Windows Defender 现在已与 Windows 安全集成,它在(Windows Security)Windows 11/10中包含一个设备安全(Device Security)部分,旨在让您更好地了解与您的Windows设备集成的安全功能。在这篇文章中,我们将解释什么是Windows 11/10设备安全(Device Security)性,以及如何禁用或隐藏它(如果您愿意)。
Windows 11/10 中的设备安全性
Windows 11/10中的“设备安全(Device Security)”保护区域是保护您的设备的七个区域之一,您可以在Windows 安全中心指定您希望如何保护您的设备。
这七个领域包括——
通常,设备安全(Device Security)可以让您更深入地了解集成到Windows设备中的安全功能。该页面为您提供设备内置安全功能的状态报告和管理——包括切换功能以提供增强的保护。
您在“设备安全性”中看到的内容取决于您的设备内置的安全功能。在此面板上,将看到以下消息之一,具体取决于您设备的系统配置:
- 您的设备符合标准硬件安全要求
- 您的设备满足增强硬件安全性的要求
- 您的设备超出了增强硬件安全性的要求
- 不支持标准(Standard)硬件安全。
通常,可用的功能是 -
- 核心隔离(Core isolation)通过将计算机进程与操作系统和设备隔离开来,提供针对恶意软件和其他攻击的额外保护。您可以在此处启用、禁用和更改核心隔离功能的设置。
- 内存完整性(Memory integrity)有助于防止恶意代码在发生攻击时访问高安全性进程。
- 安全启动(Secure boot)可防止类似 rootkit 的复杂恶意软件在启动期间感染您的系统。
- 安全处理器(Security processor)提供额外的加密功能。
您还可以在此处看到有关您的安全处理器的任何相关错误消息:
- (Device)此设备不支持设备运行状况证明。
- TPM存储不可用。请清除您的TPM。
- 缺少TPM(TPM)测量的启动日志。尝试重新启动您的设备。
- 您的TPM(TPM)有问题。尝试重新启动您的设备。
- 您的安全处理器 ( TPM(TPM) )需要固件更新。
- TPM已禁用,需要注意。
- 您的TPM与您的固件不兼容,并且可能无法正常工作。
- 设备(Device)运行状况证明不可用。请清除您的TPM。
该区域可以对用户隐藏。如果作为管理员,您不希望他们看到或访问该区域,这将很有用。如果您选择隐藏账户(Account)保护区域,它将不再出现在Windows 安全中心(Windows Security Center)的主页上,并且其图标也不会显示在应用程序一侧的导航栏上。
您可能会在设备安全中看到的消息(Device Security)
您的设备符合标准硬件安全要求
这意味着您的设备支持内存完整性和内核隔离,并且还具有:
- TPM 2.0(也称为您的安全处理器)
- 已启用安全启动
- 环保署
- UEFI 垫
您的设备满足增强硬件安全性的要求
这意味着除了满足标准硬件安全的所有要求外,您的设备还开启了内存完整性。
您的设备已启用所有安全核心 PC 功能
这意味着除了满足增强硬件安全的所有要求外,您的设备还开启了系统管理模式(System Management Mode)( SMM ) 保护。(SMM)
不支持标准(Standard)硬件安全
这意味着您的设备至少不符合标准硬件安全要求中的一项。
如何显示或隐藏设备安全性
通过GPEDIT显示或隐藏设备安全性(Hide Device Security)
- 运行 gpedit 打开 组策略编辑器
- 导航到 计算机配置(Computer Configuration) > 管理模板(Administrative templates) > Windows 组件(Windows components) > Windows 安全(Windows Security)>设备安全(Device Security)。
- 打开 隐藏设备安全区域(Hide the Device security area) 设置
- 将其设置为 启用。(Enabled.)
- 单击 确定(OK)。
通过注册表隐藏设备安全性
- 双击下载的 Hide-Device-Security.reg 文件进行合并。
- 在提示上单击 运行。(Run) 在 UAC 提示 上单击 是,然后(Yes)单击确定(OK) 以允许合并。
- 重启电脑即可申请。
- 您现在可以删除下载的 .reg 文件。
通过注册表显示设备安全性
- 双击下载的 Show-Device-Security.reg 文件将其合并。
- 在提示上单击 运行。(Run) 在 UAC 提示 上单击 是,然后(Yes)单击确定(OK) 以允许合并。
- 重启电脑即可申请。
- 您现在可以删除下载的 .reg 文件。
您可以 单击此处(click here)从我们的服务器 下载压缩的注册表文件。(Registry)
What is Device Security in Windows 11/0 and how to hide this area?
Windows Defender has now been integrated with Windows Security and it includes a Device Security section in Windows 11/10, which is meant to give you better insights into the security features integrated with your Windows device. In this post, we will explain what is Device Security in Windows 11/10 and how you can disable or hide it, should you wish to.
Device Security in Windows 11/10
The ‘Device Security‘ protection area in Windows 11/10, is one of the seven areas that protect your device and let you specify how you want your device protected in Windows Security Center.
The seven areas include-
Generally, Device Security gives you greater insight into the security features integrated into your Windows device. The page provides you with status reporting and management of security features built into your devices – including toggling features on to provide enhanced protections.
What you see in ‘Device Security’ will depend on the security features that come built into your device. On this panel, one of the following messages will be seen, depending on your device’s system configuration:
- Your device meets the requirements for standard hardware security
- Your device meets the requirements for enhanced hardware security
- Your device exceeds the requirements for enhanced hardware security
- Standard hardware security not supported.
Typically, the features available are-
- Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. You can enable, disable, and change the settings for core isolation features here.
- Memory integrity can help prevent malicious code from accessing high-security processes in the event of an attack.
- Secure boot prevents rootkit-like sophisticated malware from infecting your system during boot.
- Security processor provides additional encryption features.
This is where you’ll also see any relevant error messages about your security processor:
- Device health attestation isn’t supported on this device.
- TPM storage is not available. Please clear your TPM.
- TPM measured boot log is missing. Try restarting your device.
- There is a problem with your TPM. Try restarting your device.
- A firmware update is needed for your security processor (TPM).
- TPM is disabled and requires attention.
- Your TPM isn’t compatible with your firmware, and may not be working properly.
- Device health attestation isn’t available. Please clear your TPM.
This area can be hidden from users. This can be useful if, as an admin, you don’t want them to see or have access to this area. If you choose to hide the Account protection area, it will no longer appear on the home page of the Windows Security Center, and its icon will not be shown on the navigation bar on the side of the app.
Messages you may see in Device Security
Your device meets the requirements for standard hardware security
This means your device supports memory integrity and core isolation and also has:
- TPM 2.0 (also referred to as your security processor)
- Secure boot enabled
- DEP
- UEFI MAT
Your device meets the requirements for enhanced hardware security
This means that in addition to meeting all the requirements of standard hardware security, your device also has memory integrity turned on.
Your device has all Secured-core PC features enabled
This means that in addition to meeting all the requirements of enhanced hardware security, your device also has System Management Mode (SMM) protection turned on.
Standard hardware security not supported
This means that your device does not meet at least one of the requirements of standard hardware security.
How to Show or Hide Device Security
Show or Hide Device Security via GPEDIT
- Run gpedit to open the Group Policy Editor
- Navigate to Computer Configuration > Administrative templates > Windows components > Windows Security > Device Security.
- Open the Hide the Device security area setting
- Set it to Enabled.
- Click OK.
Hide Device Security via Registry
- Double-click the downloaded Hide-Device-Security.reg file to merge it.
- Click Run on the prompt. Click Yes on UAC prompt and OK to allow the merge.
- Restart PC to apply.
- You can now delete the downloaded .reg file.
Show Device Security via Registry
- Double-click the downloaded Show-Device-Security.reg file to merge it.
- Click Run on the prompt. Click Yes on UAC prompt, and OK to allow the merge.
- Restart PC to apply.
- You can now delete the downloaded .reg file.
You can click here to download the zipped Registry files from our servers.