Are there plans to re-implement hardware virtualization like some of the older versions had?
What makes you think it doesn’t currently have it? Other than they removed the option from the UI to enable enhanced protection mode, though I’m sure it can still be activated in some way.
I’m interested in learning more about this.
Enhanced Protection Mode was kind of a disaster feature. Here’s my story:
All was fine until I started using any program that required Hardware Virtualization. For e.g.: Android emulators.
Whenever I started an application that demands it, the application wouldn’t work correctly, or wouldn’t start at all, or I got BSOD.
It took me a whole day to figure out what in Lord’s name caused it. First I didn’t even understand what caused it since the crashing and broken apps didn’t give proper error output. Then one intelligent (finally) application could tell me that it had issue with accessing Hardware Virtualization. I checked my BIOS, it was enabled, should be fine.
I fed the topic to a search engine, which gave me threads about Avast and its self defense method. But I did not have Avast, and I haven’t used Avast in 10+ years. All I had was CIS. Nothing else. I started thinking, searching CIS’s documentation for “hardware virtualization”. Nothing! I thought deeper. Then I thought: what exactly is this “Enhanced Protection Mode”, what if I turn it off? And voilaa! My whole day got wasted because Comodo documentation writers did not bother to write out that EPM takes Hardware Virtualization under its own full control, so no other application, including viruses, could use it.
I wonder if the removal of EPM from CIS was because it was causing a huge headache to CIS users who also wanted to use applications which demand Hardware Virtualization. For e.g. Android emulators have got pretty popular lately. Avast also seemed to have issues with it.
It could be a useful feature for users who never require Hardware Virtualization except to give it to CIS to protect itself and the system.
Because I read multiple post in these forums with users discussing that it had been disabled in previous versions due to people having issues with it, and I don’t see any mention of it in the help files for latest versions, so I don’t have much to go off of.
Yeah, I read a bunch of posts similar to yours and based off that I feel that they might of implemented it in a hurry and didn’t document it properly, or just removed it until they have the time and resources to re-do it a bit.
Kaspersky isn’t any better, they use it for some of their features, but if you have anything running or configured in Windows settings that uses it, they just pop-up an error telling you a very generic message and give you a link to an absolutely worthless page that has ‘troubleshooting’ that doesn’t help and links to more worthless pages. To get Kaspersky hardware virtualization working, I just had to go into Add/Remove Windows features, and disable a few things, just disabling the actual features in Windows Security Center was not enough. Problem was that none of the Microsoft or Kaspersky documentation said this, so I had to troubleshoot for an hour or two until I figured it out on my own. The worse part about Kaspersky, was that it kept flagging it as an issue every time you went into certain configuration pages, so it got really annoying not knowing what was preventing it from working.
I think Comodo should take a somewhat similar route to Kaspersky, but actually provide helpful documentation on the ‘Add/Remove Windows Features’ options that compete with it, and maybe require the user to manually enable it, with a prompt saying other virtualization software won’t work, or whatever the deal with that would be.
I originally asked this question, because I saw the latest release of CIS was implementing support for new hardware features being released, and thought maybe they were also working on existing hardware virtualization support that they seem to have removed in the past.
Enhanced protection mode was available long before it used VT-x, however they removed EPM due Windows 10 limitations:
Due to increasing incompatibilities with upcoming Windows RS4 we have removed Enhanced Protection Mode(which was disabled by default) setting from HIPS ; there were advanced methods, which are no longer supported by Microsoft.
In brief, with recent Microsoft Updates, in all relevant OS, Microsoft doesn't recommend certain hooks and even if you apply, they are void and won't work. So there are OS limitations.
However the code is still available as one of the changes that was supposed to be included in the current 7098 build along with other features and fixes, was to remove VT-x support. You can probably try enabling it by importing a config from an older CIS version that had the setting both available and enabled, but they do plan to remove it in an upcoming release or they might have already removed it in 7098 without mentioning it.