RECOMMENDED: Click here to fix Windows errors and optimize system performance
In Windows 10 version 1803, Windows Defender Security Center introduces a number of enhancements, including a new Device Security section that provides reporting and management tools for the security features supported on your computer, and Kernel Isolation is one of those tools.
Core Isolation is a virtualization-based security feature that provides an additional layer of security against sophisticated attacks. And memory integrity is a feature that is part of Core Isolation that helps prevent attempts to inject and execute malware in high-security processes by making pages of core memory executable only if they pass the integrity check.
In this Windows 10 guide, we walk you through the steps to enable the core isolation memory integrity feature, which is included in the Windows 10 April 2018 update, to help make your computer more secure.
What is Core Isolation in Windows 10?
When Windows 10 was released, Virtualization-Based Security (VBS) features were only available in the enterprise versions of the operating system. However, when Microsoft released the April 2018 update, the DDPS security features were made available for all editions of Windows 10.
To learn how to enable kernel isolation, your PC must first meet the hardware and firmware requirements. As long as you have a 64-bit processor and a TPM 2.0 chip, some of the basic isolation features of your Windows 10 computer are automatically enabled. Remember that your PC must support Intel VT-x or AMD-V virtualization technology. They must also be enabled in your computer’s UEFI settings.
Once enabled, these features allow Windows to create a secure system memory area that is isolated from the normal operating system. In this secure area, the system can run security software and system processes and protect them from tampering.
What is Memory Integrity in Windows 10?
Also known as Hypervisor Protected Code Integrity (HVCI), memory integrity works as a subset of kernel isolation. By default, it is disabled on computers that have the April 2018 update installed. However, it is automatically enabled on new installations of Windows 10.
Windows requires digital signatures for device drivers and other code that runs in low-level kernel mode. This ensures that they have not been tampered with by malicious software. Once you enable memory integrity, the Code Integrity Service in Windows runs the hypervisor-protected container that is processed by the kernel isolation. This makes it virtually impossible for malware to penetrate the code integrity checks. It also means that it could not access the Windows kernel.
How to Enable Core Isolation Memory Integrity
You can see if kernel isolation is enabled on your PC, and you can enable or disable memory protection in the Windows Defender Security Center application (this tool will be renamed “Windows Security” in the October 2018 update).
- To open it, search for “Windows Defender Security Center” in your Start menu or go to Settings > Update and Security > Windows Security > Open Windows Defender Security Center.
- In the Security Center, click the Device Security icon.
- If kernel isolation is enabled on your PC hardware, you will see the message “Virtualization-based security is running to protect essential parts of your device”.
- To enable (or disable) memory protection, click the “Core Isolation Details” link.
- To enable memory integrity, set the switch to “On”. If you are having application or device problems and need to disable memory integrity, return here and set the switch to “Off”.
- You will be prompted to restart your computer and the change will not take effect until you do so.
That’s all I’m saying. That’s how easy it is to enable the Kernel Isolation and Memory Integrity feature in Windows. If you wish to disable the feature, simply set the switch in step 5 to the “Off” position.
Remember that because of the memory integrity function, some applications, especially older ones, may behave incorrectly or not work properly. If this is the case, disable the memory integrity function.
RECOMMENDED: Click here to troubleshoot Windows errors and optimize system performance
CCNA, Web Developer, PC Troubleshooter
I am a computer enthusiast and a practicing IT Professional. I have years of experience behind me in computer programming, hardware troubleshooting and repair. I specialise in Web Development and Database Design. I also have a CCNA certification for Network Design and Troubleshooting.