Privacy and Security Enable or Disable Core Isolation Memory Integrity in Windows 11


  • Staff
Windows_Security_banner.png

Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.

Memory integrity, also known as Hypervisor-protected Code Integrity (HVCI) is a Windows security feature that makes it difficult for malicious programs to use low-level drivers to hijack your computer. It is designed to prevent attacks from inserting malicious code into high-security processes.

A driver is a piece of software that lets the operating system (Windows in this case) and a device (like a keyboard or a webcam, for two examples) talk to each other. When the device wants Windows to do something it uses the driver to send that request.

Memory integrity works by creating an isolated environment using hardware virtualization.

In most cases memory integrity is on by default in Windows 11.

See also:

In the most recent Insider Preview builds, Windows will notify the user that the Memory integrity feature is currently turned off so that action can be taken for the user to turn it back on so that their device is as secure as possible against malicious attacks.

This tutorial will show you how to turn on or off core isolation memory integrity in Windows 11.


You must be signed in as an administrator to turn on or off core isolation memory integrity.

Core isolation memory integrity requires CPU virtualization turned on.



Contents

  • Option One: Turn On or Off Core Isolation Memory Integrity in Windows Security
  • Option Two: Turn On or Off Core Isolation Memory Integrity using REG file




Option One

Turn On or Off Core Isolation Memory Integrity in Windows Security


1 Open Windows Security.

2 Click/tap on Device security on the left side, and click/tap on the Core isolation details link on the right side. (see screenshot below)

Core_isolation_Memory_integrity-1.png

3 Turn on (default) or off Memory integrity for what you want. (see screenshot below)

If memory integrity fails to turn on it may tell you that you have an incompatible device driver already installed. Check with the manufacturer of the device to see if they have an updated driver available. If they don’t have compatible driver available, you might be able to remove the device or app that uses that incompatible driver.

Incompatible_Drivers.png

Note: If you try to install a device with an incompatible driver after turning on memory integrity, you may see the same message. If so, the same advice applies - check with the device manufacturer to see if they have an updated driver you can download, or don’t install that particular device until a compatible driver is available.


Core_isolation_Memory_integrity-2.png

4 If prompted by UAC, click/tap on Yes to approve.

5 Restart the computer to apply. (see screenshots below)

Core_isolation_Memory_integrity-3.png
notification.png




Option Two

Turn On or Off Core Isolation Memory Integrity using REG file


1 Do step 2 (on) or step 3 (off) below for what you want.


2 Turn On Core Isolation Memory Integrity

This is the default setting.


A) Click/tap on the Download button below to download the REG file below, and go to step 4 below.​

Turn_ON_Core_isolation_Memory_integrity.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000001

3 Turn Off Core Isolation Memory Integrity

A) Click/tap on the Download button below to download the REG file below, and go to step 4 below.​

Turn_OFF_Core_isolation_Memory_integrity.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000000

4 Save the .reg file to your desktop.

5 Double click/tap on the downloaded .reg file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 Restart the computer to apply.

8 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink
 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 23
  • Turn_OFF_Core_isolation_Memory_integrity.reg
    702 bytes · Views: 33
  • Turn_ON_Core_isolation_Memory_integrity.reg
    702 bytes · Views: 36
Last edited:

JMedlock83

Former NWS Storm Spotter
Member
VIP
Local time
9:06 AM
Posts
636
Location
Van Buren, AR
OS
Windows 11 Pro x64 v22621.1
Is it 100% safe to turn off? Does it use any Memory, etc?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 v22621.1
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 1800X
    Motherboard
    Asus Crosshair VI Hero
    Memory
    16GB
    Graphics Card(s)
    AMD Radeon R290
    Sound Card
    On Board
    Monitor(s) Displays
    Pavilion 27xi
    Screen Resolution
    1920X1080
    Hard Drives
    WD 500GB SSD
    3TB WD Red HDD (extra storage)
    PSU
    Apevia 1100 Watt Worlock
    Case
    NZXT
    Cooling
    Air Cooling
    Keyboard
    Logitech K860
    Mouse
    Logitech MX
    Internet Speed
    150Mbps/25Mbps
    Browser
    Edge/Chrome
    Antivirus
    Pfizer + Booster
  • Operating System
    Windows 10 Pro x64
    Computer type
    PC/Desktop
    CPU
    AMD FX 8350
    Motherboard
    Asus Crosshair V Formula Z
    Memory
    16GB
    Graphics card(s)
    AMD Radeon R290
    Sound Card
    On Board
    Monitor(s) Displays
    AOC 27"
    Screen Resolution
    1920X1080
    Hard Drives
    250GB Intel SSD
    500GB Seagate
    PSU
    Cougar CMX 1000w
    Cooling
    Air Cooling
    Mouse
    MX Master
    Keyboard
    Microsoft Ergonomic 4000
    Internet Speed
    150Mbps/5Mbps
    Browser
    Edge/Chrome
    Antivirus
    Malwarebytes

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
9:06 AM
Posts
4,159
OS
Windows 11 Pro for Workstations
Is it 100% safe to turn off? Does it use any Memory, etc?
Hello mate, :)

It's safer to leave it turned on for better security.

I doubt there will be any noticeable difference in performance when comparing it turned on and off.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

Bree

Well-known member
Pro User
VIP
Local time
3:06 PM
Posts
2,736
Location
S/E England, UK
OS
Windows 11 Home
In most cases memory integrity is on by default in Windows 11
If it is not enabled by default, then the most likely reason is that one or more drivers are not compatible. To find out which they may be try turning on Memory integrity with Option One. Any incompatible drivers will be listed.

windows-security-vbs-incompatible-drivers-png.17219
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB HDD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.
Top Bottom