What Is Core Isolation & Memory Integrity?
In this wireless-connected world, invisible potential dangers, such as malware or other types of cyber-attacks, are everywhere and they can wait and seize the right moment sneaking into your PC and bring troubles.
Some types of attack can resort to kernel-level exploits that attempt to run malware with the highest privileges, such as WannaCry and Petya ransomware. This kind of attack can take control of your PC and lock down files, ask you to pay them money or something even worse.
To cope with these cyber dangers and risks, Microsoft issued this feature – Core Isolation & Memory Integrity – to provide added protection against malware and other attacks by isolating computer processes from your operating system and device.
So what is Core Isolation?
Core Isolation is a virtualization-based security that is used to protect the core parts of your device. When this feature is enabled, the supported hardware will use virtualization to create a secure area of system memory isolating certain processes and software in the PC’s memory, so that your operating system can prevent malicious code.
Core Isolation Memory Integrity can be known as another security layer that can protect important operating system processes from being tampered with by anything running outside the secure area.
For its special and powerful functions, it requires your hardware and firmware to be virtualization-supported in the way Windows 10/11 can run applications in the container and make other parts of the system inaccessible.
In the start, this feature is only available on Enterprise editions of Windows 10 but now it has been developed among Windows 10/11 PCs that meet certain hardware and firmware requirements.
If you have noticed before, this feature is set off by default in Device security and the below feature shows you the name Memory integrity, known as Hypervisor-protected Code Integrity (HVCI).
Memory integrity is a subset of Core Isolation and when it is enabled, this service can run inside the hypervisor-protected container created by Core Isolation.
With such an excellent powerful feature, you may wonder why Microsoft set it off by default. According to the feedback of users, this feature can, more or less, dip down your PC performance and the compatibility issue with drivers becomes the biggest hamper.
This feature has high requirements for your device drivers and software. You must ensure your device drivers and Windows applications compatible with the Core Isolation feature.
Once one of your startup drivers has some issues with the feature, it will be disabled automatically so that the next operations can run well. That’s why you find it is off after the startup even though you have manually enabled it.
Besides, some people find that some devices or software will run into troubles after enabling Core Isolation. Under the circumstances, you can check for updates for this device or software.
And you need to notice that some applications can’t run with the Core Isolation feature, such as virtual machines or debuggers. These applications will ask exclusive access to the system’s virtualization hardware and that is forbidden in the Core Isolation-enabled situation.
Enable/Disable Core Isolation Memory Integrity
After knowing all its powerful and effective function, what should you do to enable Core Isolation and Memory Integrity? As we mentioned above, to run this feature, you need to make your PC drivers and applications compatible. So, please make sure your device complies with the standards for hardware security.
- TPM 2.0 (Trusted Platform Module 2.0) and DEP (Data Execution Prevention) need to be enabled.
- UEFI MAT (Unified Extensible Firmware Interface Memory Attributes Table) should be supported.
- Secure Boot needs to be enabled.
Then you can follow the next parts to finish the requirements and enable Core Isolation Memory Integrity.
1. Enable CPU Virtualization
CPU virtualization allows a single CPU to be divided into multiple virtual CPUs for use by multiple VMs and enables a single processor to behave as if it were several separate CPUs.
To enable CPU virtualization, you need to enter the BIOS by pressing the dedicated key after you boot the PC up and see the initial screen.
Note: The key you hit depends on the manufacturer. Esc, Delete, F1, F2, F10, F11, or F12 are frequently used keys.
Then go to the Advanced tab at the top of the screen and click on CPU configuration.
If you are using AMD CPU, please enable SVM Mode from Advanced settings; if you are using Intel CPU, please enable the option is labeled Intel Virtualization Technology.
After that, you can switch to the Exit tab to save your changes and re-boot your PC. For the next part, you still need to enter BIOS so you can press the key in an appropriate time after the boot.
2. Enable Secure Boot
Secure Boot is designed to ensure that only trusted software can be executed on the system. It can prevent viruses and other malicious software from running on the system.
To enable Secure Boot, you still need to enter the BIOS screen, move to the Boot tab on the top menu, and turn on the Secure Boot option. Then save your changes and reboot your PC to continue the next part.
If you need more information about enable and disable Secure Boot, you can read this post: What Is Secure Boot? How to Enable and Disable It in Windows.
3. Enable TPM 2.0
TPM 2.0 is used to provide hardware-based, security-related functions. This tool can be applied in many features, such as Windows Hello for identity protection and BitLocker for data protection. It can help generate, store, and limit the use of cryptographic keys.
To enable TPM 2.0, there are two situations you can check.
1. Check it in your TPM Management
Step 1: Open the Run dialog box by pressing Win + R and input tpm.msc to enter the Trusted Platform Module (TPM) Management window.
Step 2: Once the window opens, it will show you the status or you can click on the Status section to verify it.
There are three possible messages appear on the screen. Please decide the next move based on your situation.
- TPM is ready for usage – It means TPM 2.0 is already activated and no further action is needed.
- TPM is not supported – It means your motherboard doesn’t support this tool.
- Compatible TPM cannot be found – It means TPM is supported but not activated in your BIOS or UEFI settings. In this way, please follow the next steps to enable the feature in BIOS.
2. Enable TPM in BIOS
You need to enter BIOS by steps as we have mentioned and switch to the Security tab at the top. After locating the option of TPM, enable it.
Note: The name of TPM will change with the different manufacturers of your motherboard, for example, on Intel hardware, it names Intel Platform Trust Technology.
At last, save your changes and exit to restart your PC. Now, you can start enabling Core Isolation & Memory Integrity.
Enable Core Isolation Memory Integrity via Windows Security
Enabling Core Isolation via Windows Security is the simplest method and before you start doing that, you’d better download and install any pending Windows update in case of any incompatibility issues.
Step 1: Open the Run dialog box, input windowsdefender: inside, and press the Ctrl + Shift + Enter key to open Windows Defender with admin access.
Step 2: Once the window opens, please go to the Device security tab and in the next screen, click on Core isolation details under Core isolation.
Step 3: Then under Core isolation, a toggle will show and you can turn the toggle on to enable Memory integrity.
You can also disable Core Isolation and Memory Integrity via this setting.
Enable Core Isolation Memory Integrity via Registry Editor
Another method to enable Core Isolation is using Registry Editor. It is more complicated than using Windows Security but if that method can’t work, you can go to try this one.
Note: Registry Editor is quite important in Windows so don’t casually change or delete any key. In case of accident, it is recommended to back up registry or create a restore point before any change on it.
Step 1: Open Run and type regedit to enter.
Step 2: When the Registry Editor window opens, copy the following path and paste it into the nave bar at the top and press Enter to locate it.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios
Step 3: Right-click on the Scenarios key and choose New > Key to create the new key named as HypervisorEnforcedCodeIntegrity.
Step 4: Then right-click on the new key HypervisorEnforcedCodeIntegrity and choose New > DWORD (32-bit) Value to create a DWORD named as Enabled.
Step 5: Double-click on Enabled and the Value data is set as 0 by default, which means the feature is disabled; to enable it, you can set the Value data as 1 and click OK to save the change. At last, restart your computer.
MiniTool ShadowMaker
It is recommended to turn the Core Isolation feature on as long as your Windows device can meet the basic requirements to run the feature. Faced with the increasingly emerging cyber-attacks, you need Core Isolation, such a powerful tool, to help prevent those risks.
However, not all computers can run this feature successfully but, fortunately, you can use other tools to protect your data from malware attacks. In this way, backup can be your alternative.
MiniTool ShadowMaker, as a professional backup tool, offers a variety of backup schemes – differential, incremental, and full backup – to meet your demands and provides the backup schedule feature to save your energy.
Go to download and install this program and a free 30-day trial version will be available.
MiniTool ShadowMaker TrialClick to Download100%Clean & Safe
Step 1: Open the program and click Keep Trial.
Step 2: In the Backup tab, choose your backup source and destination. It is highly advised that save your backup on an external hard drive.
Step 3: Then you can click Back Up Now to start the task.
Further Reading: Can’t Enable Core Isolation?
If you have followed the above methods and checked all the requirements, you still can’t turn the Core Isolation on or the feature greyed out, you can try the following methods.
- Restart your computer.
- Check for corrupt system files and bad or damaged system images by using SFC scan and following up with DISM scan.
- Reset the Windows Security app.
- Update drivers and Windows.
- Clean install Windows.
Bottom Line:
The feature – Core Isolation & Memory Integrity – is essentially important in safeguarding your computer security, especially preventing those kernel-level exploits that attempt to run malware with the highest privileges. It is recommended to turn it on and have a backup plan for your important data.
If you have encountered any issues when using MiniTool ShadowMaker, you can leave a message in the following comment zone and we will reply as soon as possible. If you need any help when using MiniTool software, you may contact us via [email protected].
User Comments :