Unable to enable Meltdown mitigation after installing updated Microcode

Discussion in 'Windows OS and Software' started by Starlight5, May 8, 2019.

  1. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    506
    Messages:
    2,878
    Likes Received:
    1,340
    Trophy Points:
    181
    meltdown-problem.png

    Could somebody please kindly explain what is going on? I tried messing with FeatureSettingsOverride, setting it to 0 or 8 and rebooting the machine afterwards - nothing changes, InSpectre still reports the machine vulnerable to Meltdown. It is running Windows 10 1809, with manually installed KB4465065 microcode update. Before applying KB4465065, InSpectre was reporting the machine mitigated against Meltdown and vulnerable to Spectre. I want it protected against both.
     
    Vasudev likes this.
  2. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    6,327
    Messages:
    9,929
    Likes Received:
    7,233
    Trophy Points:
    681
    I've the same issue on my Ivybridge, meltdown and spectre updates can't be disabled or enabled at all.
     
    Starlight5 likes this.
  3. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    506
    Messages:
    2,878
    Likes Received:
    1,340
    Trophy Points:
    181
    The machine in question is Apollo Lake. Powershell script reports that Meltdown protection is not needed:
    Code:
    KVAShadowRequired:False
    But what exactly does that mean,? That Intel/Microsoft think the performance will be so abysmal if Meltdown in addition to Spectre is enabled? Or that they somehow patched Meltdown but InSpectre doesn't detect that?

    I would really appreciate feedback from other users of similar machines - Atoms and Atom-derived Celerons and Pentiums, Surface 3 users in particular.
     
    Vasudev likes this.
  4. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    6,327
    Messages:
    9,929
    Likes Received:
    7,233
    Trophy Points:
    681
    Apollo lake means 8th gen CPU, right? I think OS level patching isn't needed!
     
    Starlight5 likes this.
  5. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    506
    Messages:
    2,878
    Likes Received:
    1,340
    Trophy Points:
    181
    More like 7th Gen. InSpectre says it is vulnerable, though. It said it was patched against Meltdown but vulnerable to Spectre until I applied the Intel Microcode Windows update.
     
  6. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    6,327
    Messages:
    9,929
    Likes Received:
    7,233
    Trophy Points:
    681
    Do you have Core isolation mode turned ON in Win defender?
     
    Starlight5 likes this.
  7. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    506
    Messages:
    2,878
    Likes Received:
    1,340
    Trophy Points:
    181
    I have Windows Defender disabled, and rely on Avast Free only.
     
    Vasudev likes this.
  8. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    6,327
    Messages:
    9,929
    Likes Received:
    7,233
    Trophy Points:
    681
    Try disabling Script scanning technique. I think 3rd party uses WD's superior script scanning and analysis to catch PS1 scripts drive by attacks. I have a similar setting in Kaspersky Security cloud.
     
    Starlight5 likes this.
  9. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    506
    Messages:
    2,878
    Likes Received:
    1,340
    Trophy Points:
    181
    My WD is completely disabled by OOSU10, it shouldn't be used from my understanding. And I sadly don't understand how it helps with enabling both Spectre and Meltdown protections.
     
  10. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    6,327
    Messages:
    9,929
    Likes Received:
    7,233
    Trophy Points:
    681
    It protects from malicious ps1 scripts.
    Try a Linux LiveCD and check using SpecuCheck or meltdown spectre checker at github and if you find Linux is using KVAShadow thing then I suspect Windows did something.
     
    Starlight5 likes this.
Loading...

Share This Page