Where the standard user-mode applications and the core Windows kernel execute.
Historically, certain third-party software suites or poorly implemented virtual machine software allocated persistent RWXcap R cap W cap X Hvci Bypass
: Any attempt to execute kernel-mode code or modify kernel-mode memory regions is rigorously checked. The code integrity checks ensure that only signed and approved drivers and code can execute in kernel mode. Where the standard user-mode applications and the core