Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment. Memory integrity is also referred to as Hypervisor-protected Code Integrity (HVCI) which is a Windows security feature that makes it difficult for malicious programs to use low-level drivers to take over your device. It is designed to prevent attacks from inserting malicious code into high-security processes. Memory integrity works by creating an isolated environment using hardware virtualization. You may want to read about the motive of this feature here.
A driver is a piece of software that lets the operating system (Windows in this case) and a device (like a keyboard or a webcam, for two examples) talk to each other. When the device wants Windows to do something it uses the driver to send that request. Here are some Drivers related guides: Upgrade Driver Automation Tool: How to automate Windows drivers with the SCConfigMgr on Windows, how to delete obsolete drivers from the Driver Store in Windows 10, how to import drivers in .exe format into Microsoft Deployment Toolkit, how to determine the version and type of a Printer Driver, and how to add Print Drivers with PowerShell, RUNDLL32, and VBScript in Windows 10.
There are some requirements for this security feature. The hardware must also support it; it cannot only operate at the software level. Your firmware needs to handle virtualization, enabling the Windows 11/10 PC to execute apps in a container without granting them access to other system components. Also, your device must comply with the standards for hardware security, including:
- UEFI MAT (Unified Extensible Firmware Interface Memory Memory Attributes Table)
- Secure Boot needs to be enabled.
- DEP (Data Execution Prevention)
- TPM 2.0 needs to be enabled.
- CPU Virtualization needs to be enabled.
- UEFI MAT and DEP should be supported if you have a reasonably new system configuration (less than 7 years old).
In this guide, I will be showing you how to turn on or off core isolation memory integrity in Windows 11. We will be enabling and disabling the Core Isolation Memory Integrity in Windows Security.
To do this, open Windows Security, and click on Device security as shown below.
Click on the Core isolation details link. Now you can
enable or disable Memory Integrity as shown below by toggling the switch to
off. As you can see, it is currently disabled. Please toggle the button on to enable it.
Once you’ve completed the steps, you will need to restart your computer to apply the new change.
Note: If memory integrity fails to turn on it may tell you that you have an incompatible device driver already installed. Check with the manufacturer of the device to see if they have an updated driver available. If they don’t have a compatible driver available, you might be able to remove the device or app that uses that incompatible driver. Otherwise, you can uninstall any incompatible drivers
You can also enable or disable Core Isolation Memory Integrity using Windows registry keys. Here are some guides relating to Windows Registry: How to add Registry keys via DISM in Windows, how to Get, Edit, Create and Delete Registry Keys via PowerShell in Windows, and how to disable IE via Group Policy or Windows Registry Settings
- Use the Windows key + R keyboard shortcut to open the Run command.
- Type regedit, and click OK to open the Registry.
- Browse the following path:
- Double-click the Enabled key.
- Set it value from 0 to 1.
- Click OK.
If you wish to disable Core memory integrity via the Windows registry, follow the same steps as above, this time.
Set the value from 1 to 0. After completing the steps, restart your computer to apply the changes.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.