How to Check if your Windows System supports Kernel DMA Protection

Direct Memory Access (DMA) attacks have become a real threat to Computer Systems that have Thuderbolt 3 ports on them. This particular attack results in leakage of sensitive information residing on your Computer.

DMA attacks can also inject malwares on your PC which allows hackers to control your PC remotely or bypass the login screen.

In Windows 10 version 1803, a new feature has been added by Microsoft called Kernel DMA Protection that defends your PC against DMA attacks triggered by PCI hot plug devices connected to your PC’s Thunderbolt 3 ports.

What is a Thunderbolt 3 Port?

Thunderbolt 3 technology was introduced in 2016 as a means to deliver connection speeds up to 40Gbps, which is double the speed of USB 3.1. It also features USB speeds up to 10Gbps and can connect two 4k displays. A Thunderbolt 3 port also supports DisplayPort 1.2, HDMI 2.0 and 10GbE fast Ethernet.

Thunderbolt 3 uses the USB-C connection to combine the qualities of both technologies in one powerful port. The new USB 4 will include the Thunderbolt 3 specification in itself. In other words, all USB 4.x ports will have Thunderbolt 3 capability.

How to check if my PC has USB-C Port or Thunderbolt 3 port?

To distinguish between the USB-C port and a Thunderbolt3 port, look for the lightning bold symbol beside the port. If there is the Lightning bolt symbol, it means that the port is Thuderbolt3 capable.

Thunderbolt 3 port

How to Check for Kernel DMA Protection feature?

Here’s how you can determine if your Windows PC supports the Kernel DMA protection feature:

Open the Run windows and type msinfo32 and press Enter.

msinfo32

This will open the System Information Window. Now you need to find the Kernel DMA Protection option in the list and check if it’s ON of OFF.

Kernel DMA Protection

If the feature is “ON” it means that your System is protected from drive by DMA attacks.

If the feature in “OFF” and Virtualization Enabled in Firmware is “YES” then it means your System does not support the protection feature.

Virtualization enabled in firmware

In case the feature is “OFF” and the Virtualization Enabled in Firmware is “NO” then do the following:

  • Reboot the System into BIOS
  • Turn ON the Intel Virtualization Technology
  • Turn ON Intel Virtualization Technology for I/O (VT-d)
  • Reboot your PC into Windows 10

Now go back to System Information and check the value of the Kernel DMA Protection. If it’s still OFF, it means your System does not support the feature.

Spread the Word

You May Also Like

About the Author: Umair

Umair specializes in System Administration (Windows, Linux), Network Security, Cyber Security and other Technology areas including Web Development Frameworks (ReactJS, NodeJS, MongoDB). He is passionate about helping people with all sorts of technical problems.

Leave a Reply

Your email address will not be published. Required fields are marked *