Windows Defender System Guard
The Windows Defender System Guard is created to:
How System Guard works during boot-time
In Windows 7 threats went undetected and installed the Bootkit or Rootkit. The malware starts before Windows boots completely and gets the higher ground. This problem can be avoided if you are running Windows 10 on hardware certified for Windows 8 and above. The hardware ensures only authorized firmware gets through to the bootloader. The Secure Boot feature of the UEFI ensures this feature does not allow malware like bootkit on the system. Windows Defender System Guard protects the device and system from boot-level malware, so attackers don’t have the optimum advantage anymore. System Guard allows only authorized files, drivers, and third-party apps to function during booting. When the booting is complete, System Guard starts the anti-malware to scan third-party drivers post booting. System Guard also ensures that the booting has completed without system integrity having been compromised. Only then does the rest of the system defense come into action.
How System Guard works during runtime
Acquiring ultimate security at the core level is not enough unless it is maintained. Attacks can be kept at bay even if an attacker has the upper hand, by safeguarding the integrity of crucial services and data. Windows 10 came with VBS to help us to isolate the most sensitive data. Windows 10 calls this portion the Windows Defender System Guard container. The hardware-based security required to maintain critical integrity during runtime are Credential Guard, Device Guard, etc. Parts of the Windows Defender Exploit Guard is also one of the many that come under this.
How System Guard works to ensure overall security
It is not enough to acquire and maintain system integrity at the start. Throughout the runtime and after, the system must be ensured free from malware. Windows Defender System Guard helps to validate platform integrity even at this stage. It is good to never assume security no matter how advanced the protection maybe. We must always be breach-ready. This is why System Guard comes with a plethora of technologies to enable remote analysis of system integrity.
During the boot-time of Windows 10, a few integrity measurements are recorded by System Guard using TPM 2.0 and hardware isolated to ensure the data is not tampered with in case of a system breach. This data can now help detect anomalies in configuration, boot components, and more. System Guard seals the data using TPM and keeps it available for remote analysis by management systems like Intune and System Center Configuration Manager. According to the necessity, the management system can deny device access to resources if anything is fishy. Windows 10 brought the Windows Defender System Guard to enable a simplified Windows design and help users maintain and validate the integrity of the platform. Further work on this new System Guard will help make advancements in the field of platform integrity protection. The Windows Defender System Guard is still a work in progress and will give ultimate platform integrity and security to the OS. The future of Windows is in its advanced security system now, and every big and small update is taking it closer to that future. Please check more details about the same on Technet. Read next: Windows Defender Application Control feature in Windows 10.
