Daar ama dami go'doominta xudunta ah iyo daacadnimada xusuusta gudaha Windows 11/10

Weerarada internetka ayaa isbedelay dhowrkii sano ee la soo dhaafay. Hackers-ku hadda way la wareegi karaan PC-gaaga oo way xidhi karaan faylasha ilaa aad diyaar u tahay inaad lacag siiso. Weerarada noocaan ah waxaa loo yaqaan Ransomware , waxayna adeegsadaan faa'iidooyin heer kernel ah oo isku dayaya in ay ku socodsiiyaan malware-ka leh mudnaanta ugu sareysa, tusaale, WannaCry iyo Petya ransomware. Si loo yareeyo weerarada noocaan ah, Microsoft waxa ay soo saartay qaab kuu ogolaanaya inaad awood u siiso Core Isolation iyo Integrity Memory(Core Isolation and Memory Integrity) si looga hortago weerarradan.

Xarunta Amniga Difaaca(Defender Security Center) Windows ayaa bixisa sifadan. Waxaa loogu yeeraa Ammaanka Aaladda ,(Device Security, ) waxa ay bixisaa ka warbixinta heerka iyo maaraynta sifooyinka amniga lagu dhex dhisay aaladahaaga – oo ay ku jiraan sifada beddelka si loo bixiyo ilaalin la xoojiyey. Si kastaba ha ahaatee, kuma shaqeeyo heerka software; qalabku wuxuu u baahan yahay inuu sidoo kale taageero. Farsameeyahaagu waa inuu taageeraa  Virtualization, kaas oo awood u siinaya Windows 11/10 PC inuu ku socodsiiyo codsiyada weelka, si aanay u helin qaybaha kale ee nidaamka.

Qalabkaagu waa inuu buuxiyaa shuruudaha badbaadada qalabka caadiga ah Tani waxay la macno tahay in aaladdaadu ay taageerto daacadnimada xusuusta iyo go'doominta xudunta ah oo waliba:

  • TPM 2.0 (sidoo kale loo yaqaan processor-kaaga amniga)
  • Boot sugan waa la furay
  • DEP
  • UEFI MAT

Ka yeel Go'doominta Muhiimka(Core Isolation) ah & daacadnimada xusuusta(Memory Integrity) gudaha Windows 11

Nabadgelyada ku salaysan fakarka laguma hawlgelin Windows 11

Waxay u badan tahay inay tahay habka ugu fudud ee lagu suurtagelin karo ama lagu joojin karo Amniga(Security) ku saleysan Virtualization gudaha Windows 11 . Si kale haddii loo dhigo, waxaad u baahan tahay inaad awood u yeelatid go'doominta Core(enable Core isolation) si loo sameeyo. Taas, samee waxyaabaha soo socda:

  • Ka raadi  amniga daaqadaha (windows security ) sanduuqa raadinta Taskbar.
  • Guji(Click) natiijada raadinta shakhsi ahaaneed.
  • U beddelo   tab ammaanka aaladda.(Device security)
  • Guji  ikhtiyaarka faahfaahinta go'doominta Core .(Core isolation details )
  • Daar  badhanka daacadnimada xusuusta  si aad u shido.(Memory integrity )
  • Dib u bilaw kombayutarkaga

Ka yeel go'doominta xudunta(Core Isolation) ah iyo daacadnimada xusuusta(Memory Integrity) gudaha Windows 11/10

Windows Defender Security System ee PC

  1. Soo gal maamule ahaan oo fur Xarunta Amniga Difaacaha Windows(Windows Defender Security Center)
  2. Raadi ikhtiyaarka Amniga Aaladda .(Device Security)
  3. Halkan waa inaad ka hubisaa haddii Go'doonka Core(Core Isolation) ee Virtualization ka yahay kombuyutarkaaga.
  4. Go'doominta xudunta ahi waxa ay (Core isolation)bixisaa(y) sifooyin sugan oo ku salaysan makhluuqaad si loo ilaaliyo qaybaha ubucda ah ee qalabkaaga.
  5. Guji(Click) faahfaahinta go'doominta xudunta(Core) ah, waxaana lagu siin doonaa si aad awood ugu yeelato daacadnimada xusuusta(Memory Integrity) .

Xumaannimada xusuusta(Memory integrity) (Hypervisor-la ilaaliyo daacadnimada koodhka) waa astaanta amniga ee go'doominta Core taasoo ka hortagaysa weerarrada gelinta kood xaasidnimo ah hababka amniga sare. Daar(Toggle) si aad u shido

Go'doonka Muhiimka ah & Daacadnimada Xasuusta

Marka la furo, waxay ku weydiin doontaa inaad dib u bilowdo PC si aad si buuxda u awood u yeelato Integrity Memory(Memory Integrity) .

Haddii mardambe, aad la kulanto arrimo ku habboon codsiga, waxaa laga yaabaa inaad u baahato inaad tan damiso.

la xidhiidha(Related) : daacadnimada xusuusta ayaa cirroobtay ama ma dami doonto/ dami mayso .

Karti ama demi go'doominta xudunta(Core Isolation) ah iyo daacadnimada xusuusta(Memory Integrity) adoo isticmaalaya Diiwaanka

Waxa kale oo aad isticmaali kartaa Diiwaanka(Registry) , si aad awood ugu yeelatid ama aad u joojisid daacadnimada xusuusta(Memory) go'doominta Core addoo isticmaalaya (Core)Registry Editor , raac talaabooyinkan:

  1. Riix Win+R si aad u furto Run dialog.
  2. Ku qor regedit oo ku dhufo badhanka Gelida .(Enter)
  3. Guji ikhtiyaarka Haa .(Yes)
  4. U gudub Scenarios gudaha HKEY_LOCAL_MACHINE .
  5. Midig ku dhufo Scenarios > New > Key .
  6. U sheeg sida HypervisorEnforcedCodeIntegrity .
  7. Midig ku dhufo> New > DWORD (32-bit) Value .
  8. U magacow(Enabled) sidii karti .
  9. Laba-guji si aad u dejiso xogta Qiimaha sida (Value)1 si aad u awood u yeelato iyo 0 si aad u damiso.
  10. Guji badhanka OK
  11. Dib u bilaw kombayutarkaga

Si aad wax badan uga barato tillaabooyinkan, sii wad akhriska.

Ka taxaddar:(Precaution: ) Kahor intaadan u dhaqaaqin tillaabooyinka REGEDIT , ha ilaawin inaad abuurto barta Soo celinta Nidaamka .

Si aad u bilowdo, taabo Win+R si aad u furto Run dialog, ku qor regedit, oo ku dhufo badhanka Enter . Haddii degdega UAC uu ka soo muuqdo shaashaddaada, dhagsii ikhtiyaarka Haa si aad u (Yes )furto Tifaftiraha Diiwaanka .

Marka xigta, u gudub jidka soo socda:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios

Midig ku dhufo furaha Muuqaallada> Cusub (Scenarios )New > Key , oo u magacow HypervisorEnforcedCodeIntegrity(HypervisorEnforcedCodeIntegrity) .

Awood u yeel in aad joojiso gooni-isu-taagga Xudunta ah daacadnimada xusuusta iyadoo la adeegsanayo Tifaftiraha Diiwaangelinta

Markaa, waa inaad abuurtaa REG_DWORD qiime. Taas awgeed, midig-guji HypervisorEnforcedCodeIntegrity > New > DWORD (32-bit) Value , oo u magacow(Enabled) sida karti .

Awood u yeel in aad joojiso gooni-isu-taagga Xudunta ah daacadnimada xusuusta iyadoo la adeegsanayo Tifaftiraha Diiwaangelinta

Sida caadiga ah, waxay la socotaa xogta Qiimaha (Value)0 , taasoo la micno ah inay naafo tahay. Si kastaba ha noqotee, haddii aad rabto inaad awood u yeelatid shaqadan, laba jeer guji si aad u dejiso xogta Qiimaha sida (Value)1 .

Awood u yeel in aad joojiso gooni-isu-taagga Xudunta ah daacadnimada xusuusta iyadoo la adeegsanayo Tifaftiraha Diiwaangelinta

Guji badhanka OK oo dib u bilow kombayutarkaga.

Taasi waxay tidhi, waxaa jira laba ikhtiyaar oo kale oo laga yaabo in la heli karo iyadoo ku xiran qalabka kombuyuutarkaaga.

  1. Processor-ka ammaanku(Security Processor) waxa uu soo baxaa oo keliya haddii aad haysato TPM oo la heli karo qalabkaaga PC. Waa chips discrete oo ay OEM -yada ku iibiyeen Motherboard-ka kombiyuutarka . Si aad uga faa'iidaysato TPM , OEM waa inay si taxadar leh u dhexgelisaa qalabka nidaamka iyo qalabaynta TPM si ay u soo dirto amarada ugana falceliso jawaabaheeda. TPM(TPMs) -yada cusub waxay sidoo kale ku siin karaan faa'iidooyin amni iyo gaar ah qalabka nidaamka laftiisa. Markaa iska hubi inaad kuwaas oo dhan iska hubiso haddii aad iibsanayso PC cusub.
  2. Boot aamin(Secure Boot) ah waxay ka hortagtaa koodka xaasidnimada ah in lagu shubo ka hor OS-kaaga. Way adagtahay in la dildilaaciyo laakiin leh kabo sugan ayaa la daryeelay.

Windows 11/10 waxa kale oo ay bixisaa Hypervisor Protected Code Integrity ( HVCI ) marka aad ku bilowdo rakibo nadiif ah. Kuwa ku jira qalabkii hore, waxay yeelan doonaan awood ay ku doortaan boostada cusboonaysiinta iyagoo isticmaalaya UI ee Xarunta Amniga Difaaca Windows(Windows Defender Security Center) ( WDSC ). Kobcintani waxay hubin doontaa in habka kernel-ka ee xaqiijiya daacadnimada koodka uu ku socdo jawi runtime sugan oo sugan.

Akhriso(Read) : Amniga ku salaysan fakarka lagama shaqaynin Windows 11(Virtualization-based Security not enabled in Windows 11) .



Juliet Hale

About the author

Anigu waxaan ahay windows 10/11/10 xirfadle taageero macaamiisha leh in ka badan 5 sano oo waayo-aragnimo ah. Waxaan sidoo kale ahaa ciyaaryahan aad u firfircoon dhowrkii sano ee la soo dhaafay waxaanan xiiso xoog leh u hayaa xbox One. Diiradayda hadda waa ka caawinta macaamiisha dhibaatooyinka ay ku qabaan nidaamyada Windows 10 ama Windows 11, marar badan iyada oo la adeegsanayo aaladaha adeegga macaamiisha, sida taageerada xarunta wacitaanka iyo caawinta khadka.


Related posts