VM detection with new MS memory integrity

Post here messages if you have any problems with working of Enigma Protector
Post Reply
lynx550
Posts: 11
Joined: Tue May 10, 2016 2:57 pm

VM detection with new MS memory integrity

Post by lynx550 »

Hello,
I have noticed that lately my users have expericed the VM detection popup coming up in my software on new computers that have virtualized memory protection (I think from Windows Defender). Our steps to resolve it are below. Is there any setting in Enigma that would stop this behaviour other than turning off the anti-VM system?


In your control panel go to Device Security.
Then click Core Isolation
Then click to turn off Memory Integrity.
lynx550
Posts: 11
Joined: Tue May 10, 2016 2:57 pm

Re: VM detection with new MS memory integrity

Post by lynx550 »

bump.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: VM detection with new MS memory integrity

Post by Enigma »

Hi, can you please check what VM option exactly cause this detection? If it is HyperV (CPU) then recommendation to turn it off.
This option can detect many different virtual machines, but it also may detect it wrongly, if HV function is enabled for CPU (it usually disabled, system enables it for virtual machine functionality only, but sometimes it becomes enabled for even real system).
lynx550
Posts: 11
Joined: Tue May 10, 2016 2:57 pm

Re: VM detection with new MS memory integrity

Post by lynx550 »

According tothis article it user hyper V as part of the protection.
https://www.komando.com/technology/wind ... ty/710369/

However if I disable hyper V detection then will be possible to run the software under Terminal Services using Hyper V?
That is something I definitely don't want to do.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: VM detection with new MS memory integrity

Post by Enigma »

lynx550 wrote: Mon Jan 09, 2023 3:42 am According tothis article it user hyper V as part of the protection.
https://www.komando.com/technology/wind ... ty/710369/

However if I disable hyper V detection then will be possible to run the software under Terminal Services using Hyper V?
That is something I definitely don't want to do.
If Terminal Service is a physical computer, then it won't be detected.

But if it is a virtual machine, then option Hyper-V Guest should detect it.

Worth to check it first.
Post Reply