What are core isolation and memory integrity in Windows 10?

By Eunice Samson | July 9, 2018 |

greater than 4 minutes

The April 2018 Update for Windows 10 came with various new features, including Core Isolation and Memory Integrity. You might wonder, “What is Memory Integrity in Windows 10?” You might also be thinking how Core Isolation can be useful for you. Well, you’d be glad you found this article because we will answer all your questions here. We will discuss the following topics in this blog post:

  • What is Core Isolation in Windows 10?
  • What is Memory Integrity in Windows 10?
  • Some Problems with the Virtual Machine
  • Why is Memory Integrity Disabled by Default?
  • Enabling/Disabling Core Isolation Memory Integrity

What is Core Isolation in Windows 10?

When Windows 10 was originally released, virtualization-based security (VBS) features could only be found on the Enterprise versions of the operating system. However, when Microsoft rolled out the April 2018 Update, VBS security features were made available to all editions of Windows 10.

If you want to learn how to enable Core Isolation, your PC must meet the hardware and firmware requirements first. As long as you have a 64-bit CPU and TPM 2.0 chip, some of the Core Isolation features will be automatically enabled on your Windows 10 computer. Keep in mind that your PC must support Intel VT-x or AMD-V virtualization technology. Moreover, they should be enabled in your computer’s UEFI settings.

Once activated, the features will enable Windows to create a secure area of system memory, isolated from the normal operating system. In this secure area, the system can run security software and system processes, protecting them from being tampered with.

As we all know, when malware has penetrated a computer, it can crack the Windows processes and exploit them. However, virtualization-based security will function as an additional layer of protection that isolates the processes from attacks. So, if you use it with Auslogics Anti-Malware, you can ensure that your computer can enjoy optimum security.

What is Memory Integrity in Windows 10?

Also known as Hypervisor Protected Code Integrity (HVCI), Memory Integrity functions as a subset of Core Isolation. By default, it is disabled on computers that installed the April 2018 Update. However, for new installations of Windows 10, it will be automatically enabled.

Windows requires digital signatures for device drivers and other code running in low-level kernel mode. This ensures that malware has not tampered with them. Once you’ve enabled Memory Integrity, the code integrity service in Windows will run the hypervisor-protected container processed by Core Isolation. With this, it is virtually impossible for malware to penetrate the code integrity checks. This also means that it wouldn’t be able to access the Windows kernel.

Some Problems with the Virtual Machine

Memory Integrity utilizes the virtualization hardware of the system. As such, it is compatible with virtual machine programs like VMware or VirtualBox. Keep in mind that only a single application can use this hardware at a time.

When Memory Integrity is enabled on a system and you try to install a virtual machine program on it, you may see a message saying AMD-V or Intel VT-X is not available or activated. While Memory Protection is enabled in VirtualBox, you will possibly see the error message, “Raw-mode is unavailable courtesy of Hyper-V.”

When you encounter issues with your virtual machine software, you can only use it by disabling Memory Integrity.

Why is Memory Integrity Disabled by Default?

You shouldn’t encounter with the main Core Isolation feature. As long as the Windows 10 PC has the features needed to support it, it will be automatically enabled. Moreover, there is no interface for disabling it.

On the other hand, Memory Integrity protection can cause problems with other low-level Windows applications and some device drivers. This is also the reason why the feature is disabled by default on upgrades. Microsoft has been pushing device manufacturers and developers to make their software and drivers compatible. By default, the feature is enabled on new installations of Windows 10 and new PCs.

If one of the drivers essential in booting your computer is incompatible with Memory Protection, your system will disable the feature. This is why even after enabling it, you find it disabled when you reboot your PC.

Sometimes, when you enable Memory Protection, you might encounter malfunctioning software or problems with other devices. It is recommended that you check for updates with the specific driver or application. You should turn off Memory Protection if you discover that there are no updates available.

As previously mentioned, Memory Integrity might also be incompatible with certain applications that need exclusive access to the virtualization hardware of the system. It is also worth mentioning that tools like debuggers may need exclusive access to this hardware. Moreover, they won’t work when Memory Integrity is enabled.

Enabling/Disabling Core Isolation Memory Integrity

You can go through the Windows Defender Security Center to check whether the Core Isolation features on your PC are enabled. As part of the Redstone 5 Update, the tool will be renamed ‘Windows Security’. This change will be formally released in fall 2018. To open Core Isolation, simply follow the instructions below. You can also use these steps if you want to learn how to disable Core Isolation on Windows computers.

  1. Click the Search icon on your taskbar.
  2. Type “Windows Defender Security Center” (no quotes), then hit Enter.
  3. In the Security Center, click the Device Security icon.
  4. You should see the message “Virtualization-based security is running to protect the core parts of your device” if Core Isolation is enabled on your computer.
  5. You can enable or disable Memory Protection by clicking Core Isolation Details.
  6. You will be able to see whether Memory Integrity is enabled or not.
  7. You can toggle the switch to ‘on’ when you want to enable Memory Integrity.
  8. If you experience device or application problems and you need to disable Memory Integrity, just return to this section and toggle the switch to ‘off’.
  9. Restart your computer to apply the change.

So, do you think Core Isolation and Memory Integrity will be useful for you?

Let us know your thoughts in the comments below!

Share it:
Do you like this post?
1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 5.00 out of 5)
Loading...