Microsoft has finally clarified how users can fix a Windows security measure that is causing hardware problems: disable it. The advisory, released last week, is expected to relieve many users of Memory Integrity, a feature designed to protect Windows computers from misbehaving drivers.
Memory integrity is a feature inside a larger set of protections called Core Isolation. It uses hardware virtualization to protect sensitive processes from infection. These features are a subset of virtualization-based security features that Microsoft has offered to enterprise users since the delivery of Windows 10. It deployed Core Isolation and Memory Integrity in all editions of Windows in 2018.
Memory integrity (also known as hypervisor-protected code integrity or HVCI), uses Microsoft’s Hyper-V hypervisor to virtualize hardware that runs certain Windows kernel model processes, protecting them from malicious code injection .
One use case for Memory Integrity is to protect Windows from user mode drivers and misbehaving applications, possibly due to a exploited security breach. Hardware drivers are software developed by hardware vendors that allow devices to work with Windows. Even legitimate pilots can have bugs. An attacker could use these bugs to gain privileged access to the system. Memory integrity blocks sensitive kernel processes in this software.
When Microsoft first offered this feature as an upgrade, you had to activate it. In new installations of Windows, it was enabled by default.
This virtualization-based technology is great for protecting your system, but it is not without drawbacks. Users have complained that they are not compatible with different brands and versions of PCs and that they do not work with peripherals, including Microsoft’s own webcams.
Microsoft said early on that memory integrity can cause compatibility issues and even silently disables it when it interferes with critical drivers at startup. However, in some cases, users have to act themselves.
In a support bulletin of March 5, 2020, Microsoft fixes a specific error that memory integrity could trigger. If your computer says “A driver cannot load on this device”, check it.
The bulletin says:
You receive this message because the memory integrity setting in Windows Security prevents a driver from loading on your device.
And he advises you to sort it quickly:
If you choose to continue using your device without resolving the driver issue, you may find that the functionality supported by the driver no longer works, which could have consequences ranging from negligible to severe.
But how? This is where the tips are not particularly stellar. It tells you to look for an updated driver from the supplier, which we hope will solve the problem. If not, your best option for technical support is to, uh, disable memory integrity.
The bulletin contains clear instructions on how to do this:
- Open the Core isolation page by selecting Start > Settings > Update and security > Windows security > Device security then under Isolation of the nucleus, selection Nuclear isolation details.
- Turn it Memory integrity setting Of if it is not done yet. Restart your computer.
The ability to turn off memory integrity is not a new feature. Microsoft just reminds you that it’s there. You should always keep all of your drivers up to date to avoid any potential performance or security issues. This is a last resort for dealing with suppliers who have not yet made their devices compatible with the security function.