Virtualization-based security uses the Windows hypervisor to create isolated regions of memory from the standard operating systems. Windows can use this security feature to host security solutions while providing greatly increased protection from vulnerabilities in the operating system. For more information, see Virtualization-based Security (VBS).
Virtualization-based security is available for Windows 10, version 1903 (OS build 18362.383) on supported ARM devices that are running on Qualcomm's Snapdragon 850 platform and later versions. When this security feature is enabled, you may experience the following issues if the system is in an unsecure configuration:
- Fingerprint authentication stops working because the fingerprint authentication data is cleared to protect your privacy.
- Digital rights management (DRM)-protected videos can't be played.
The following table lists conditions that might indicate that the system is in an unsecure configuration. The table also lists the corresponding methods to revert the system from this state.
Note To use fingerprint authentication, clear the existing data, and then set up fingerprint authentication again. We recommended that you revert your system to a secure configuration before you do this.
| Condition | Reversion method |
|
Failure to check or enforce the Security Version Number (SVN) of a System Guard Secure Launch process during a secure startup |
Install the latest version of Windows through Windows Update |
|
Startup debugging is being enabled |
Enable Secure Boot |
|
Test-signed code is not completely disabled for execution |
Enable Secure Boot |
|
Microsoft hypervisor self-check detects certain unsafe settings |
Run the following cmdlets to disable the hypervisor debugger and delete the hypervisor load options:
|