Windows Security’s primary function is to protect a system by providing antivirus software, a reliable firewall, and other security functionalities. Under Device Security, the built-in Windows Security suite includes Core Isolation. This key feature isolates system processes by leveraging virtualization-based security (VBS). In this blog, we will discuss how to manage this important feature and why it is necessary to turn Core Isolation VBS on or off.
What is Core Isolation Memory Integrity?
Memory Integrity, a component of Core Isolation, is a security feature that helps prevent malicious code infiltration in high-security system areas. It uses hardware virtualization and Hyper-V to block untrusted codes, strengthening Windows’ protection from malware.
Methods to turn off Memory Integrity
-
Using Windows Security settings
-
-
Open Windows Security:
-
-
-
- Press Win + I to open Settings.
- Click Update & Security > Windows Security.
- Click Open Windows Security in the right pane.
-
-
-
Go to Core Isolation settings:
-
-
-
- Click Device Security in the left panel.
- Click Core isolation details under the Core isolation section.
-
-
-
Turn off Memory Integrity:
-
-
-
- Toggle Memory Integrity to Off.
-
-
-
Confirm the change:
-
-
-
- Click Yes if prompted by User Account Control (UAC).
-
-
-
Restart Your Computer
-
-
-
- A restart is required for the changes to take effect.
-
-
Using the Registry Editor (Regedit)
-
-
Open Registry Editor:
-
-
-
- Press Win + R, type regedit, and click OK.
- Click Yes on the User Account Control (UAC) prompt.
-
-
-
Navigate to the registry key:
-
-
-
- Go to:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
- Go to:
-
-
-
Modify the registry entry:
-
-
-
- Locate the Enabled DWORD value.
- Double-click it and change the value to 0 to disable Memory Integrity.
-
-
-
Save and apply the changes:
-
-
-
- Close Registry Editor.
-
-
-
Restart Your Computer:
-
-
-
- Reboot your PC to apply the new settings.
-
-
Using Group Policy Editor
-
-
Open Group Policy Editor:
-
-
-
- Press Win + R, type gpedit.msc, and click OK.
-
-
-
Navigate to Device Guard Policies:
-
-
-
- Go to Computer Configuration > Administrative Templates > System > Device Guard
-
-
-
Disable Hypervisor-enforced code integrity:
-
-
-
- Double-click Turn on Virtualization Based Security.
- Select Disabled.
-
-
-
Apply the policy change:
-
-
-
- Click Apply > OK to save the settings.
-
-
-
Restart your computer:
-
-
-
- A reboot is required for the changes to take effect.
-
-
Using Command Prompt
-
-
Open Command Prompt as Administrator:
-
-
-
- Press Win + S, type cmd, right-click Command Prompt and select Run as administrator.
-
-
-
Run the command to turn off Memory Integrity:
-
-
-
- Type the following command and press Enter:
- reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity” /v Enabled /t REG_DWORD /d 0 /f
- Type the following command and press Enter:
-
-
-
Restart your computer:
-
-
-
- Reboot your PC to apply the changes.
-
-
Using PowerShell
-
-
Open PowerShell as Administrator:
-
-
-
- Press Win + X and click Windows PowerShell (Admin).
-
-
-
Run the command to turn off Memory Integrity:
-
-
-
- Type the following command and press Enter:
- Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity” -Name Enabled -Value 0
- Type the following command and press Enter:
-
-
-
Restart your computer:
-
-
-
- Reboot your PC to apply the changes.
-
Why disable Core Isolation Memory Integrity
While Core Isolation Memory Integrity enhances Windows security, there are some instances where Core Isolation Memory Integrity is disabled.
- Incompatible drivers: Enabling the feature may render some device drivers and any older software dysfunctional.
- System performance issues: Slowdowns may occur in older hardware when Core Isolation Memory Integrity is turned on. The issue may be rooted in resource-heavy processes required for virtualization-based security.
- Troubleshooting: Turning off the Core Isolation Memory Integrity feature may improve the resolution of software or hardware issues.
Security risks when disabling Memory Integrity
Disabling Core Isolation Memory Integrity may expose your system to vulnerabilities, leading to security risks such as the following:
- Kernel-level attacks and rootkit installations: Kernel-level attacks exploit weaknesses in the Windows kernel. These attacks usually involve unauthorized rootkit installations designed to conceal their presence, challenging detection and removal.
- Unauthorized code execution: Since the feature focuses on preventing malicious code infiltrations, turning Core Isolation Memory Integrity off may let unverified codes run in privileged areas of the system, making the system less resistant to malware attacks.
- Weakened system security: Disabling Core Isolation Memory Integrity may reduce the efficacy of Windows Defender and other security features.
How to check Core Isolation Memory Integrity status
Verifying the Core Isolation Memory Integrity feature’s status is a straightforward process. Here’s how:
- Open Windows Security by searching for it in the Start menu.
- Click Device Security on the left panel.
- Select Core Isolation Details.
- Check if Memory Integrity is turned On or Off.
- If there are any warnings about incompatible drivers, resolve them before enabling Memory Integrity.
Troubleshooting issues when disabling Memory Integrity
If instructions are followed promptly, managing Core Isolation Memory Integrity is straightforward. However, some may encounter issues that impact the operation. Here are some of the most common issues and their solutions.
-
Memory Integrity toggle is grayed out
When the option to turn on or off Core Isolation Memory Integrity is grayed out in Windows Security, users may be unable to configure the feature’s settings.
Solution: If Core Isolation Memory Integrity is disabled in Security Settings, you can modify the feature’s settings through other methods, such as Registry Editor or Group Policy Editor.
-
Can’t disable due to system policies
Certain system policies may hinder users from changing the Core Isolation Memory Integrity settings.
Solution: Ensure you have Administrator privileges when changing Core Isolation Memory Integrity settings. You can log in to an Administrator profile or open an elevated PowerShell or Command Prompt. Additionally, you can Modify Group Policy settings to override restrictions. You can also use Registry Editor to disable Memory Integrity manually.
-
Memory Integrity re-enables after reboot
Restarting your computer is an essential step for the changes in the settings you made in Core Isolation Memory Integrity to take effect. However, there are times when Memory Integrity re-enables after reboot.
Solution: You can configure the Core Isolation Memory Integrity settings using Group Policy to disable Virtualization-Based Security. Meanwhile, some antivirus or endpoint security solutions may also have Memory Integrity settings that you can configure. Lastly, software or operating system updates may re-enable some security features, including Core Isolation Memory Integrity settings you previously turned off. For this, you can manually check the settings and disable them again.
Security considerations & best practices
As established, security risks are imminent when turning off Core Isolation Memory Integrity. Maintaining consistent protection is a conscious way to keep your system secured when a workflow calls for disabling Core Isolation Memory Integrity settings. Here are some best practices you can follow:
- Keep Windows Defender and Secure Boot turned on. Windows Defender protects your system from active threats such as malware attacks and others. While Secure Boot prevents malicious software from loading during startup.
- Utilize the Trusted Platform Module (TPM) to enhance security functionalities. The feature is a hardware-based tool that improves system encryption and authentication, helping secure Windows features such as Windows Hello and BitLocker.
- Ensure that Windows consistently receives important updates. You should not skip updates like bug fixes and patches since they help protect the system against vulnerabilities.
- In addition to Windows, your device drivers should also stay up-to-date so they won’t cause compatibility issues. Only update drivers through the Device Manager or the device manufacturer’s website.
Core Isolation Memory Integrity FAQs
-
What happens if I disable Memory Integrity?
Some IT operations may require disabling Memory Integrity. While it’s needed, it can reduce system protection against advanced malware.
-
Does disabling Memory Integrity affect gaming performance?
It may improve performance slightly on older hardware but has minimal impact on modern systems.
-
Can I turn it back on later without issues?
Yes, you can enable it again via Windows Security or Registry Editor. See the steps above.
-
How do I check for incompatible drivers before disabling Memory Integrity?
You can check for incompatible drivers by navigating to Windows Security > Device Security tab > Core Isolation and look for warnings about incompatible drivers.
-
Is disabling Memory Integrity necessary for certain software or applications?
Some old systems and legacy software or drivers may require the feature to be turned off, but modern applications generally work with it enabled.
Managing Core Isolation Memory Integrity
Maintaining security has always been the vital purpose of Core Isolation Memory Integrity. Given how crucial the benefits of this feature are, turning it off may have significant implications for a system’s security in general. It’s important to take precautions when managing Core Isolation Memory Integrity and understand the risks associated with disabling it.
