Core isolation memory integrity disabled


badcrc

Member
Local time
2:20 AM
Posts
27
OS
Windows 11 Pro
22H2 (OS Build 22621.1)

I noticed a warning the other day about device security. I went into settings and turned memory integrity on, but it turned itself off. The culprit seems to be 3 out of date drivers -

drivers.png

last 2 are my TV tuner card and no more recent drivers are available. I believe #1 is a usb driver.

Is this any cause for concern ?
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Ryzen 3700X
    Motherboard
    Rog Strix X570-F
    Memory
    32GB
    Graphics Card(s)
    GTX 1650
    Sound Card
    Soundblaster Z
    Monitor(s) Displays
    3 * 27"
    Screen Resolution
    3 * 1080p
    Hard Drives
    EVO 860 1TB
    3 * Seagate 4TB
    PSU
    EVGA 550W
With these drivers it just means you can't turn on core isolation. I faced this problem with two drivers - Logitech webcam, and WD external disk.

The webcam was easy as without the Logitech drivers, the Windows default drivers for camera and microphone work fine. I only use the webcam for Skype and not for anything else. The WD driver appears to be only for their utilities.

So I removed all the drivers with pnputil command in admin mode, eg

pnputil /delete-driver /oem?.inf /uninstall (replace ? with the oem number)

Then you can turn on core isolation with a reboot.

After the reboot, the Logitech drivers appear in the optional updates and I use wushowhide to hide them. The WD driver only appears in this way when I plug the drive in. Again wushowhide prevents the driver install, but the drive works just fine without.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-build
    CPU
    Intel I3-10100
    Motherboard
    MSI H410M-PRO
    Memory
    16 GB
    Graphics Card(s)
    Nvidia GT 1030
    Sound Card
    Motherboard default
    Monitor(s) Displays
    Philips 27 inch
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung EVO 970 NVMe SSD 256 Gb
    Samsung QVO 870 SATA SSD 2 Tb
    PSU
    ATX 450W
    Keyboard
    Logitech
    Mouse
    Logitech Wireless
    Internet Speed
    930 Mb down / 120 Mb up
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Microsoft Office 2021 Plus
  • Operating System
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-build
    CPU
    Intel i3-8100
    Motherboard
    Gigabyte Z370 D3
    Memory
    16 Gb
    Graphics card(s)
    Nvidia GT 720
    Sound Card
    Motherboard default
    Monitor(s) Displays
    Philips 27-inch
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 960 NVMe SSD 256 Gb
    Seagate 2 Tb HDD
    PSU
    ATX 450W
    Mouse
    Logitech Wireless
    Keyboard
    Microsoft
    Internet Speed
    930 Mb down / 120 Mb up
    Browser
    Edge
    Antivirus
    Windows Defender
Is this any cause for concern ?
Memory Integrity adds an extra layer of protection, but it requires all drivers to be compatible. It has been available in all versions of Win10 since 2018, but was turned off by default.

How-To Geek said:
This feature is a subset of Core Isolation. Windows normally requires digital signatures for device drivers and other code that runs in low-level Windows kernel mode. This ensures they haven’t been tampered with by malware. When “Memory Integrity” is enabled, the “code integrity service” in Windows runs inside the hypervisor-protected container created by Core Isolation. This should make it nearly impossible for malware to tamper with the code integrity checks and gain access to the Windows kernel.

I have memory integrity turned on wherever possible, but if it's a choice between that and uninstalling a driver you need, then you're probably safe enough without it. Malware would first have to get past the rest of your AV protection before it could come up against memory integrity.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
One thing bearing in mind is the overhead of using core isolation on older processors. As I understand it, Intel 8th and later generations of processors have hardware-assist for the virtualization, whereas older processors that support it do so via firmware emulation.

The way I found this out was by running the Prime Number test program. On my 10th generation processor it takes 9-10 seconds to generate 1m numbers, and this time is met both with and without core isolation enabled. On my wife's older PC, which has a Haswell G3450 CPU where virtualization is emulated in firmware, the figures are 35 seconds (disabled) and 3m30s (enabled). It also slows down other tasks, for example Macrium Backup of C: drive from 4.2m to 5.5m.

Perhaps this is one of the reasons why older Intel processors are not officially supported by MS for W11.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-build
    CPU
    Intel I3-10100
    Motherboard
    MSI H410M-PRO
    Memory
    16 GB
    Graphics Card(s)
    Nvidia GT 1030
    Sound Card
    Motherboard default
    Monitor(s) Displays
    Philips 27 inch
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung EVO 970 NVMe SSD 256 Gb
    Samsung QVO 870 SATA SSD 2 Tb
    PSU
    ATX 450W
    Keyboard
    Logitech
    Mouse
    Logitech Wireless
    Internet Speed
    930 Mb down / 120 Mb up
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Microsoft Office 2021 Plus
  • Operating System
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-build
    CPU
    Intel i3-8100
    Motherboard
    Gigabyte Z370 D3
    Memory
    16 Gb
    Graphics card(s)
    Nvidia GT 720
    Sound Card
    Motherboard default
    Monitor(s) Displays
    Philips 27-inch
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 960 NVMe SSD 256 Gb
    Seagate 2 Tb HDD
    PSU
    ATX 450W
    Mouse
    Logitech Wireless
    Keyboard
    Microsoft
    Internet Speed
    930 Mb down / 120 Mb up
    Browser
    Edge
    Antivirus
    Windows Defender
Back
Top Bottom