A few days back, Microsoft released a new tool which will let users check compatibility issues with memory integrity or hypervisor-protected code integrity (HVCI) on Windows 11, Windows 10 and Windows Servers. The tool is simply known as Memory integrity scan tool (hvciscan).
Memory integrity is a feature of Virtualization-based Security (VBS) and essentially runs Kernel Mode Code Integrity (KMCI) in an isolated virtualized Windows Hypervisor part of the memory such that the kernel is kept safe from malicious code.
It is often cited as a reason why Windows 11 does not support AMD Ryzen 1000 (Zen1), Intel 7th Gen, and older chips. Newer Intel and AMD CPUs have special hardware-based acceleration feature for hypervisor which enables a more efficient code integrity handling. On Intel, it is known as Mode-based Execution Control (MBEC), while on AMD it is called Guest Mode Execute Trap (GMET). Even then, VBS can still lead to performance loss.
Here is the full description of the new Memory Integrity scan tool:
Memory integrity scan tool
Use the hvciscan.exe to check for compatibility issues with memory integrity, also known as hypervisor-protected code integrity (HVCI).
System Requirements
Supported Operating System
- Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022
- Windows 10, Windows 11, Windows Server 2016 or higher
Install Instructions:
Download the hvciscan.exe for your system architecture (AMD64 or ARM64). From an elevated command window or PowerShell, run hvciscan.exe. Review the resulting output to identify any incompatibilities.
It is available for download from Microsoft's official Download Center website.
Via: WalkingCat (Twitter)
