- I-Microsoft Defender Credential Guard ihlukanisa iziqinisekiso isebenzisa ukuphepha okusekelwe ku-virtualization, okwenza kube nzima ukuhlasela ngokuhlasela okufana ne-Pass-the-Hash kanye ne-Pass-the-Ticket.
- I-Credential Guard ingavulwa ngokusebenzisa i-Intune, i-Group Policy, noma i-Registry, ngokuhambisana nezidingo zehadiwe, i-firmware, kanye nelayisensi.
- Ukusebenzisa i-Credential Guard kuthinta amaphrothokholi nemisebenzi yakudala, ngakho-ke kubalulekile ukuqinisekisa ukuhambisana kohlelo lokusebenza.
- Ihlanganiswe ne-Microsoft Defender Antivirus kanye ne-Exploit Guard, inikeza ukuzivikela okuqinile ekuntshontshweni kweziqinisekiso kanye nokuxhashazwa kobuthakathaka.
Ukuvikela iziqinisekiso ku-Windows nokuqinisa uhlelo ekuxhashazweni Sekuyinto ecishe ibe yimpoqo kunoma iyiphi indawo yebhizinisi yanamuhla. Ukuhlasela okufana ne-Pass-the-Hash, Pass-the-Ticket, noma ukusetshenziswa kabi kobuthakathaka bezinsuku ezingenalutho kusebenzisa noma yikuphi ukungalungi ekucushweni ukuze kuhambe eceleni kunethiwekhi futhi kulawule amaseva nezindawo zokusebenza ngemizuzu embalwa.
Kulomongo, Ubuchwepheshe be-Microsoft Defender Credential Guard kanye ne-Exploit Guard (kanye nenjini ye-antivirus ye-Microsoft Defender) yizingxenye ezibalulekile zesu lokuphepha ku-Windows 10, Windows 11, kanye ne-Windows Server. Emigqeni elandelayo, uzobona, isinyathelo ngesinyathelo kanye nemininingwane, ukuthi zisebenza kanjani, izidingo zazo, nokuthi ungazisebenzisa kanjani noma uzikhubaze kahle usebenzisa i-Intune, i-Group Policy, i-Registry, i-PowerShell, namanye amathuluzi, ngenkathi ugwema ukwephula ukuhambisana okungadingekile.
Iyini i-Microsoft Defender Credential Guard futhi kungani ibaluleke kangaka?
I-Windows Defender Credential Guard iyisici sokuphepha Yethulwe yi-Microsoft ku-Windows 10 Enterprise kanye ne-Windows Server 2016, lesi sici sincike ekuphepheni okusekelwe ku-virtualization (VBS) ukuze kuhlukaniswe izimfihlo zokuqinisekisa. Esikhundleni se-Local Security Authority (LSA) ephethe ngqo iziqinisekiso ezikwimemori, kusetshenziswa inqubo ye-LSA ehlukanisiwe.LSAIso.exe) kwenziwa endaweni evikelwe.
Ngenxa yalokhu kuzihlukanisa, Isofthiwe yesistimu kuphela enamalungelo afanele engafinyelela ama-hashe e-NTLM kanye namathikithi e-Kerberos (TGT).Iziqinisekiso ezisetshenziswa yi-Credential Manager, ukungena ngemvume kwendawo, kanye neziqinisekiso ezisetshenziswa ekuxhumaneni okufana ne-Remote Desktop akusatholakali. Noma iyiphi ikhodi enonya ezama ukufunda ngqo inkumbulo yenqubo evamile ye-LSA izothola ukuthi lezo zimfihlo azisekho.
Le ndlela inciphisa kakhulu ukusebenza kahle kwamathuluzi akudala ngemva kokusetshenziswa kabi njenge I-Mimikatz yokuhlasela kwe-Pass-the-Hash noma i-Pass-the-TicketLokhu kungenxa yokuthi ama-hashes namathikithi okwakulula ukuwakhipha ngaphambili manje asekhona esitsheni esihlukanisiwe enkumbulweni yokuthi i-malware ayikwazi ukuyibona kalula, noma ngabe inamalungelo okuphatha ohlelweni oluthintekile.
Kufanele kucaciswe lokho I-Credential Guard ayifani ne-Device GuardNakuba i-Credential Guard ivikela iziqinisekiso nezimfihlo, i-Device Guard (kanye nobuchwepheshe bokulawula izinhlelo zokusebenza ezihlobene) igxile ekuvimbeleni ikhodi engagunyaziwe ukuthi isebenze kukhompyutha. Ziyahambisana, kodwa zixazulula izinkinga ezahlukene.
Noma kunjalo, I-Credential Guard akuyona inhlamvu yesiliva ngokumelene noMimikatz noma ngokumelene nabahlaseli bangaphakathiUmhlaseli osevele elawula indawo yokugcina angathatha iziqinisekiso njengoba umsebenzisi ezifaka (isibonelo, nge-keylogger noma ngokufaka ikhodi enqubweni yokuqinisekisa). Futhi akuvimbeli isisebenzi esinokufinyelela okusemthethweni kwedatha ethile ekuyikopisheni noma ekuyikhipheni; I-Credential Guard ivikela iziqinisekiso kwimemori, hhayi ekuziphatheni komsebenzisi.
I-Credential Guard inikwe amandla ngokuzenzakalela ku-Windows 11 kanye ne-Windows Server
Ezinguqulweni zanamuhla ze-Windows, i-Credential Guard ivuselelwa ngokuzenzakalelayo ezimweni eziningi.Kusukela ku-Windows 11 22H2 kanye ne-Windows Server 2025, amadivayisi ahlangabezana nezidingo ezithile zehadiwe, i-firmware, kanye nokucushwa athola i-VBS kanye ne-Credential Guard evuliwe ngokuzenzakalelayo, ngaphandle kokuthi umphathi enze noma yini.
Kulezi zinhlelo, Ukunika amandla okuzenzakalelayo kwenziwa ngaphandle kokukhiya kwe-UEFILokhu kusho ukuthi, yize i-Credential Guard ivulwa ngokuzenzakalelayo, umphathi angayikhubaza kamuva ngokude ngenqubomgomo yeqembu, i-Intune, noma ezinye izindlela, ngoba inketho yokukhiya ayikasebenzi ku-firmware.
Nini I-Credential Guard iyasebenza, futhi ukuphepha okusekelwe ku-virtualization (VBS) nakho kuyasebenza.I-VBS yingxenye edala indawo evikelwe lapho ama-LSA ehlukaniswa khona nalapho kugcinwa khona izimfihlo, ngakho zombili lezi zici ziyahambisana kulezi zinguqulo.
Iphuzu elibalulekile ukuthi Amanani ahlelwe ngokusobala ngumlawuli ahlala ephumelela. phezu kwezilungiselelo ezizenzakalelayo. Uma i-Credential Guard ivuliwe noma ikhutshaziwe nge-Intune, i-GPO, noma i-Registry, leso simo esisetshenziswa ngesandla sisusa ukuvumela okuzenzakalelayo ngemva kokuthi ikhompyutha iqale kabusha.
Ngaphezu kwalokho, uma Idivayisi eyodwa yayikhutshazwe ngokuphelele yi-Credential Guard ngaphambi kokuthuthukela enguqulweni ye-Windows eyivumela ngokuzenzakalelayo.Idivayisi izohlonipha lokhu kungasebenzi ngemva kokubuyekezwa futhi ngeke ivuleke ngokuzenzakalelayo, ngaphandle kokuthi ukucushwa kwayo kushintshwe futhi kusetshenziswa elinye lamathuluzi okuphatha.
Isistimu, ihadiwe, i-firmware nezidingo zokulayisensa
Ukuze i-Credential Guard ikwazi ukunikeza isivikelo sangempelaImishini kumele ihlangabezane nezidingo ezithile zehadiwe, i-firmware, kanye nesofthiwe. Uma amakhono epulatifomu engcono, kulapho izinga lokuphepha elifinyelelekayo liphakama khona.
Okokuqala, I-CPU engu-64-bit iyimpoqo kanye nokuhambisana nokuphepha okusekelwe ku-virtualization. Lokhu kusho ukuthi iprosesa kanye nebhodi lomama kumele zisekele izandiso ezifanele ze-virtualization, kanye nokusebenza kwalezi zici ku-UEFI/BIOS.
Esinye isici esibalulekile yi- i-boot evikelekile (Secure Boot)I-Secure Boot iqinisekisa ukuthi uhlelo luqala ngokulayisha i-firmware nesofthiwe ethembekile nesayiniwe kuphela. I-Secure Boot isetshenziswa yi-VBS kanye ne-Credential Guard ukuvimbela umhlaseli ekushintsheni izingxenye ze-boot ukuze akhubaze noma alawule ukuvikelwa.
Nakuba kungeyona impoqo eqinile, ukuba nayo kunconywa kakhulu. I-Trusted Platform Module (TPM) inguqulo 1.2 noma 2.0Kungakhathaliseki ukuthi isekelwe ku-discrete noma ku-firmware, i-TPM ivumela izimfihlo zokubhala kanye nezihluthulelo ukuthi zixhunywe kwi-hardware, okunezela ungqimba olwengeziwe oluyinkimbinkimbi kakhulu kunoma ubani ozama ukuphatha noma ukusebenzisa kabusha lezo zimfihlo kwenye idivayisi.
Kunconywa kakhulu futhi ukuthi kuvunyelwe Ukukhiya kwe-UEFI kwe-Credential GuardLokhu kuvimbela noma ubani onokufinyelela ohlelweni ukuthi akhubaze ukuvikelwa ngokushintsha nje ukhiye wokubhalisa noma inqubomgomo. Njengoba ukhiye usebenza, ukukhubaza i-Credential Guard kudinga inqubo elawulwa kakhulu futhi ecacile.
Endaweni yokunikeza amalayisense, I-Credential Guard ayitholakali kuzo zonke izinhlelo ze-WindowsNgokuvamile, isekelwa ezinhlelweni zebhizinisi nezemfundo: I-Windows Enterprise ne-Windows Education zinokusekelwa, kuyilapho i-Windows Pro noma i-Pro Education/SE zingayifaki ngokuzenzakalelayo.
I-Los Amalungelo okusebenzisa i-Credential Guard ahlobene namalayisense athile okubhalisela, njenge-Windows Enterprise E3 kanye ne-E5, kanye ne-Windows Education A3 kanye ne-A5. Izinhlelo ze-Pro, maqondana nelayisensi, azinalo ilungelo lokuthola lo msebenzi othuthukisiwe, noma ngabe zisebenzisa i-binary yesistimu yokusebenza efanayo.
Ukuhambisana kohlelo lokusebenza nezici ezikhiyiwe
Ngaphambi kokusebenzisa i-Credential Guard ngobuningiKunconywa ukuthi ubuyekeze ngokugcwele izinhlelo zokusebenza nezinsizakalo ezincike ezindleleni ezithile zokuqinisekisa. Akuzona zonke izinhlelo zokusebenza ezindala ezisebenza kahle nalezi zivikelo, futhi ezinye izinqubo zivinjelwe ngqo.
Uma i-Credential Guard ivuliwe, izici ezibhekwa njengeziyingozi ziyakhutshazwa, ukuze Izinhlelo zokusebenza ezithembele kuzo ziyeka ukusebenza kahleLezi zaziwa ngokuthi izidingo zesicelo: izimo okumele zigwenywe uma ufuna ukuqhubeka nokusebenzisa i-Credential Guard ngaphandle kwengozi.
Phakathi kwezici ezithi Zivinjiwe ngqo phuma:
- Ukuhambisana kokubethela kwe-Kerberos DES.
- Ukudluliselwa kweKerberos ngaphandle kwemingcele.
- Ukukhishwa kwe-TGT ku-Kerberos kusuka ku-LSA.
- Iphrothokholi ye-NTLMv1.
Futhi, Kunezici ezithi, nakuba zingavinjelwe ngokuphelele, zihilele izingozi ezengeziwe uma isetshenziswa kanye ne-Credential Guard. Izinhlelo zokusebenza ezithembele ekuqinisekisweni okungacacile, ukudluliselwa kweziqinisekiso, i-MS-CHAPv2, noma i-CredSSP zibucayi kakhulu, njengoba zingadalula iziqinisekiso ngokungaphephile uma zingalungiselelwanga ngokucophelela.
Nabo baye babhekwa izinkinga zokusebenza ezinhlelweni zokusebenza ezizama ukubopha noma ukusebenzisana ngqo nenqubo ehlukanisiwe LSAIso.exeNgenxa yokuthi le nqubo ivikelwe futhi ihlukanisiwe, noma yimiphi imizamo yokufinyelela ephindaphindwayo ingase yengeze izindleko noma ibangele ukwehla kwezimo ezithile.
Into enhle ukuthi izinsizakalo zesimanje kanye nezinqubo ezisebenzisa i-Kerberos njengendinganisoImisebenzi efana nokufinyelela izinsiza ezabiwe ze-SMB noma i-Remote Desktop elungiselelwe kahle iyaqhubeka nokusebenza ngendlela evamile futhi ayithinteki ekusebenzeni kwe-Credential Guard, uma nje ingaxhomekile emisebenzini yefa eshiwo ngenhla.
Indlela yokuvula i-Credential Guard: Intune, GPO, kanye neRegistry
Indlela ekahle yokusebenzisa i-Credential Guard incike kubukhulu kanye nokuphathwa kwendawo okuyo.Ezinhlanganweni ezinezinhlelo zokuphatha zesimanje, i-Microsoft Intune (MDM) ilula kakhulu, kanti ezizindeni zendabuko ze-Active Directory, i-Group Policy isasetshenziswa kakhulu. Ukuze uthole izinguquko ezinembile noma ukuzenzakalela okuthile, i-Registry isalokhu iyindlela yokukhetha.
Okokuqala, kubalulekile ukuqonda ukuthi I-Credential Guard kumele ivulwe ngaphambi kokujoyina ikhompyutha kusizinda. noma ngaphambi kokuba umsebenzisi wesizinda angene ngemvume okokuqala. Uma kusebenze kamuva, izimfihlo zomsebenzisi nezomshini zingase zibe sezisengozini kakade, okunciphisa inzuzo yangempela yokuvikelwa.
Ngokuvamile, ungavumela i-Credential Guard ngokuthi:
- Ukuphathwa kwe-Microsoft Intune / MDM.
- Inqubomgomo Yeqembu (i-GPO) ku-Active Directory noma kumhleli wenqubomgomo wendawo.
- Ukuguqulwa okuqondile kwe-Windows Registry.
Ngokusebenzisa noma yiziphi zalezi zilungiselelo, Ungakhohlwa ukuthi ukuqala kabusha idivayisi kuyimpoqo. Ukuze izinguquko zisebenze, i-Credential Guard, i-VBS, nazo zonke izingxenye zokuhlukaniswa ziyaqalwa ekuqaleni, ngakho-ke ukushintsha nje inqubomgomo akwanele.
Sebenzisa i-Credential Guard nge-Microsoft Intune
Uma uphatha amadivayisi akho nge-Intune, unezindlela ezimbili Izinketho eziyinhloko: Sebenzisa izifanekiso zokuphepha kwe-Endpoint noma sebenzisa inqubomgomo yangokwezifiso elungiselela i-DeviceGuard CSP nge-OMA-URI.
Ku-portal ye-Intune, ungaya ku-“Endpoint security > Ukuvikelwa kwe-akhawunti” bese udala inqubomgomo entsha yokuvikela i-akhawunti. Khetha ipulatifomu ethi "Windows 10 kanye neyakamuva" kanye nohlobo lwephrofayili oluthi "Ukuvikela i-akhawunti" (ngezinhlobo zayo ezahlukene, kuye ngenguqulo etholakalayo).
Uma uhlela izilungiselelo, Setha inketho ethi "Vula i-Credential Guard" ibe "Vumela nge-UEFI lock" Uma ufuna ukuvimbela ukuvikelwa ukuthi kungakhutshazwa kalula kude, i-Credential Guard "iqiniswe" ku-firmware, iphakamisa izinga lokuphepha ngokomzimba nangokwengqondo kwedivayisi.
Uma amapharamitha esechaziwe, Nikeza inqubomgomo eqenjini eliqukethe amadivayisi noma izinto zomsebenzisi ofuna ukuzivikela.Inqubomgomo izosetshenziswa uma idivayisi ivumelanisa ne-Intune futhi, ngemva kokuqala kabusha okuhambisanayo, i-Credential Guard izosebenza.
Uma ukhetha ukulawula imininingwane yenhlawulo, Ungasebenzisa inqubomgomo eyenziwe ngokwezifiso esekelwe ku-DeviceGuard CSPUkuze wenze lokhu, kuyadingeka ukudala okufakiwe kwe-OMA-URI ngamagama namanani afanele, isibonelo:
| Isethaphu |
|---|
| IgamaNika amandla ukuphepha okusekelwe ku-virtualization OMA-URI: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurityUhlobo lwedatha: int I-Valor: 1 |
| IgamaUkucushwa kwe-Credential Guard OMA-URI: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlagsUhlobo lwedatha: int I-Valor: Inikwe amandla ngokukhiya kwe-UEFI: 1Inikwe amandla ngaphandle kokuvinjwa: 2 |
Ngemva kokusebenzisa le nqubomgomo yangokwezifiso nokuqala kabusha, Idivayisi izoqala nge-VBS kanye ne-Credential Guard esebenzayo., futhi iziqinisekiso zesistimu zizovikelwa esitsheni esihlukanisiwe.
Lungiselela i-Credential Guard usebenzisa inqubomgomo yeqembu
Ezindaweni ezine-Active Directory yendabukoIndlela engokwemvelo kakhulu yokuvumela i-Credential Guard ngobuningi iwukusebenzisa i-Group Policy Objects (GPOs). Ungakwenza lokhu kusuka kumhleli wenqubomgomo wendawo kukhompyutha eyodwa noma kusuka kuMphathi Wenqubomgomo Yeqembu ezingeni lesizinda.
Ukuze ulungiselele inqubomgomo, vula umhleli we-GPO ohambisanayo bese uzulazulela endleleni Ukucushwa Kwekhompyutha > Izibonisi Zokuphatha > Isistimu > Isigadi SedivayisiKuleso sigaba uzothola inqubomgomo ethi "Vumela ukuphepha okusekelwe ku-virtualization".
Lo myalelo ubeka ku- Khetha okuthi "Kuvuliwe" bese ukhetha izilungiselelo zakho ze-Credential Guard ozifunayo ohlwini oluya phansi.Ungakhetha phakathi kokuthi "Kuvuliwe nge-UEFI lock" noma "Kuvuliwe ngaphandle kwe-lock," kuye ngezinga lokuvikelwa ngokomzimba ofuna ukulisebenzisa.
Uma i-GPO isilungisiwe, yixhumanise neyunithi yenhlangano noma isizinda lapho kuhlala khona amakhompyutha aqondiweUngalungisa uhlelo lwayo lokusebenza usebenzisa ukuhlunga kweqembu lokuphepha noma izihlungi ze-WMI, ukuze lusebenze kuphela ezinhlotsheni ezithile zamadivayisi (isibonelo, kuphela kuma-laptop ezinkampani anehadiwe ehambisanayo).
Uma imishini ithola umyalelo bese iqala kabusha, I-Credential Guard izosebenza ngokuya ngokucushwa kwe-GPO., kusetshenziswa ingqalasizinda yesizinda ukuze isetshenziswe ngendlela ejwayelekile.
Nika amandla i-Credential Guard ngokushintsha i-Windows Registry
Uma udinga ukulawulwa okune-granular kakhulu noma ukuzenzakalela ukuthunyelwa ngezikripthiUngalungiselela i-Credential Guard ngqo usebenzisa okhiye beRegistry. Le ndlela idinga ukunemba, ngoba inani elingalungile lingashiya uhlelo lusesimweni esingalindelekile.
Ukuze ukuphepha okusekelwe ku-virtualization kanye ne-Credential Guard kusebenze, Kumelwe udale noma ushintshe okufakiwe okuningana ngaphansi kwezindlela ezithileAmaphuzu ayisihluthulelo yilawa:
| Isethaphu |
|---|
Umzila: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuardIgama: EnableVirtualizationBasedSecurityI-Tipo: REG_DWORDI-Valor: 1 (ivumela ukuphepha okusekelwe ku-virtualization) |
Umzila: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuardIgama: RequirePlatformSecurityFeaturesI-Tipo: REG_DWORDI-Valor: 1 (usebenzisa i-secure boot)3 (ukuvikela i-boot evikelekile + ukuvikela i-DMA) |
Umzila: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LsaIgama: LsaCfgFlagsI-Tipo: REG_DWORDI-Valor: 1 (ivumela i-Credential Guard nge-UEFI lock)2 (ivumela i-Credential Guard ngaphandle kokukhiya) |
Ngemva kokusebenzisa la manani, Qala kabusha ikhompyutha ukuze i-Windows hypervisor kanye nenqubo ye-LSA ehlukanisiwe kusebenzeNgaphandle kwalokho kusetha kabusha, izinguquko zeRegistry ngeke zisebenze ngempela ukuvikelwa kwememori.
Ungahlola kanjani ukuthi i-Credential Guard ivuliwe futhi iyasebenza
Bheka ukuthi inqubo LsaIso.exe Kuvela ku-Task Manager. Kungase kunikeze inkomba, kodwa iMicrosoft ayikubheki njengendlela ethembekile yokuqinisekisa ukuthi i-Credential Guard iyasebenza. Kunezinqubo eziqinile kakhulu, ezisekelwe kumathuluzi esistimu akhelwe ngaphakathi.
Phakathi kwezinketho ezinconyiwe ze Hlola isimo se-Credential Guard Lokhu kufaka phakathi Ulwazi Lwesistimu, i-PowerShell, kanye ne-Event Viewer. Indlela ngayinye inikeza umbono ohlukile, ngakho-ke kufanelekile ukuzijwayelanisa nazo zonke.
Indlela ebonakala kakhulu yilena Ulwazi lwesistimu (msinfo32.exe)Kusukela kumenyu yokuqala, mane nje usebenzise leli thuluzi, khetha "Isifinyezo Sesistimu" bese uhlola isigaba esithi "Running virtualization-based security services" ukuqinisekisa ukuthi "Credential Guard" ivela njengesevisi esebenzayo.
Uma ukhetha into engase ibhalwe phansi, I-PowerShell ingumsizi wakhoKusuka ku-console enamalungelo aphezulu, ungagijima umyalo olandelayo:
(Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).SecurityServicesRunning
Umphumela walo myalo ubonisa, kusetshenziswa amakhodi ezinombolo, ukuthi I-Credential Guard ivuliwe noma cha kulowo mshiniInani U-0 usho ukuthi i-Credential Guard ikhutshaziwe.ngenkathi 1 ikhombisa ukuthi iyasebenza futhi iyasebenza. njengengxenye yezinsizakalo zokuphepha ezisekelwe ku-virtualization.
Ekugcineni, i I-Event Viewer ikuvumela ukuthi ubuyekeze ukuziphatha komlando kwe-Credential Guard.Ukuvula eventvwr.exe Ngokuzulazulela ku-"Windows Logs > System", ungahlunga ngomthombo womcimbi we-"WinInit" bese uthola imiyalezo ehlobene nokuqaliswa kwezinsizakalo ze-Device Guard kanye ne-Credential Guard, eziwusizo ekuhlolweni okwenziwa njalo.
Khubaza i-Credential Guard bese uphatha ukukhiya kwe-UEFI
Nakuba isincomo esijwayelekile siwukugcina i-Credential Guard isebenza Kuzo zonke izinhlelo ezikusekelayo, kwezinye izimo ezithile kungadingeka ukuyikhubaza, kungaba ukuxazulula ukungahambisani nezinhlelo zokusebenza ezindala noma ukwenza imisebenzi ethile yokuxilonga.
Inqubo ngqo ye- Ukukhubaza i-Credential Guard kuncike ekutheni yahlelwa kanjani ekuqaleni.Uma ivuliwe ngaphandle kokukhiya kwe-UEFI, vele ubuyisele izinqubomgomo ze-Intune, i-GPO, noma i-Registry bese uqala kabusha. Kodwa-ke, uma ivuliwe ngokukhiya kwe-UEFI, kudingeka izinyathelo ezengeziwe ngoba ezinye zezilungiselelo zigcinwe eziguqukweni ze-EFI ze-firmware.
Esimweni esithile I-Credential Guard ivuliwe nge-UEFI lockOkokuqala, kufanele ulandele inqubo ejwayelekile yokukhubaza (ukubuyisela iziqondiso noma amanani eRegistry) bese ususa iziguquguquki ze-EFI ezihlobene usebenzisa bcdedit nokusetshenziswa SecConfig.efi ngeskripthi esithuthukisiwe.
Ukugeleza okuvamile kuhilela faka idrayivu ye-EFI yesikhashana, kopisha SecConfig.efi, dala okokufaka okusha kweshaja nge bcdeditLungiselela izinketho zakho ukuze ukhubaze i-LSA ehlukanisiwe bese usetha ukulandelana kwesikhashana kokuqalisa nge-Windows boot manager, kanye nokwehlisa idrayivu ekupheleni kwenqubo.
Ngemva kokuqala kabusha ikhompyutha ngalokhu kulungiselelwa, Ngaphambi kokuba iWindows iqale, kuzovela umlayezo oxwayisa ngoshintsho ku-UEFI.Ukuqinisekisa lo mlayezo kuyimpoqo ukuze izinguquko ziqhubeke futhi ukukhiya kwe-Credential Guard EFI kukhutshazwe ngempela ku-firmware.
Uma okudingayo Khubaza i-Credential Guard kumshini othize we-Hyper-V virtualUngakwenza lokhu usebenzisa i-host, ngaphandle kokuthinta isivakashi, usebenzisa i-PowerShell. Umyalo ojwayelekile ungaba:
Set-VMSecurity -VMName <NombreDeLaVM> -VirtualizationBasedSecurityOptOut $true
Ngaleyo nguqulo, umshini obonakalayo Iyayeka ukusebenzisa i-VBS ngakho-ke iyayeka ukusebenzisa i-Credential Guard noma ngabe uhlelo lokusebenza lwezivakashi lusekela lesi sici, esingaba usizo ezindaweni ezithile zelebhu noma zokuhlola.
I-Credential Guard kumishini ebonakalayo ye-Hyper-V
I-Credential Guard ayigcini nje ngemishini ebonakalayoIngavikela futhi iziqinisekiso ngaphakathi kwemishini ebonakalayo esebenzisa iWindows ezindaweni ze-Hyper-V, inikeze izinga lokuhlukaniswa elifana nalelo elitholakala kwihadiwe yensimbi engenalutho.
Kulezi zimo, I-Credential Guard ivikela izimfihlo ekuhlaselweni okuvela ngaphakathi komshini obonakalayo uqobo.Ngamanye amazwi, uma umhlaseli ephazamisa izinqubo zesistimu ngaphakathi kwe-VM, ukuvikelwa kwe-VBS kuzoqhubeka nokuhlukanisa ama-LSA futhi kunciphise ukuvezwa kwama-hashes namathikithi.
Nokho, kubalulekile ukucacisa ngomkhawulo: I-Credential Guard ayikwazi ukuvikela i-VM ekuhlaselweni okuvela kumsingathi ngamalungelo aphezulu. I-hypervisor kanye nohlelo lwe-host lulawula ngokuphelele imishini ebonakalayo, ngakho-ke umphathi we-host ononya angadlula lezi zithiyo.
Ukuze i-Credential Guard isebenze kahle kulezi zinhlobo zokufakwa, I-Hyper-V host kumele ibe ne-IOMMU (iyunithi yokuphatha imemori yokufaka/yokukhipha) evumela ukuhlukanisa ukufinyelela kwimemori namadivayisi, futhi imishini ebonakalayo kumele ibe Isizukulwane sesi-2, esine-firmware ye-UEFI, okuvumela i-Secure Boot kanye nezinye izici ezidingekayo.
Njengoba lezi zidingo zikhona, Okuhlangenwe nakho kokusebenzisa i-Credential Guard kuma-VM kufana kakhulu nokwemishini ebonakalayo.kufaka phakathi izindlela ezifanayo zokwenza kusebenze (i-Intune, i-GPO, i-Registry) kanye nezindlela zokuqinisekisa (msinfo32, i-PowerShell, i-Event Viewer).
I-Exploit Guard kanye ne-Microsoft Defender: Yenza kusebenze futhi uphathe ukuvikelwa okuvamile
Kanye ne-Credential Guard, uhlelo lokuphepha lwe-Windows lusebenzisa i-Microsoft Defender Antivirus kanye nakubuchwepheshe obufana ne-Exploit Guard, obuhlanganisa imithetho yokunciphisa ubuso bokuhlasela, ukuvikelwa kwenethiwekhi, ukulawula ukufinyelela kumafolda, kanye nezinye izici ezihlose ukunciphisa ijubane le-malware kanye nokunciphisa ukuxhashazwa.
Emaqenjini amaningi, I-antivirus ye-Microsoft Defender ifakwa kusengaphambili futhi iyasebenza ngokuzenzakalelayo Ku-Windows 8, Windows 10, kanye ne-Windows 11, iyatholakala, kodwa kuvamile ukuyithola ingasebenzi ngenxa yezinqubomgomo zangaphambilini, ukufakwa kwezixazululo zezinkampani zangaphandle, noma izinguquko ezenziwe ngesandla ku-Registry.
para Sebenzisa i-Microsoft Defender Antivirus usebenzisa inqubomgomo yeqembu lendawoUngavula imenyu ethi Qala, useshe "Inqubomgomo Yeqembu," bese ukhetha "Hlela Inqubomgomo Yeqembu." Ngaphakathi kokuthi "Ukucushwa Kwekhompyutha > Izifanekiso Zokuphatha > Izingxenye zeWindows > I-Windows Defender Antivirus," uzobona inketho ethi "Cima i-Windows Defender Antivirus."
Uma le nqubomgomo isethwe ku-"Inikwe amandla", kusho ukuthi i-antivirus ikhutshazwe ngenkani. Ukuze ubuyisele ukusebenza kwayo, setha inketho ibe "Ikhutshaziwe" noma "Ayilungiselelwe".Sebenzisa izinguquko bese uvala umhleli. Isevisi izokwazi ukuqala futhi ngemva kokubuyekezwa kwenqubomgomo okulandelayo.
Uma ngaleso sikhathi I-Defender ikhutshazwe ngokusobala ku-RegistryKuzodingeka uhlole umzila HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/Defender bese uthola inani DisableAntiSpywareUsebenzisa i-Registry Editor, ungayivula bese usetha "Idatha ye-Value" yayo ku- 0Ukwamukela ushintsho ukuze kuvunyelwe i-antivirus ukuthi isebenze futhi.
Ngemva kwalezi zinguquko, iya ku-"Qala > Izilungiselelo > Isibuyekezo Nokuphepha > I-Windows Defender" (ezinguqulweni zakamuva, "I-Windows Security") bese Qinisekisa ukuthi inkinobho ethi "Real-time protection" ivuliweUma isavaliwe, yivule ngesandla ukuqinisekisa ukuthi ukuvikela i-antivirus kuqala ngohlelo.
Ukuze uthole ukuvikelwa okuphezulu, kuyanconywa Nika amandla kokubili ukuvikelwa kwesikhathi sangempela kanye nokuvikelwa okusekelwe efwiniKusukela kuhlelo lokusebenza lwe-"Windows Security", iya ku-"Virus & threat protection > Virus & threat protection settings > Manage settings" bese usebenzisa amaswishi ahambisanayo.
Uma lezi zinketho zingabonakali, kungenzeka ukuthi Inqubomgomo yeqembu ifihla isigaba sokuvikela i-antivirus. Ku-Windows Security, hlola okuthi "Ukucushwa Kwekhompyutha > Izifanekiso Zokuphatha > Izingxenye ze-Windows > Ukuphepha kwe-Windows > Ukuvikelwa Kwamagciwane kanye nokusongela" bese uqinisekisa ukuthi inqubomgomo ethi "Fihla igciwane kanye nendawo yokuvikela ukusongela" isethwe ku-"Disabled," kusetshenziswa izinguquko.
Kubaluleke ngokufanayo gcina izincazelo zegciwane zisesikhathini Lokhu kuvumela i-Microsoft Defender ukuthi ibone izinsongo zakamuva. Kusuka ku-Windows Security, ngaphansi kokuthi "Virus & threat protection," ngaphakathi kokuthi "Treat protection updates," chofoza okuthi "Hlola izibuyekezo" bese uvumela ukuthi amasignesha akamuva alandwe.
Uma ukhetha umugqa womyalo, lokho futhi kuyindlela ongakhetha kuyo. Ungaqala isevisi ye-Microsoft Defender kusuka ku-CMD. Cindezela iWindows + R, thayipha cmd Ngemuva kwalokho, ku-Prompt yomyalo (mhlawumbe ngamalungelo aphezulu), sebenzisa:
sc start WinDefend
Ngalo myalo, Isevisi eyinhloko yokulwa namagciwane iyaqala uma nje kungekho zinqubomgomo noma amabhlogo engeziwe akuvimbelayo, okukuvumela ukuthi uqinisekise ngokushesha ukuthi injini iyaqala ngaphandle kwamaphutha.
Ukuze uthole ukuthi ikhompyutha yakho isebenzisa iMicrosoft Defender, mane nje uye ku-"Start > Settings > System" bese uvula i-"Control Panel". Esigabeni esithi "Security and Maintenance", uzothola isigaba esithi "System Security and Protection", lapho Uzobona isifinyezo sesimo sokuvikelwa kwe-antivirus kanye nezinye izinyathelo ezisebenzayo. eqenjini.
Ngokuhlanganisa I-Credential Guard yokuvikela iziqinisekiso ezisenkumbulweni Nge-Microsoft Defender ehlelwe kahle, i-Exploit Guard, kanye nemithetho efanele yokuqinisa, izinga eliphezulu kakhulu lokuphepha lifinyelelwa ngokumelene nokwebiwa kwemininingwane, i-malware ethuthukisiwe, kanye nokuhamba okuseceleni ngaphakathi kwesizinda. Nakuba kuhlale kunezindleko ezihambisana nokuhambisana nezinqubo nezinhlelo zokusebenza ezindala, ukuthuthukiswa kokuphepha okuphelele kungaphezu kwalokho okukhokhela lokhu ezinhlanganweni eziningi.
Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.