It would be interesting to see some real-world statistics for how HVCI affects performance. Both with a modern-enough CPU to support the performance enhancements that @dwizzzleMSFT mentioned, as well as with systems that aren't so lucky.
-
-
I didn't run any benchmarks, but I didn't see any noticeable performance difference on 7th Gen or later with HVCI on.
1 reply 0 retweets 1 like -
This is expected you would only see smaller changes in specific benchmarks which is why we should clarify the docs
1 reply 0 retweets 1 like -
And just in case anyone is tempted to kick the wheels on HVCI, be aware that the 7th Generation Intel Core processors that support the optimization required to use it efficiently was released 3 years ago. If your computer isn't "new" or if you use VMware, you're probably SOL.
1 reply 0 retweets 1 like -
I don't know if I agree that it's required to use it "efficient" MBEC is about getting you close to perf neutral. HVCI without MBEC still has light years less overhead than less effective protectiona like AV
1 reply 0 retweets 2 likes -
This is where I'd like to see some benchmarks I guess. Greg says on an older processor the machine became essentially unusable. I cannot test this myself as my work machine has VMware Workstation on it and so anything needing Hyper-V is out of the question. My home PC is too old.
1 reply 0 retweets 1 like -
If he could submit an issue from the feedback tool I'd be happy to look into it. We have had some issues with microcode firmware updates so it would be good to look at. If overhead is user perceptible there is a problem we should look at as that's unexpected even for older cpu
1 reply 0 retweets 1 like -
Although now that I look at what I just typed, saying that my home PC "is too old" already factors in the potentially-incorrect assumption that a CPU earlier than a 7th Generation Intel Core won't efficiently use HVCI. It's perhaps an excellent test case for testing the impact.
1 reply 0 retweets 0 likes -
Replying to @wdormann @dwizzzleMSFT and
Or maybe not... Sigh.pic.twitter.com/Rf4eiZ41JV
1 reply 0 retweets 0 likes -
You have a driver that either allocates rwx pages or hasn't merged IAT and thus has executable code in data section
1 reply 0 retweets 2 likes
I suppose the obvious question at this point is: How do I determine the faulting driver? Is it logged in the Event Viewer somewhere? Perhaps for increased adoption, the error dialog could name names (if possible).
-
-
Yeah it's logged in the device guard informational log, all of this is the wonderful deployment guide
1 reply 0 retweets 3 likes - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.