Core Isolation was introduced back in 2018, and since then, it has been one of the features of Windows Security that aims to protect your PC from malware attacks. But what does it do?
Core Isolation is a feature of Windows Security that protects Windows core processes against malware by isolating them from the common processes running on your operating system through hardware virtualization.
Having high-security processes running in a separate area from the rest of the processes can allow them to remain unaffected by malware even if it spreads to a common process in your operating system.
You can access the Core Isolation feature on Settings > Privacy & Security > Windows Security > Device Security. If it is turned off, you will see an exclamation point next to the icon.
Click on Core isolation details and turn Memory Integrity on to enable this feature.
If you aren’t sure what Memory Integrity is or whether you should turn on Core Isolation, keep reading.
What is Memory Integrity under Core Isolation on Windows?
The Memory Integrity feature is responsible for preventing memory corruption, ransomware attacks, and vulnerability exploits by protecting the Control Flow Guard (CFG); it also ensures that drivers and similar software have a valid digital certificate.
Or to explain in a more detailed way, according to Microsoft’s official website, the Memory Integrity feature, also called Hypervisor-protected code integrity (HVCI) by Microsoft, has three main functions:
- Protecting modifications of the Control Flow Guard (CFG): The CFG is responsible for fighting memory corruption vulnerabilities.
- Ensuring that trusted processes have a valid certificate.
- Ensuring that modern device drivers have an (EV) Extended Validation certificate and support HVCI: If you run into compatibility issues and find yourself unable to turn Memory Integrity on if your driver isn’t compatible with HVCI.
Knowing this, the next question is whether we should turn on Core Isolation.
Should You Turn on Core Isolation?
You should turn on Core Isolation if you want added protection against malware, and your PC has decent specs. But remember that turning it on might result in a slight drop in performance since it needs to run in the background to protect your PC.
However, there are some instances where I don’t suggest you turn it on:
- You won’t be able to run virtual machines on your PC, such as VirtualBox or VMware if you turn on Core Isolation: Core Isolation runs hardware visualization continuously, so if you run virtual machines, you should disable it in order to keep running them.
- If you experience any hardware malfunction after turning it on, you should disable Core Isolation: As explained in the last section, Core Isolation requires valid certificates from drivers; this might cause incompatibility with older drivers or drivers that are not compatible with HVCI. In this case, your hardware might not work properly, and it is recommended that you turn it off.
If you want to turn on the Memory Integrity feature but you are unable to, read the next section.
(If you want to learn more about malware protection, I’ve written an article on how to run Malwarebytes and Windows Defender together for maximum protection.)
How to Fix Can’t Turn on Core Isolation Memory Integrity due to Incompatible Drivers Error
Many users who try to turn the Memory Integrity Feature on Core Isolation aren’t able to do so due to the Incompatible Drivers error, as shown in the picture below:
This happens because some drivers in the system aren’t HVCI compatible, and you can fix it by deleting the drivers causing the issue. You can do this via Command Prompt or AutoRuns.
Fixing via Command Prompt
- Enter Command Prompt on Windows Search and select Run as Administrator:
- On the Command Prompt, enter the following command then press Enter:
dism /online /get-drivers /format:table - A list of drivers will pop up in the command prompt, find the driver that is causing the issue and pay attention to the Published Name on its left:
- Then run the command below (using the right Published Name that you identified on the last step) to delete the incompatible driver:
pnputil /delete-driver oemXX.inf /uninstall /force
(Switch oemXX.inf for the correct Published Name) - Reboot your PC.
Fixing via AutoRuns
AutoRuns is a more complete version of Windows Task Manager that allows you to manage startup items, DLLs, and many other things, including drivers. You can use it to find the driver that is preventing you from turning on Memory Integrity and deleting it:
- Download Autoruns from its official website.
- Extract the file you download, then right-click on Autoruns64 and select run as administrator:
- Go to the Driver tab, find the driver causing the issue, then delete it.
Conclusion
The Core Isolation feature is intended to protect your PC against malware by isolating your core process via hardware virtualization; thus, it is recommended that you turn it on for extra security.
However, if you have any hardware malfunctioning after turning on Core Isolation, or if you run any virtual machine software, then it is not a good idea to turn it on.
If you cannot turn on the Memory Integrity feature under Core Isolation, you might need to delete the incompatible driver via command prompt or AutoRuns.
If you want to know what is the Mixed Reality Portal app that comes pre-installed in Windows, I’ve written an article on it.
