Resolving Incompatible Drivers to Enable Core Isolation Memory Integrity in Windows 10
Core Isolation is an important security feature in Windows 10 that isolates critical operating system components in a virtualized environment to protect against vulnerabilities. However, incompatible drivers can prevent Memory Integrity from being enabled under Core Isolation. In this guide, we’ll examine potential solutions to resolve incompatible driver issues when turning on Memory Integrity in Windows 10.
Identifying the Incompatible Driver
When attempting to enable Memory Integrity, an error message will indicate any incompatible drivers. Take note of the driver details shown:
- Driver name
- Driver date
- Driver version
- Published name
Next, open Device Manager in Windows 10. Navigate to View > Devices by type and expand the System devices category. Look for the driver that matches the noted details. Right-click the driver, select Properties > Driver tab > Driver Details to further inspect files with a .sys extension. Note the file names and locations.
What is core isolation in Windows 10?
Core Isolation can be considered as an additional layer of protection. It is an important security feature of Windows that safeguards the core Windows processes from malicious software. It does that by isolating these core processes in a virtualized environment and isolating them in memory.
How do I enable/disable core isolation?
Select Core isolation details to enable, disable, and change the settings for core isolation features. Memory integrity is a feature of core isolation. By turning on the Memory integrity setting, you can help prevent malicious code from accessing high-security processes in the event of an attack.
This identifies the specific incompatible driver causing the issue. Now we can troubleshoot updating or replacing the problematic driver.
Updating Drivers in Device Manager
With the incompatible driver identified, first try updating it through Device Manager:
- Right-click the driver and select Update driver.
- Choose Browse my computer for driver software.
- Select Let me pick from a list of available drivers on my computer.
- Choose the latest driver version available.
- Follow the on-screen prompts to complete the update.
If a newer driver version is available, this may resolve the incompatibility issue with Memory Integrity. Be sure to restart your PC after updating drivers.
Uninstalling the Incompatible Driver
If no driver updates are available, temporarily uninstalling the incompatible driver can allow Memory Integrity to be enabled:
- Right-click the driver and choose Uninstall device.
- Check Delete the driver software for this device and select Uninstall.
- Restart your PC and attempt to enable Memory Integrity again.
Without the incompatible driver active, Core Isolation may now be able to turn on successfully. However, functionality dependent on the uninstalled driver will be lost until it’s reinstalled.
Why can’t I activate Microsoft support core isolation?
Microsoft Support Core isolation can’t be activated because of incompatible driver called AlcGener.sys How… (****) AlcGener.sys: What Is This Smart Card Reader Driver and What Is It For?
What is core isolation?
One of these features is called Core Isolation, which uses hardware virtualization to isolate critical parts of the operating system’s kernel from user-mode drivers and software running on the PC.
Manually Replacing Drivers
For continued driver functionality alongside Memory Integrity, you may need to manually replace the incompatible driver:
- Download the latest driver from the device manufacturer’s website.
- Extract the .inf and .sys files from the downloaded package.
- Copy these files to the C:\Windows\System32\DriverStore\FileRepository folder, replacing the older incompatible versions.
- Reboot your PC for changes to take effect.
With updated driver files installed, Core Isolation Memory Integrity should now be able to enable properly. Be sure to only download drivers from reputable sources.
Additional Troubleshooting Steps
If the above solutions still don’t resolve your incompatible driver issue, try these steps:
- Enable CPU virtualization in your system BIOS
- Turn on Windows Virtual Machine Platform in Windows Features
- Update Intel Management Engine Interface drivers
- Modify the Windows Registry to force enable Memory Integrity (advanced task)
Persisting incompatible driver messages when enabling Memory Integrity typically indicate larger driver compatibility problems. We recommend keeping all system drivers updated, only installing trusted drivers, and consulting your device manufacturer for assistance.
Can I enable core isolation after enabling virtualization?
Unable to enable Core Isolation after enabling virtualization. Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. For more information, refer to Device protection in Windows* Security.
Why can’t I see a security processor?
Select Security processor details for additional info and options. Note: If you don’t see a Security processor entry on this screen then it’s likely that your device doesn’t have the TPM (Trusted Platform Module) hardware necessary for this feature or that it’s not enabled in UEFI (Unified Extensible Firmware Interface).
How do I Turn Off core isolation Windows 10?
Open the Core Isolation page by going to Start > Settings > Update & Security > Windows Security > Device Security and then under Core isolation, click on Core isolation details. When the Core Isolation settings page opens, toggle the Memory integrity setting to Off. Once you turn it off, Windows 10 will prompt you to restart your computer.
How does memory integrity protection work in Windows 11 2022?
The protection works by making the kernel memory pages executable only if they pass the integrity check. The Core isolation features, including memory integrity, should be enabled by default with the Windows 11 2022 Update. However, if you’re still on version 21H2 or the feature isn’t running, you may want to enable it manually.
Maintaining Driver Security
Properly maintaining drivers is important not only for performance, but security as well. Follow these tips:
- Regularly check for driver updates in Device Manager
- Only download drivers from manufacturer websites
- Perform clean driver installations when updating
- Don’t disable driver signature verification
- Use a utility like Snappy Driver Installer for bulk updates
Keeping drivers updated and only installing trusted versions will help minimize conflicts with critical Windows security features like Core Isolation.
References
- https://driverfinderpro.com/driver-guide/core-isolation-memory-integrity-incompatible-drivers/
- https://www.elevenforum.com/t/memory-integrity-off-no-incompatible-drivers-found.14215/
Can core isolation be opened after deleting drivers?
Once deleted and rebooted core isolation could be opened. DO NOT delete the wrong drivers. I think MS advises against deleting drivers. For me it seemed to work. Was this reply helpful? Hi, When i am turning on the core isolation protection by windows defender, it is failing and showing the message that i have attached.
Why do incompatible drivers prevent using memory integrity?
Turning on the Memory integrity setting would block these incompatible drivers from loading. Because blocking these drivers might cause unwanted or unexpected behaviors, the Memory integrity setting is turned off to allow these drivers to load.
Do I need a reboot to enable core isolation?
In my case the driver that needs to go is OEM26.INF Uninstall the driver using pnputil /delete-driver oem
.inf You do NOT need a reboot so you can immediately retry to enable CORE ISOLATION and you should see a prompt to reboot once Core Isolation > Memory Integrity is turned ON.
