From 08ec7ab09f363848d726bf6debc7e517b71008af Mon Sep 17 00:00:00 2001 From: Tommy Date: Sat, 30 Dec 2023 17:19:40 -0700 Subject: [PATCH] Core Isolation Signed-off-by: Tommy --- Windows Settings/Windows Security.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Windows Settings/Windows Security.md b/Windows Settings/Windows Security.md index 7ecd748..78e0e40 100644 --- a/Windows Settings/Windows Security.md +++ b/Windows Settings/Windows Security.md @@ -4,7 +4,7 @@ ### Cloud-delivered protection -This sends hashes and file paths to Microsoft. Whether to keep this on or not depends on the threat model. +This sends hashes and file paths to Microsoft. Whether to keep this on or not depends on the threat model. I recommend keeping it on on a domain controller and gaming machines. One caveat with this is that if it takes the cloud too long to scan, the computer will just run the executable. Might wanna increase the timeout later to make it less theatric: @@ -65,6 +65,11 @@ Turn Force randomization for images (Mandatory ALSR) to "On by default". # Device Security +## Core Isolation + +- Memory integrity -> Turn on +- Firmware protection -> Turn on + ## Security Processor & Secure Boot If theres aren't on, check the firmware settings. On Parallels, both should pass by default.