Categories Tech NewsWindows 10

Windows Defender System Guard runtime attestation coming to Windows systems

Microsoft just announced the launch of a new security technology called Windows Defender System Guard runtime attestation. It’s built into the core Windows operating system and will be delivered to all Windows editions in the near future. Here’s a bit more about the technology and the security benefits it can offer.

What is Windows Defender System Guard runtime attestation?


At its most basic level, Windows Defender System Guard runtime attestation is a client API that will eventually be exposed to a relying party. The idea is that it gives users a method for attesting to the state of their devices and then a way to perform runtime reports in order to evaluate system components.

This security update is thanks in part to the company’s recent reorganization of system integrity features in the Windows 10 Fall Creators Update. This is where Windows Defender System Guard came to be, allowing the company to continually update and add innovations in the area of platform security. So once the first phase of Windows Defender System Guard runtime attestation is added to the Windows platform, it will also be continually updated with new features and support in an effort to create an environment where security violations are observable and effectively communicated in the event of a full system compromise, such as through a kernel-level exploit.

How does it work?

Currently, Microsoft is working toward providing an API that relying parties can use to attest to the state of their devices at that particular point in time. Then, the API returns a runtime report that details all of those claims about the security posture of the system, including assertions about sensitive system properties.

For each runtime report to actually have meaning, it has to provide reasonable resistance against tampering. This means that the generation must be isolated from an attacker, it must be attestable, and it must be cryptographically signed in a manner that is irreproducible outside the isolated environment. Virtual Secure Mode and VBS enclaves are sometimes used in order to create virtualized environments that allow users to pinpoint the data that is secure.

Once you have data that can be included in trusted reports, Windows Defender System Guard can perform a runtime measurement in order to assert the system integrity at runtime, with the security level attesting to security posture.

There are a lot more details that go into the new security feature. You can learn more on Microsoft’s website and then look out for it in the next Windows update.

Annie Pilon

Annie Pilon is a freelance writer specializing in topics related to business, marketing, social media, and tech. She has a degree in journalism and marketing from Columbia College Chicago and currently works and lives in Michigan.

Published by
Annie Pilon

Recent Posts

Cybersecurity 101: Close the door on open network shares

If you have open network shares on your network, you are opening the door to…

2 hours ago

Spear-phishing email results in U.S. gas pipeline ransomware attack

A spear-phishing email has resulted in a U.S. gas pipeline ransomware attack. Making the attack…

6 hours ago

Planning your Azure reserved instances and flexibility groups

To really lower your Azure costs, you need actionable information. Get info on flexibility groups…

9 hours ago

MGM Resorts customer data breach still being utilized by hackers

Data stolen from breaches often live on forever, as appears to be the case with…

1 day ago

Arranging and organizing pages in an Azure DevOps Wiki

If you have set up an Azure DevOps Wiki, there are two ways to organize…

1 day ago

Rocket to the cloud: Anthos speeds Google’s rise in the enterprise market

Anthos is Google’s hybrid and multicloud platform. This platform is cloud-agnostic and has an incredible…

1 day ago