Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, February 13, 2019 11:34 AM
Hello, I would like to know how to activate the firmware protection and Kernel DMA protection. In the sector where the memory protection is, I don't have the firmware protection option. When I type msinfo32 it tells me that the DMA kernel protection is disabled. I already tried the classic methods searching on the net as for example with gpedit.msc but none works. It should be noted that I have activated in the bios all virtualization options. I have an i7-7700 and my operating system is windows 10 pro x64. Well if anyone can help me very grateful in advance. Best regards.
All replies (7)
Thursday, February 14, 2019 9:33 AM
Hi,
Systems running Windows 10 version 1803 that do support Kernel DMA Protection do have this security feature enabled automatically by the OS with no user or IT admin configuration required. System Information desktop app (MSINFO32)
BitLocker countermeasures or Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system for other means of DMA protection.
For more information, please read the official link:
/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt
Hope these are helpful.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, February 15, 2019 11:41 AM
Hi. Thank you very much. And how I activate firmware protection. I have windows 10 education and it's compatible. Best regards.
Monday, February 18, 2019 10:04 AM
Hi,
I haven’t found the firmware protection option on my lab Windows 1803 Pro either. Seems there may be some hardware (and probably other) requirements that the system must meet. I found a discuss post for this, you can check the following link for reference: https://malwaretips.com/threads/firmware-protection-windows-1809-how-to-turn-it-on.87387/.
Note: this is a 3rd party link, we don't have any warranties on this website. It's just for your convenience. If any other questions, please feel free to post back.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, February 20, 2019 11:30 AM
Hi,
What is your current situation? Have you solved your issue? Please remember to mark the replies as answers if they help, any other questions please feel free to post back. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, February 20, 2019 2:21 PM | 1 vote
Hey, I already searched the net. I still can't find a way to activate firmware protection. In windows 10 pro this option is not available. I have a compatible windows version and hardware requirements as well. Thank you very much. Best regards.
Thursday, March 12, 2020 2:42 PM
From this post, it sounds like it requires Windows 10 Enterprise: https://sw-euc.com/2017/02/26/virtualization-based-security-vs-thunderbolt-dma-attacks/
Thursday, March 12, 2020 2:53 PM
EDIT: It's more nuanced than that apparently - you need pretty recent hardware to use it. This technote has a couple of tests to run to verify if your hardware supports it, if not they link to the older BitLocker mitigations: https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt