Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment. Memory integrity is also referred to as Hypervisor-protected Code Integrity (HVCI) which is a Windows security feature that makes it difficult for malicious programs to use low-level drivers to take over your device. It is designed to prevent attacks from inserting malicious code into high-security processes. Memory integrity works by creating an isolated environment using hardware virtualization.
A driver is a piece of software that lets the operating system (Windows in this case) and a device (like a keyboard or a webcam, for two examples) talk to each other. When the device wants Windows to do something, it sends that request to the driver.
Here are some related guides: Upgrade Driver Automation Tool: How to automate Windows drivers with the SCConfigMgr on Windows, how to delete obsolete drivers from the Driver Store in Windows 10, how to import drivers in .exe format into Microsoft Deployment Toolkit, how to determine the version and type of a Printer Driver, and how to add Print Drivers with PowerShell, RUNDLL32, and VBScript in Windows 10.
Core Isolation Memory Integrity requirements
There are some requirements for this security feature. The hardware must also support it; it cannot only operate at the software level. Your firmware needs to handle virtualization, enabling the Windows 11/10 PC to execute apps in a container without granting them access to other system components. Also, your device must comply with the standards for hardware security, including:
- UEFI MAT (Unified Extensible Firmware Interface Memory Memory Attributes Table)
- Secure Boot needs to be enabled.
- DEP (Data Execution Prevention)
- TPM 2.0 needs to be enabled.
- CPU Virtualization needs to be enabled.
- UEFI MAT and DEP should be supported if you have a reasonably new system configuration (less than 7 years old).
Enable and disable the Core Isolation Memory Integrity in Windows Security
In this guide, I will be showing you how to turn on or off core isolation memory integrity in Windows 11. We will be enabling and disabling the Core Isolation Memory Integrity in Windows Security.
To do this, open Windows Security, and click on Device Security as shown below.
Click on the Core isolation details link. Now you can enable or disable Memory Integrity as shown below by toggling the switch to on or off.
As you can see, it is currently disabled. Please toggle the button to enable it.
Here are some exciting articles: Hyper-V Server Core Mode: How to install free Hyper-V Server on a VMware Workstation. How to fix “The module ping was not found in configured module paths, core modules are missing“, and How to check Hard Drive Health (SMART) in Windows.
Once you’ve completed the steps, you will need to restart your computer to apply the new change.
If memory integrity fails to turn on it may tell you that you have an incompatible device driver already installed. Check with the manufacturer of the device to see if they have an updated driver available.
If they don’t have a compatible driver available, you might be able to remove the device or app that uses that incompatible driver. Otherwise, you can uninstall any incompatible drivers.
Enable or Disable Core Isolation Memory Integrity via the Windows registry
You can also enable or disable Core Isolation Memory Integrity using Windows registry keys. Here are some guides relating to Windows Registry: How to add Registry keys via DISM in Windows, how to Get, Edit, Create and Delete Registry Keys via PowerShell in Windows, and how to disable IE via Group Policy or Windows Registry Settings
- Use the Windows key + R keyboard shortcut to open the Run command.
- Type regedit, and click OK to open the Registry.
- Browse the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity - Double-click the Enabled key.
- Set it value from 0 to 1.
- Click OK.
If you wish to disable Core memory integrity via the Windows registry, follow the same steps as above, this time. Set the value from 1 to 0. After completing the steps, restart your computer to apply the changes.
Upon Upgrading from Windows 10 to Windows 11. “Core Isolation” – Memory Integrity security features use virtualization-based security to protect your core operating system processes from tampering, but “Memory Protection” is off by default for users that upgrade from w10 to 11.
Why is Memory Integrity disabled by Default in Windows 11 upon Upgrade?
Note: If your device does not have compatibility issues, Memory Integrity will be enabled by default.
The main Core Isolation feature is an issue per se. Because it is disabled upon upgrade. It’s enabled on all Windows 10 PCs that can support it because there is no interface for disabling it.
However, Memory Integrity protection can cause issues with some device drivers or low-level Windows applications, which is why it’s disabled by default on upgrades. Microsoft is still pushing developers and device manufacturers to make their drivers and software compatible, which is why it’s enabled by default on new PCs and new installations of Windows 10, and 11.
Please see How to secure the Windows 10 boot process, how to run Windows Memory Diagnostics Tool on Windows, and New Windows 11 Encryption: Enhancing Security for Hybrid Work.
If one of the drivers your device requires to boot is incompatible with Memory Protection. Windows will silently turn Memory Protection off to ensure your PC can boot and work properly. So, if you try enabling it and rebooting only to find it’s still disabled, that’s why. If you encounter problems with other devices or malfunctioning software after enabling Memory Protection. Microsoft recommends checking for updates with the specific application or driver. If no updates are available, turn off Memory Protection.
I hope you found this blog post helpful on “how to enable or disable Core Isolation Memory Integrity”. If you have any questions, please let me know in the comment session.