Halcyon’s Kernel Guard Protection combats the use of signed but vulnerable drivers, ensuring that bad actors cannot exploit this inherent trust to carry out their objectives.
Q: I already use other products and services to notify or mitigate driver vulnerabilities, why should I use Kernel Guard?
A: Many products and services detect driver vulnerabilities reactively instead of proactively. Others rely only on known blocklists, which can quickly fall behind newly detected exploits. Kernel Guard leverages Halcyon's proactive approach to BYOVD attacks to make you aware of vulnerable drivers in your environment faster so you can mitigate the threat sooner.
Q: We are not ready to run Kernel Guard yet. How can I disable this?
A: Create a Support ticket to request Kernel Guard Detection Mode be disabled until your next planned change window.
Q: Can I manage Kernel Guard from Group Policy settings?
A: Currently, Halcyon enables Kernel Guard for you in Detection Mode. Group Policy settings for Kernel Guard are planned for an upcoming release.
Q: Some of the drivers I use contain vulnerabilities. What should I do when Kernel Guard is enabled?
A: Halcyon strongly encourages you to update and/or patch any drivers in your environment that might contain vulnerabilities, as this is an inherent risk of using exploitable Windows drivers. If you are unable to update or patch these drivers, but still require their use, you must add those drivers to Overrides to avoid conflicts. You can learn about creating Overrides here.
Q: How can I learn more about Kernel Guard?
A: Review the Kernel Guard Feature Spotlight here.
Comments
0 comments
Please sign in to leave a comment.