Our current drivers are Device Guard ready, but I wanted to see what a failure looks like, so I pulled out a version from a few years ago, loaded it on Windows 10 Enterprise with “Virtualization Based Protection of Code Integrity” enabled, and…nothing. Nothing bad, that is. I expected an earth-shattering kaboom, or at the very least an entry in the Code Integrity event log, but the driver loads and is usable.
I know this particular driver is in violation, because I can enable Driver Verifier code integrity checks and get a break in the kernel debugger every time the driver allocates. Are there no obvious runtime effects from continuing to violate these requirements, even with all the Device Guard stuff enabled? (This is a non-WHQL driver. Obviously passing the HLK these days requires getting through the HVCI test.)