Powerspec G433 Windows 11 Pro Device Security Issues

Turbo23dog
edited March 18 in PowerSpec

I have a Powerspec G433 with Windows 11 Pro. Windows Security is reporting that actions are required with Device Security and App/Browser control. When I click on the Device security issue, Windows reports that standard hardware security is not supported. A quick google search indicates I might need to turn on certain hardware features or change settings in the BIOS.

I don’t understand what this all means, other than perhaps to bring the computer into my local Microcenter for help. Are there simple actions I can take to resolve the Device Security issues before taking the computer in to the service department?

Comments

  • PowerSpec_MikeW
    PowerSpec_MikeW PowerSpec Engineer
    2500 Comments Fifth Anniversary 100 Answers 250 Likes

    @Turbo23dog

    System would have shipped with VT-d and TPM 2.0 enabled, which should give you virtualization based security. If it'll support some newer features like SMM, I can check. Please search for an open 'msinfo32'. Check your BIOS version and screenshot the following line. Please expand the column so that we can see it all.

    Virtualization-based security Available Security Properties Base Virtualization Support, DMA Protection, UEFI Code Readonly, SMM Security Mitigations 1.0, Mode Based Execution Control

  • Here’s the screenshot from msinfo

  • hmmm, I can already see that virtualization based security is not enabled. I can guarantee that I didn’t ever knowingly make a change to the BIOS that would have made a change like that.

  • PowerSpec_MikeW
    PowerSpec_MikeW PowerSpec Engineer
    2500 Comments Fifth Anniversary 100 Answers 250 Likes

    @Turbo23dog

    Please try this.

    1. Reboot the PC and tap 'Delete' to enter the BIOS.
    2. Navigate to Advanced - Chipset Configuration.
    3. Check VT-d, if it's disabled, enable it.
    4. Save and exit.
  • So glad to have your help.  

    I followed the steps, opened the BIOS, and found that VT-d was already enabled.  I saved and completed the windows boot. Windows
    Security still showing same problem.

    Any other ideas?


  • PowerSpec_MikeW
    PowerSpec_MikeW PowerSpec Engineer
    2500 Comments Fifth Anniversary 100 Answers 250 Likes

    @Turbo23dog

    How about Advanced - CPU Configuration - Intel Virtualization Technology. Is that enabled? If not, enable it.

  • That option doesn’t appear in the list of options.

  • PowerSpec_MikeW
    PowerSpec_MikeW PowerSpec Engineer
    2500 Comments Fifth Anniversary 100 Answers 250 Likes

    @Turbo23dog

    Did you scroll down? It should be right below CPU Thermal Throttling.

  • oh right. Ok, I scrolled down and found Intel Virtualization

    Technology only to find that it was already enabled. So hopeful that was going to be the answer but nope… Anything else you might think of???

  • PowerSpec_MikeW
    PowerSpec_MikeW PowerSpec Engineer
    2500 Comments Fifth Anniversary 100 Answers 250 Likes

    @Turbo23dog

    You have everything turned on it, it should have auto enabled. Go back into windows. In the search bar type 'core isolation'. Are you able to enable Memory Integrity? That'll turn on VBS.

  • Core Isolation leads to a dead end. The search returns Page not Available which is how this issue began for me. At this point, I’m going to try installing Windows 10 and looking to see if that leads anywhere.

    Thanks again for your insights and help.


  • PowerSpec_MikeW
    PowerSpec_MikeW PowerSpec Engineer
    2500 Comments Fifth Anniversary 100 Answers 250 Likes

    @Turbo23dog

    Device Security is where Memory Integrity would be, click 'Go to Settings' there and see what you have.

  • In a fit of desperation, I downloaded a copy of Windows 10 directly from Microsoft onto an USB, then installed that onto a fresh 1 TB NVME M.2 drive on the motherboard. After initial set up, Windows 10 reported no issues with Device Security. Then I installed several of my usual programs, and checked Security after each installation. This solution seemed to work for me although I”m still left wondering why I had the problem in the first place.

  • PowerSpec_MikeW
    PowerSpec_MikeW PowerSpec Engineer
    2500 Comments Fifth Anniversary 100 Answers 250 Likes
    edited March 21

    @Turbo23dog

    Memory integrity wasn't enabled. It's under Core Isolation in Device Settings. So if the system meets all the requirements, it's supposed to auto enable, which happened on the clean install. My assumption would be auto enablement wasn't supported on the factory image and it wasn't toggled on at any point. This security feature is something that was pushed more recently as there were a lot of problems with compatibility with legacy software and drivers in the past. Most of this has cleared up now.

    For clarity on this. Auto enablement is on installation. It won't toggle itself on after OS updates.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.

We love seeing what our customers build

Submit photos and a description of your PC to our build showcase

Submit Now
Looking for a little inspiration?

See other custom PC builds and get some ideas for what can be done

View Build Showcase

SAME DAY CUSTOM BUILD SERVICE

If You Can Dream it, We Can Build it.

Services starting at $149.99