunate position of having two Windows systems that seem to be highly tolerant of enabled virtualisation-based security (VBS) and do run all VMs smoothly. There seems to be no humanly noticeable (to me) lag in performance and the little green turtle grins happily at the bottom of the screen! Coincidentally(!?), both of these systems are Microsoft Surface devices (different models/ages) but it does suggest (to me) that part of problem many experience may be related to the hardware and/or firmware mix in use, which cannot be easiest of problems for the developers to address given the plethora of PC hardware options available in the market.