vendredi 31 mars 2017
[Windows 10] Device Guard and Credential Guard hardware readiness tool & bleu screen
I want to test the hardware compatibility of the asset of my company for Device Guard and Credential Guard, I launch on a sample of assets a script provided by Microsoft here to be sure that we will not face an hardware incompatibility.
Some days after I face very frequently (once the morning and the afternoon) a friendly SOD (Smiley Of the Death) 0x109 :(.
It happens on every computer I made the test and sometimes with the “verifier” stop error, after investigation with our Microsoft TAM I look carefully inside the PowerShell script used to make the checks for Credential Guard & Device Guard. And by coincidence several lines launch “verifier.exe”:
We could notice on this section of the script that the check of the drivers switch to an “aggressive” mode, and a lot of kernel drivers (the anti-virus for example) don't like it and show it through a SOD 0x109 …
In order to solve this issue we need to go back to a normal mode, in order to do that we need to launch verifier.exe with high privileges. And on the setting screen we choose the option that delete all the settings related to the tool. Don't worry there will not impact anything, indeed this tool is mainly used by the support team of Microsoft when they need to investigate:
After a reboot the SOD disappeared by magic :)