Windows 10: Turn On or Off Core Isolation Memory Integrity in Windows 10  

Page 1 of 11 123 ... LastLast
    Turn On or Off Core Isolation Memory Integrity in Windows 10

    Turn On or Off Core Isolation Memory Integrity in Windows 10

    How to Turn On or Off Core Isolation Memory Integrity in Windows 10
    Published by Category: Security System
    24 May 2018
    Designer Media Ltd

    Published by


    Brink's Avatar
    Administrator

    Posts: 29,999

    Show Printable Version 


    How to Turn On or Off Core Isolation Memory Integrity in Windows 10


    The Windows 10 Creators Update introduced a new experience called the Windows Defender Security Center to make it is easier for you to view and control the security protections you choose and better understand the security features already protecting you on your Windows 10 device.

    Starting with Windows 10 build 17093, the Device security page was added to the Windows Defender Security Center that provides you with status reporting and management of security features built into your devices including toggling features on to provide enhanced protections.

    One Device security is Core isolation that provides virtualization-based security features to protect core parts of your device.

    Memory integrity is a security feature of Core isolation that prevents attacks from inserting malicious code into high-security processes.

    See also: Windows Defender System Guard: Making a leap forward in platform security with memory integrity - Microsoft Tech Community - 167303

    It is required to have Virtualization enabled for your CPU in your UEFI firmware settings to have Core isolation Memory integrity available.
    Name:  virtualization.jpg
Views: 21262
Size:  97.1 KB

    This tutorial will show you how to turn on or off the Core isolation Memory integrity Device security feature of Windows Defender Security Center in Windows 10.

    You must be signed in as an administrator to turn on or off Memory integrity.


     CONTENTS:

    • Option One: Turn On or Off Core Isolation Memory Integrity in Settings
    • Option Two: Turn On or Off Core Isolation Memory Integrity using a REG file





    Turn On or Off Core Isolation Memory Integrity in Windows 10 OPTION ONE Turn On or Off Core Isolation Memory Integrity in Windows 10
    Turn On or Off Tabs in apps (Sets) in Settings

    1. Open the Windows Defender Security Center, and click/tap on the Device security icon. (see screenshot below)

    Name:  Windows_Defender_Memory_integrity-1.jpg
Views: 23997
Size:  51.5 KB

    2. Click/tap on the Core isolation details link. (see screenshot below)

    Name:  Windows_Defender_Memory_integrity-2.png
Views: 23983
Size:  46.6 KB

    3. Turn On (default) or Off Memory integrity for what you want. (see screenshots below)

    Name:  Windows_Defender_Memory_integrity-4.png
Views: 23932
Size:  39.6 KB Name:  Windows_Defender_Memory_integrity-3.png
Views: 23899
Size:  39.6 KB

    4. Click/tap on Yes when prompted by UAC.

    5. Restart the computer to apply. (see screenshots below)

    Name:  Windows_Defender_Memory_integrity-6.png
Views: 23929
Size:  37.8 KB Name:  Windows_Defender_Memory_integrity-5.png
Views: 23951
Size:  38.1 KB






    Turn On or Off Core Isolation Memory Integrity in Windows 10 OPTION TWO Turn On or Off Core Isolation Memory Integrity in Windows 10
    Turn On or Off Core Isolation Memory Integrity using a REG file


    The downloadable .reg files below will modify the DWORD value in the registry key below.

    Code:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity

    Enabled DWORD

    0 = Off
    1 = On


    1. Do step 2 (on) or step 3 (off) below for what you would like to do.


     2. To Turn On Core Isolation Memory Integrity

    This is the default setting.

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Turn_ON_Core_isolation_Memory_integrity.reg

    download


     3. To Turn Off Core Isolation Memory Integrity

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Turn_OFF_Core_isolation_Memory_integrity.reg

    download

    4. Save the .reg file to your desktop.

    5. Double click/tap on the downloaded .reg file to merge it.

    6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    7. Restart the computer to apply.

    8. If you like, you can now delete the downloaded .reg file.


    That's it,
    Shawn



  1.    22 Mar 2018 #1

    first of all excuse me for my english but i have some questions.
    So, if i don't misunderstand the MS article, device that meet the minimum requirements have (part of) VBS enabled by default regardless of the type of installation (clean or upgrade) while HVCI depends on the type of installation performed?

    Example (assuming that the device meets the minimum requirements):
    clean install→VBS, HVCI on
    upgrade→
    VBS on, HVCI off (even if it can be turned on post upgrade via memory integrity switch)
    Last edited by Ita1; 25 Mar 2018 at 11:33.
      My ComputerSystem Spec


  2. Posts : 29,999
    64-bit Windows 10 Pro build 17692
    Thread Starter
       22 Mar 2018 #2

    Hello Ita1, :)

    I'm not sure either, but this setting has always been turned off by default for me so far.
      My ComputersSystem Spec

  3.    22 Mar 2018 #3

    this setting = VBS, right?

    What's the meaning
    than of "for older systems, customers will have the ability to opt in post upgrade using [...]"?

    Older system=upgrade?
      My ComputerSystem Spec


  4. Posts : 29,999
    64-bit Windows 10 Pro build 17692
    Thread Starter
       22 Mar 2018 #4

    Yes, core isolation is VBS.

    The line below means that they will be able to set it like in the tutorial.

    ...for older systems, customers will have the ability to opt in post upgrade using the UI in Windows Defender Security Center (WDSC).
      My ComputersSystem Spec

  5.    22 Mar 2018 #5

    txs for your kind reply Brink!
    Brink said: View Post
    Yes, core isolation is VBS.
    right
    The line below means that they will be able to set it like in the tutorial.
    yes but for devices that meet the minimum requirements otherwise the reliance on hardware would be useless.
    So, i think that older system should be explained as "system that come from an older branch" (eg 10 FCU) otherwise it doesn't make sense...
      My ComputerSystem Spec


  6. Posts : 20,818
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       10 Apr 2018 #6

    From the article you linked Shawn:
    While hypervisor-protected code integrity compliance has been a requirement for all drivers since Windows 10 Anniversary Update (1607), some drivers may still not be compatible. This may cause devices or software to malfunction. Such issues may occur after Memory integrity protection has been turned on or during the enablement process itself. If you’re an application developer and want to validate if your drivers and software packages are compliant with memory integrity, you can follow the steps outlined here.
    We worked hard to mitigate impacted experiences, so if an incompatibility exists for a boot-critical driver, Memory integrity protection will be silently turned off. If you encounter incompatibilities with other apps, Microsoft advises that you check for updates for the specific app and version encountering the issue before turning off memory integrity protection. The following links show some examples of commonly-used APIs that cause executable memory to be allocated, along with some example fixes:
    My Logitech webcam is one of those drivers that doesn't work now, with this turned on.

    But, Microsoft provides their own generic drivers for webcams(in Device Manager), just basic ones with no frills, but enough to work in Skype.

    Samsung and Logitech are notorious for not updating their certificates, so it is to be expected I guess
      My ComputersSystem Spec


  7. Posts : 29,999
    64-bit Windows 10 Pro build 17692
    Thread Starter
       10 Apr 2018 #7

    Thank you for the heads up Cliff. :)
      My ComputersSystem Spec


  • Posts : 20,818
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       10 Apr 2018 #8

    Your welcome Shawn.
    I have upgraded my main system to the RP(yeah I couldn't wait) and now have the option, and turned it on.
    If the generic driver hadn't worked, I would have turned it off, but I don't need any of the extra features anyhow.
    By the way, one will need to do the same for the web cams mic also.
      My ComputersSystem Spec


  • Posts : 29,999
    64-bit Windows 10 Pro build 17692
    Thread Starter
       11 Apr 2018 #9

    Hmm, this below is what I'm seeing in Windows 10 build 17639.

    I'm unable to turn off "Memory integrity", but I do not have any group policies configured despite the red message below.

    Name:  Core_isolation_build_17639.jpg
Views: 21229
Size:  35.9 KB
      My ComputersSystem Spec


  •  
    Page 1 of 11 123 ... LastLast

    Tutorial Categories

    Turn On or Off Core Isolation Memory Integrity in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Xbox Windows Phone


    Related Threads
    Microsoft 'Windows Core OS' aims to turn Windows 10 into a modular platform for the future 155644 Source: Windowscentral.com
    If I copy a folder full of files does Windows check the integrity of the transfer to make sure that no 1s turned into 0s or whatever?
    Just yesterday when i changed my pc case out, i noticed my fans spinning a lot faster than usual, i checked my windows task manager and noticed a "Windows Audio Device Graph Isolation" adding a 15% cpu load totaling 30% with all other processes. the...
    Win 10 AU may turn 'off' Virtual Memory in Windows Updates and Activation
    Just a note . . . while fixing the 'Restore' being turned off on my relatively old/slow mechanical HD machine, thought I should check to see if any other global settings were altered by the AU, and found my Virtual Memory settings were altered to...
    Anyone out there who can tell me what to do to prevent Event Log errors reading as follows: They all start with the same: Microsoft-Windows-CodeIntegrity Code Integrity determined that a process...
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 02:35.
    Find Us