Familiarize yourself with the features of CORE ISOLATION and MEMORY INTEGRITY in Windows 10

CORE ISOLATION and MEMORY INTEGRITY
Spread the love

Familiarize yourself with the features of CORE ISOLATION and MEMORY INTEGRITY in Windows 10

April 2018 Update Microsoft on Windows 10 has released new security features called “Core Isolation” and “Memory Integrity” to all users. These two features use a virtualization-based security method to protect the operating system kernel processes from tampering and tampering. However, the memory protection feature is disabled by default for people who upgrade.

 

What is the Core Isolation feature?

The Virtualization Security (VBS) feature was available as part of Device Device and only for the Enterprise version of Windows 10. But in the April 2018 update, Core Isolation included virtualization-based security in all versions of Windows 10.

 

Some Core Isolation features are enabled by default on those Windows 10 PCs that have the required hardware and firmware specifications, such as a 64-bit processor and a TPM 2.0 chip. In addition, your PC must support Intel VT-x and AMD-V virtualization technologies. If these conditions are met, this feature is enabled in the UEFI settings of the device.

 

In this case, and when these features are enabled, Windows uses the hardware virtualization capabilities to build a secure area of ​​system memory that is independent of the normal operating system of the device. Windows can run system processes and security software in this secure area. As a result, important operating system processes are protected from tampering and sabotage outside the safe zone.

Even if malware is currently running on a PC that can harm Windows processes, security is based on the virtualization of an additional layer of protection that protects against attacks.


What is the Memory Integrity feature ?

This feature, known as “Memory Integrity” in the Windows 10 interface, is known in Microsoft documents as “Hypervisor protected Code Integrity” under the name “HVCI”.

Memory Integrity is disabled by default on apps that received the April 2018 update, but you can enable it. Of course, this feature is also enabled by default in newer Windows 10 installations.

 

In fact, Memory Integrity is a subset of Core Isolation. Windows usually requires digital signatures and other code that runs in low-level Windows kernel mode for device drivers. This ensures that there is no need to worry about malware attacks and tampering with them. When this feature is enabled, the “Code Integrity Service” runs inside Windows in a hypervisor protected container created by Core Isolation. As a result, it becomes impossible for malware to manipulate Integrity code and gain access to the Windows kernel.


Virtual machine problems

Because Memory Integrity uses system virtualization hardware, it is not compatible with virtual machine applications such as VirtualBox or VMWare. Because only one application at a time can use this hardware.

 

If you install the virtual machine application on a system where Memory Integrity is enabled, you may encounter a message such as Intel VT-X or AMD-V not enabled or not available. If Memory Protection is enabled on the system, you may encounter the “Raw-mode is unavailable courtesy of Hyper-V” error message in VirtualBox.

 

In any case, if your virtual machine software has a problem, you should disable Memory Integrity to use it.

Familiarize yourself with the features of CORE ISOLATION and MEMORY INTEGRITY in Windows 10

Why is it disabled by default?

The main feature of Core Isolation should not be a problem. This feature is enabled on all Windows 10 PCs that can support it, and there is no interface to disable it.

 

However, Memory Protection can cause problems for some drivers or low-level Windows applications. This is why it is disabled by default in new updates. Microsoft is still encouraging device developers and builders to build compatible drivers and software, so new versions and installations of Windows 10 are enabled by default.

 

If one of the drivers that your PC needs to boot is incompatible with Memory Protection, Windows 10 silently disables it to get the PC booting up and running properly.

 

If you see other problems with other devices or software malfunctions after you enable Memory Protection, Microsoft recommends that you look for specific updates for that particular driver and application. If you do not find any updates, you have no choice but to disable Memory Protection.

 

As mentioned above, Memory Integrity is not compatible with some applications that require special access to system virtualization hardware such as virtual machine applications.

 

How to enable Core Isolation Memory Integrity?

You can find out if Core Isolation is enabled through the Windows Defender Security Center app. You can also enable or disable Memory Protection. The tool will be renamed “Windows Security” in the Redstone 5 update that will be released in the fall of 2018.

 

To open it, go to “Windows Defender Security Center” in the Start menu or go to Settings> Update & Security> Windows Security> Open Windows Defender Security.


In the Security Center, click on the “Device Security” icon.


 

If Core Isolation is enabled, you will see the message “Virtualization-based security is running to protect the core parts of your device”.

Click the Core Isolation Details link to enable or disable Memory Protection.


This page shows you whether Memory Integrity is enabled or not. This is the only current option in this section.

To enable Memory Integrity, turn the switch to On. If you encounter software or device issues and need to disable this feature, return to this page and turn the switch “Off”.


 

You will be told that the system needs to be restarted, as the changes will only take effect after the system restarts.

See Also Troubleshoot Windows 10 Toolbar

follow on facebook
follow on linkedin
follow on Reddit