Windows 11 Core Isolation/Memory Integrity Question


mccnavy

Active member
VIP
Local time
8:15 AM
Posts
177
Visit site
OS
Windows 11
Recently, on my laptop I noticed that Windows 11 Core Isolation (and Memory Integrity) were not an option under Device Security. I had thought I saw them before so I looked online. I read that in order for the feature to be active I needed Virtualization enabled. I enabled it in BIOS and, indeed, the options returned and showed active. Why do you need virtualization enabled for this feature if not running VM? Also, I had (2) options...one for Intel Virtualization Technology and one for Virtualization Technology for Directed I/O. Which ones should I have enabled...I assume the Intel VT for Windows Security...but I don't use VM...do I need the I/O setting enabled? Thanks.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB

Brink

Administrator
Staff member
MVP
Local time
8:15 AM
Posts
7,409
Visit site
OS
Windows 11 Pro for Workstations
Hello, :-)

You would need to enable CPU virtualization like below first.


Afterwards, you should be able turn on Memory Integrity like below if you do not have any incompatible drivers preventing it.

 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    1TB Samsung 980 PRO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

geneo

Well-known member
Power User
VIP
Local time
9:15 AM
Posts
3,059
Visit site
OS
Windows 11 Pro x64
Recently, on my laptop I noticed that Windows 11 Core Isolation (and Memory Integrity) were not an option under Device Security. I had thought I saw them before so I looked online. I read that in order for the feature to be active I needed Virtualization enabled. I enabled it in BIOS and, indeed, the options returned and showed active. Why do you need virtualization enabled for this feature if not running VM? Also, I had (2) options...one for Intel Virtualization Technology and one for Virtualization Technology for Directed I/O. Which ones should I have enabled...I assume the Intel VT for Windows Security...but I don't use VM...do I need the I/O setting enabled? Thanks.

It uses a hypervisor protected container to segregate and protect the code integrity checking of device drivers.
It does affect performance slightly.
You want the Intel.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900K, 5.2 GHz all-core
    Motherboard
    Asus ROG Maximus Hero XIII Wifi
    Memory
    64GB (2x32) G.skill TridentZ RGB 4266 MHz CL18
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P14 nvme, Samsung 980 1TB nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    370 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

mccnavy

Active member
VIP
Thread Starter
Local time
8:15 AM
Posts
177
Visit site
OS
Windows 11
Should I have both of the virtualization settings enabled, or is only the non-I/O setting required? Both are Intel labeled.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB

Latest Support Threads

Top Bottom