Core isolation Memory Integrity not available
Windows 11 comes with a great security feature called “Core Isolation ” which I highly recommend you turn it on, and sometimes you get an error from Windows Security Center which indicates that the core isolation is not available.
This usually happens when you have incompatible drivers in your PC and the only solution to get “core isolation ” back will be to remove the incompatible drivers, before you do so, please keep in mind that removing a driver means, that the device which is associated with the driver will not work, so either accept the risk and ignore the Core isolation Memory Integrity not available error or give it a try.
To remove the drivers, you will need to follow the steps below:
- Open Power Shell or Windows Terminal in admin mode, to do so right click the app and select ADMIN mode
- To list all the drivers in your system run the the command pnputil /enum-drivers
- To delete the driver, use this command pnputil /delete-driver oem<XX>.inf
Please keep in mind you will need to replace <XX> with the driver number you wish to remove, let’s have an example.
My Windows 11 gave me the warning below ” Core Isolation Disabled ”
When I looked at the details, I noticed that some incompatible/ old (Logitech) drivers caused the problem .
To be able to fix the issue I had to click the button and let Windows rescan my incompatible drivers
And next I needed to run the inbuild pnputil command to find the drivers and delete them as explained in the beginning of the article. To do so, I opened Windows PowerShell in Admin mode and run the command
- pnputil /enum-drivers
2. next, I used the pnputil /delete-driver command , in my case OEM128.INF was not needed so I run
pnputil /delete-driver oem128.inf
After deleting all incompatible drivers Windows asked me to reboot my PC
I hope that this article was useful to you. To read more How to articles, click here
What is Core Isolation?
PS : This section of the blog post has been taken from Microsoft Web site
Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.
Memory integrity, also known as Hypervisor-protected Code Integrity (HVCI) is a Windows security feature that makes it difficult for malicious programs to use low-level drivers to hijack your computer.
A driver is a piece of software that lets the operating system (Windows in this case) and a device (like a keyboard or a webcam, for two examples) talk to each other. When the device wants Windows to do something it uses the driver to send that request.
How do I manage memory integrity?
In most cases memory integrity is on by default in Windows 11 and can be turned on for Windows 10.
To turn it on or off:
- Select the Start button and type “Core isolation”.
- Select the Core Isolation system settings from the search results to open the Windows security app.
What if it says I have an incompatible driver?
If memory integrity fails to turn on it may tell you that you have an incompatible device driver already installed. Check with the manufacturer of the device to see if they have an updated driver available. If they don’t have a compatible driver available, you might be able to remove the device or app that uses that incompatible driver.
Memory access protection
Also known as “Kernel DMA protection” this protects your device against attacks that can occur when a malicious device is plugged into a PCI (Peripheral Component Interconnect) port like a Thunderbolt port.
A simple example of one of these attacks would be if someone leaves their PC for a quick coffee break, and while they were away, an attacker steps in, plugs in a USB-like device and walks away with sensitive data from the machine, or injects malware that allows them to control the PC remotely.
Memory access protection prevents these kinds of attacks by denying direct access to the memory to those devices except under exceptional circumstances, particularly when the PC is locked or the user is signed out.
We recommend having memory access protection turned on.
Every device has some software that’s been written to the read-only memory of the device – basically written to a chip on the system board – that is used for the basic functions of the device, such as loading the operating system that runs all the apps we’re used to using. Since that software is difficult (but not impossible) to modify we refer to it as “firmware”.
Because the firmware loads first and runs “under” the operating system, security tools and features that run in the operating system have a difficult time detecting it or defending against it. Like a house that depends on a good foundation to be secure, a computer needs its firmware to be secure in order to ensure that the operating system, applications, and customer data on that computer are safe.
Windows Defender System Guard is a set of features that helps to ensure that attackers can’t get your device to start with untrusted or malicious firmware.
We recommend that you have it turned on if your device supports it.