Thunderbolt docking station installation currently blocked by GPO
Currently we have windows 10_1809 version and we want enable supporting Thunderbolt docking station. It’s currently blocking of PCICC_0C0A due to security reason(DMA attacks over Thunderbolt interfaces). How we can enable it without any security risk?
My understanding summary to enable this is below :
– Enable Windows Defender Core isolation -> Memory Integrity
– Support Kernel DMA Protection.
– Remove the legacy Thunderbolt Mitigation from the GPO (blocking of PCICC_0C0A)