Microsoft has just released a Windows 10 TH2 Enterprise version. The Worry-Free Business Security Services (WFBS-SVC) team is working on compatibility testing with WFBS-SVC agent b.1071. The following issues have been identified:
- Blue Screen of Death (BSOD) occurs on Windows 10 when the Driver Verifier is enabled with VSAPI 9.850.1008.
- Core tech modules stop when Device Guard is enabled
Testing results show that the compatibility issues above occur in Windows 10 TH2 Enterprise x64 platforms under the following scenarios:
- The BSOD is caused when the Driver Verifier feature is enabled while the Code Integrity Checks option is on.
- The Device Guard is turned off by default. When it is turned on, the following modules stop:
- Virus Scan Engine (VSAPI)
- Network Monitoring Driver (tmusa.sys)
- Firewall Driver (tmwfp.sys)
- Early Boot Cleanup Driver (tmebc64.sys)
To enable Driver Verifier:
- Open the Command Prompt as Administrator.
- Type “verifier”.
- Under Select a task, choose Create custom settings (for code developers).
- Click Next.
- Tick the checkbox for Code integrity checks.
- Click Next.
- Choose Select driver names from a list.
- Click Next.
- Tick the checkbox for vsapint.sys.
- Click Finish. The BSOD will happen after reboot.
To enable Device Guard:
- Enable the Unified Extensible Firmware Interface (UEFI) in the basic input/output system (BIOS). For example, in DELL BIOS:
Settings > Secure Boot > Secure Boot Enable
- Go to System Drive > Windows > System32.
- Run gpedit.msc with administrator privilege to edit the Local Group Policy.
- Go to Computer Configuration > Administrative Templates > System > Device Guard.
- Click Turn On Virtualization Based Security. A detailed configuration dialog will appear.
- Choose Enabled.
- Select Enable Virtualization Based Protection of Code Integrity.
- Reboot to apply the changes.
As a temporary workaround, please turn off Device Verifier and Device Guard.
The WFBS-SVC team will finish compatibility testing on January 16, 2016. They will also release a hot fix to address the compatibility issues, but ETA is not available yet.