To improve Windows security, follow the below steps to disable or enable the Core Isolation Memory Integrity feature in Windows 10.
Back in Windows 10 v1803, Microsoft introduced a new feature called Core Isolation and Memory Integrity. Previously, these features are only available to Enterprise edition users. As you can guess from the name itself, these are the new virtualization-based security features designed to protect Windows from sophisticated attacks.
Core Isolation allows Windows to create a virtual secure area of system memory that is completely isolated from the rest of the system. This is where Windows runs important system processes. Even if the system is compromised, the malware or virus cannot mess with protected processes due to the isolation.
Memory Integrity is part of Core Isolation. When enabled, Windows isolates and runs the Code Integrity Service in a hypervisor-protected container. Due to this, malware cannot tamper the code integrity check which in turn makes it almost impossible to tamper with low-level code. In case you don’t know, code integrity checks are required by Windows for all code (like drives) that run at low-level kernel mode.
So, without further ado, follow the below steps to disable or enable Core Isolation and Memory Integrity features in Windows 10.
To enable Core Isolation and Memory Integrity features, your system needs to meet the below system requirements. If your system did not meet one or more requirements, you cannot enable the features.
- Your motherboard should have a TPM 2.0 chip (Trusted Platform Module). This chip is required for encryption and hardware authentication.
- The system should be 64-bit.
- Your CPU should support hardware virtualization and it should be enabled in the BIOS settings.
Once you confirm your system meets all the above requirements, follow the below steps.
Enable Core Isolation and Memory Integrity
The Core Isolation feature is enabled by default if your system is 64-bit and supports the hardware virtualization feature. However, you have to manually enable the Memory Integrity feature.
1. The Core Isolation and Memory Integrity features are both available in the Windows Security Center. So, open the Start menu, search for “Windows Security” and click on the result. This action will open the Windows Security Center.
2. In the Security Center, click on the “Device security” option appearing on the left panel or right panel.
3. Here, if the Core Isolation is enabled, you will see “virtualization-based security protects the core part of your device“.
4. To enable Memory Integrity, click on the “Core isolation details” link.
5. On this page, toggle the switch under “Memory Integrity” to “On” position.
If your device supports Memory Integrity feature, it will turn on. Otherwise, Windows will show, “Memory integrity can’t be started” notification.
That is all. It is that simple to enable Core Isolation and Memory Integrity feature in Windows. If you want to disable the feature, all you have to do is toggle the switch to “Off” position in step 5.
Do keep in mind that because of how Memory Integrity feature works, some applications, especially older ones, might misbehave or not work properly. If that’s the case, disable the Memory Integrity feature.
I hope that helps. If you are stuck or need some help, comment below and I will try to help as much as possible.