Intel® Kernel Guard Technology

Policy Examples

Asset to Monitor

Action Result

Control register 4, SMEP flag (CR4:SMEP)

Skip instruction, and then log information

SMEP bit cannot be modified by kernel or any kernel-mode component (platform hardening).

Kernel code pages in memory

On write access, skip instruction

Kernel code pages cannot be modified (kernel immutability).

Kernel code page mapping

On write access, skip the write instruction to the memory

Kernel code page mappings cannot be modified (kernel page-mapping immutability).

Connect to the Team

Ask questions or share your thoughts.

Contact Us