diff --git a/src/Configuration/tweaks.yml b/src/Configuration/tweaks.yml index d781f05e03..8ed6b57977 100644 --- a/src/Configuration/tweaks.yml +++ b/src/Configuration/tweaks.yml @@ -332,6 +332,7 @@ features: # ----------------------------------------------------- - tweaks\statuses\status-scripts.yml - tweaks\scripts\script-storage-sense.yml + - tweaks\scripts\script-core-isolation.yml - tweaks\scripts\script-devices.yml - tweaks\scripts\script-cleanup.yml - tweaks\scripts\script-startmenu.yml diff --git a/src/Configuration/tweaks/scripts/script-core-isolation.yml b/src/Configuration/tweaks/scripts/script-core-isolation.yml new file mode 100644 index 0000000000..11eecb9b9c --- /dev/null +++ b/src/Configuration/tweaks/scripts/script-core-isolation.yml @@ -0,0 +1,11 @@ +--- +title: Disable Core Isolation +description: Disables Core Isolation (VBS) based on the user's options +privilege: TrustedInstaller +actions: + - !run: + exe: 'powershell.exe' + args: '-NoP -File "C:\Users\Default\Desktop\Atlas\3. Configuration\5. Security\Core Isolation (VBS)\Current Configuration.ps1" -DisableAllVBS' + exeDir: true + wait: true + option: 'vbs-disable' \ No newline at end of file diff --git a/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1 b/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1 index c00c75282a..80c509db41 100644 --- a/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1 +++ b/src/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Current Configuration.ps1 @@ -1,5 +1,46 @@ +[CmdletBinding()] +param ( + [Parameter()][Switch]$DisableAllVBS, + [Parameter()][Switch]$EnableMemoryIntegrity +) + # https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#validate-enabled-vbs-and-memory-integrity-features +$memIntegrity = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" +$kernelShadowStacks = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\KernelShadowStacks" +$credentialGuard = "HKLM:\System\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard" + +if ($DisableAllVBS) { + Write-Warning "Disabling VBS features..." + + # Memory Integrity + if (Test-Path $memIntegrity) { + New-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 0 -PropertyType DWORD -Force + Remove-ItemProperty -Path $memIntegrity -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path $memIntegrity -Name "WasEnabledBy" -ErrorAction SilentlyContinue + } + + # Kernel-mode Hardware-enforced Stack Protection (Windows 11 only) + if (Test-Path $kernelShadowStacks) { + New-ItemProperty -Path $kernelShadowStacks -Name "Enabled" -Value 0 -PropertyType DWORD -Force + Remove-ItemProperty -Path $kernelShadowStacks -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path $kernelShadowStacks -Name "WasEnabledBy" -ErrorAction SilentlyContinue + } + + # Credential Guard (Windows 11 only) + if (Test-Path $credentialGuard) { + New-ItemProperty -Path $credentialGuard -Name "Enabled" -Value 0 -PropertyType DWORD -Force + Remove-ItemProperty -Path $credentialGuard -Name "ChangedInBootCycle" -ErrorAction SilentlyContinue + Remove-ItemProperty -Path $credentialGuard -Name "WasEnabledBy" -ErrorAction SilentlyContinue + } + exit +} elseif ($EnableMemoryIntegrity) { + Write-Warning "Enabling memory integrity..." + Set-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 1 -Type DWord + Set-ItemProperty -Path $memIntegrity -Name "WasEnabledBy" -Value 2 -Type DWord + exit +} + $pages = @( @{ Title = "VBS Features Running"