Windows 11 comes with powerful built-in security features designed to protect your system from sophisticated cyber threats. Two of these critical security measures are Core Isolation and Memory Integrity. This article will guide you through the process of enabling these features to significantly strengthen your computer’s defenses against malware and ransomware attacks.
What Are Core Isolation and Memory Integrity?
Core Isolation is a security feature that protects essential Windows processes by isolating them in memory. It creates a secure, virtualized environment for these core processes, making it much harder for malicious software to interfere with critical system functions.
Memory Integrity, also known as Hypervisor-protected Code Integrity (HVCI), is a component of Core Isolation. It prevents attacks that attempt to inject malicious code into high-security processes. By verifying the integrity of drivers and system files before they’re loaded, Memory Integrity adds an extra layer of protection against advanced threats.
System Requirements for Core Isolation and Memory Integrity
Before enabling these features, ensure your system meets the following requirements:
- Windows 11 operating system
- TPM 2.0 (Trusted Platform Module)
- Secure Boot enabled
- DEP (Data Execution Prevention) support
- UEFI MAT (Unified Extensible Firmware Interface Memory Attributes Table)
- Hardware virtualization support (check your BIOS/UEFI settings)
How to Enable Core Isolation and Memory Integrity
Step 1: Open the Windows Security app by clicking the Start button, typing “Windows Security,” and selecting the app from the search results.
Step 2: In the Windows Security app, click on “Device security” in the left sidebar.
Step 3: Under the “Core isolation” section, click on “Core isolation details.”
Step 4: You’ll see a toggle switch for “Memory integrity.” If it’s off, click the switch to turn it on.
Step 5: Windows will prompt you to restart your computer to apply the changes. Save any open work and click “Restart now.”
After your computer restarts, Core Isolation and Memory Integrity will be active, providing enhanced protection for your system.
Enabling Core Isolation and Memory Integrity via Registry Editor
If you prefer using the Registry Editor to enable these features, follow these steps:
Step 1: Press Windows key + R to open the Run dialog, type “regedit,” and press Enter.
Step 2: In the Registry Editor, navigate to the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios
Step 3: Right-click on the “Scenarios” folder, select “New,” then “Key,” and name it “HypervisorEnforcedCodeIntegrity.”
Step 4: Right-click on the newly created key, select “New,” then “DWORD (32-bit) Value,” and name it “Enabled.”
Step 5: Double-click the “Enabled” value and set its data to “1” to enable Core Isolation and Memory Integrity.
Step 6: Close the Registry Editor and restart your computer for the changes to take effect.
Troubleshooting Incompatible Drivers
In some cases, you may encounter issues with incompatible drivers when trying to enable Memory Integrity. If this happens, follow these steps:
Step 1: Open the Windows Security app and navigate to the Core isolation details page.
Step 2: If there are incompatible drivers, you’ll see a message with an option to “View incompatible drivers.”
Step 3: Click on this option to see a list of drivers that are preventing Memory Integrity from being enabled.
Step 4: For each incompatible driver, visit the manufacturer’s website to check for updated versions that support Memory Integrity.
Step 5: If updates are available, download and install them, then try enabling Memory Integrity again.
Step 6: If no updates are available, you may need to uninstall the incompatible drivers or software. Be cautious when doing this, as it may affect the functionality of certain devices or programs.
Using the Memory Integrity Scan Tool
Microsoft provides a free tool called the Memory Integrity Scan Tool to check your system’s compatibility with Memory Integrity. Here’s how to use it:
Step 1: Download the appropriate version (AMD64 or ARM64) of hvciscan.exe from the Microsoft Download Center.
Step 2: Open an elevated Command Prompt or PowerShell window by right-clicking on the Start button and selecting “Windows Terminal (Admin).”
Step 3: Navigate to the folder where you downloaded hvciscan.exe using the cd command.
Step 4: Run the scan by typing “hvciscan.exe” and pressing Enter.
Step 5: Review the output to identify any incompatibilities that may prevent Memory Integrity from functioning correctly.
By enabling Core Isolation and Memory Integrity, you’ve significantly bolstered your Windows 11 system’s defenses against sophisticated malware and ransomware attacks. Remember to keep your system and drivers updated to maintain compatibility with these crucial security features.