Windows Defender System Guard in Windows 10 Spring Creators Update

Martin Brinkmann
Apr 23, 2018
Updated • Apr 23, 2018
Windows, Windows 10
|
6

Microsoft added a new security feature called Windows Defender System Guard to Windows 10  versions when it released the Fall Creators Update version of the operating system back in October 2017.

Windows Defender System Guard was designed to " create the condition that the integrity of the system can’t be compromised" to protect against boot-level attacks such as rootkits or bootkits.

The new defensive system includes features to protect, maintain and verify the integrity of the Windows system during start up and while it is running using local and remote attestation.

Microsoft introduces the Secure Boot feature in Windows 8 as a counter-measure against boot-level attacks. Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI). Secure Boot added a hardware-based root of trust which prevented that code could be run before the Windows bootloader.

windows defender system guard

Secure Boot moved the first opportunity to attack a Windows computer during the boot phase to the phase in which the other Windows components are loaded.

Windows Defender System Guard protects this phase of the boot process:

This is where Windows Defender System Guard protection begins with its ability to ensure that only properly signed and secure Windows files and drivers, including third party, can start on the device.

At the end of the Windows boot process, System Guard will start the system’s antimalware solution which scans all third party drivers, at which point the system boot process is completed. In the end, Windows Defender System Guard helps ensure that the system securely boots with integrity and that it hasn’t been compromised before the remainder of your system defenses start.

Microsoft revealed recently that devices running Windows 10 will get a feature it calls runtime attestation when they are updated to the next feature update of Windows 10 (Spring Creators Update or April Update).

In Windows 10 Fall Creators Update, we reorganized all system integrity features into Windows Defender System Guard. This move allowed us to continually make significant innovations in platform security.

Windows Defender System Guard runtime attestation, which is built into the core Windows operating system, will soon be delivered in all editions of Windows.

SGRA architecture

Runtime attestation may help in the following scenarios (among others) according to Microsoft:

  • Detecting kernel tampering, rootkits, and exploits (or artifacts thereof).
  • Provide signals for antivirus vendors and endpoint detection and response.
  • Running banking apps or using trading platforms.
  • Enhancing device security-based access policies
  • Anti-cheat scenarios in computer games.

Microsoft is working on an API that security vendors, manufacturers and other parties can make use of to "attest the state of the device at a point in time".

The next feature update of Windows 10 includes the first phase of Windows Defender System Guard runtime attestation according to Microsoft.

With the next update to Windows 10, we are implementing the first phase of Windows Defender System Guard runtime attestation, laying the groundwork for future innovation in this area. This includes developing new OS features to support efforts to move towards a future where violations of security promises are observable and effectively communicated in the event of a full system compromise, such as through a kernel-level exploit.

Related articles

Summary
Windows Defender System Guard in Windows 10 Spring Creators Update
Article Name
Windows Defender System Guard in Windows 10 Spring Creators Update
Description
Microsoft added a new security feature called Windows Defender System Guard to Windows 10 versions when it released the Fall Creators Update version of the operating system back in October 2017.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Shadess said on April 28, 2018 at 1:43 am
    Reply

    Seems pretty cool actually.

  2. chesscanoe said on April 27, 2018 at 4:20 pm
    Reply

    From what I have read, this for now is applicable just to Enterprise and Pro users. Windows 10 version 1803 Home users are left out for now.

  3. AnorKnee Merce said on April 24, 2018 at 8:30 am
    Reply

    Win 10 = nanny OS

  4. Alan said on April 23, 2018 at 8:41 pm
    Reply

    COOL!!

  5. ilev said on April 23, 2018 at 5:34 pm
    Reply

    Is this a scheme to block all 3rd party anti-virus….software ? Example ; Kaspersky’s KIS/KAV demand disabling of Windows Defender (and other real-time anti-virus.. apps).

  6. Roger said on April 23, 2018 at 12:40 pm
    Reply

    â–  Anti-cheat scenarios in computer games.

    So no more Nuke Trooper and Photon Man in Age of Empires DE? 😛

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.