ANAVEM
EnglishFrancais
ANAVEM
Languagefr
How to Enable or Disable Core Isolation Memory Integrity in Windows 11

How to Enable or Disable Core Isolation Memory Integrity in Windows 11

Learn to configure Windows 11's Core Isolation Memory Integrity feature through Windows Security and Registry Editor. Includes troubleshooting incompatible drivers and performance optimization.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
March 18, 2026 12 min 0
easywindows-security 7 steps 12 min

What is Core Isolation Memory Integrity in Windows 11?

Core Isolation Memory Integrity, also known as Hypervisor-protected Code Integrity (HVCI), is a critical security feature in Windows 11 that protects your system's core processes by isolating them in a virtualized environment. This feature uses your CPU's virtualization capabilities to create a secure boundary around kernel memory, preventing malicious code from modifying critical system components.

When enabled, Memory Integrity runs kernel-mode drivers and system code in a protected virtual environment, making it extremely difficult for malware to compromise your system at the deepest level. It works alongside other Windows security features like Secure Boot and Windows Defender to create multiple layers of protection against sophisticated attacks.

Why Should You Configure Memory Integrity Settings?

Memory Integrity is enabled by default on compatible Windows 11 systems, but you might need to disable it temporarily for specific scenarios. Gaming enthusiasts often disable this feature along with Virtual Machine Platform to maximize frame rates, as the virtualization overhead can impact performance in demanding games. Developers working with virtual machines or certain debugging tools may also need to adjust these settings.

However, security-conscious users should keep Memory Integrity enabled whenever possible. The feature provides significant protection against kernel-level exploits, rootkits, and other advanced persistent threats that traditional antivirus solutions might miss. Understanding how to properly configure this feature ensures you can balance security needs with performance requirements.

Related: How to Enable Administrator Protection for Admin Approval

Related: KB890830 — Windows Malicious Software Removal Tool (MSRT)

Related: How to Customize Windows Login and Lock Screen Using Group

Related: Set Up Windows LAPS with Microsoft Intune for Enhanced

What Hardware Requirements Must Your System Meet?

Your Windows 11 system needs specific hardware capabilities to support Memory Integrity. The primary requirement is a CPU with virtualization support - Intel VT-x for Intel processors or AMD-V for AMD processors. These features must be enabled in your system's BIOS or UEFI firmware settings. Additionally, Secure Boot should be enabled for optimal security, though it's not strictly required for Memory Integrity to function.

Driver compatibility is another crucial factor. Older or poorly written drivers that don't meet Microsoft's security standards will prevent Memory Integrity from enabling. The system includes built-in compatibility checking that identifies problematic drivers and provides guidance for resolution.

Implementation Guide

Full Procedure

01

Check System Compatibility and Current Status

Before enabling Memory Integrity, verify your system supports this feature and check its current status.

Open Windows Security by pressing Windows + I, then navigate to Privacy & security > Windows Security. Click Open Windows Security.

In Windows Security, click Device security from the left sidebar. Look for the Core isolation section. If you see "Core isolation details" link, your system supports the feature.

Pro tip: If Core isolation doesn't appear, your CPU lacks virtualization support or it's disabled in BIOS. Check your BIOS settings for Intel VT-x or AMD-V options.

Click Core isolation details to view the current status. You'll see whether Memory integrity is currently on or off, and any incompatible drivers that might prevent activation.

Verification: The Core isolation page should display "Memory integrity: On" or "Memory integrity: Off" along with any driver compatibility warnings.

02

Enable Memory Integrity Through Windows Security

The primary method to enable Memory Integrity uses the Windows Security interface, which provides the safest approach with built-in compatibility checks.

From the Core isolation details page (accessed in Step 1), locate the Memory integrity toggle switch. Click the toggle to turn it On.

If prompted by User Account Control (UAC), click Yes to allow the change. Windows will display a notification that a restart is required.

Warning: If the toggle is grayed out or shows "Managed by your organization," incompatible drivers are blocking the feature. Proceed to Step 4 for driver resolution.

Optionally, you can also toggle the Microsoft Vulnerable Driver Blocklist setting. Keep this enabled unless you specifically need to run older, known-safe drivers that trigger false positives.

Click Restart now when prompted, or restart manually through the Start menu.

Verification: After restart, return to Windows Security > Device security > Core isolation details. The Memory integrity status should show "On" with a green checkmark.

03

Disable Memory Integrity for Performance or Compatibility

You may need to disable Memory Integrity for gaming performance, virtual machine compatibility, or to resolve application crashes.

Navigate back to Windows Security > Device security > Core isolation details. Click the Memory integrity toggle to turn it Off.

Confirm the UAC prompt if it appears. Windows will again notify you that a restart is required to apply the change.

Pro tip: Gamers often disable Memory Integrity along with Virtual Machine Platform for maximum FPS. Remember to re-enable these security features when not gaming.

Restart your computer to complete the process. The change takes effect immediately after the restart.

Verification: Check the Core isolation details page post-restart. Memory integrity should display "Off" status. You can also verify by running msinfo32 and checking that "Virtualization-based security" shows as "Not enabled."

04

Resolve Incompatible Driver Issues

When Memory Integrity won't enable due to incompatible drivers, you need to identify and update or remove the problematic drivers.

In the Core isolation details page, look for a link that says "Review incompatible drivers" or similar text. Click this link to see a list of drivers blocking the feature.

For each listed driver, note the driver name and manufacturer. Open Device Manager by right-clicking the Start button and selecting Device Manager.

Get-WindowsDriver -Online | Where-Object {$_.Driver -like "*problematic_driver_name*"}

Use this PowerShell command to get detailed driver information, replacing "problematic_driver_name" with the actual driver name from the incompatible list.

Update drivers through Device Manager by right-clicking the device > Update driver > Search automatically. Alternatively, download the latest drivers directly from the manufacturer's website.

Warning: Some older hardware may never receive compatible drivers. In these cases, you must choose between the hardware functionality and Memory Integrity protection.

Verification: After updating drivers, restart and check if the "Review incompatible drivers" link disappears from Core isolation details. The Memory integrity toggle should become available.

05

Enable Memory Integrity via Registry Editor (Advanced Method)

When the Windows Security interface is grayed out or managed by group policy, use the Registry Editor to directly control Memory Integrity.

Press Windows + R, type regedit, and press Enter. Approve the UAC prompt to open Registry Editor.

Navigate to the following registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity

Locate the Enabled DWORD value. If it doesn't exist, right-click in the right pane > New > DWORD (32-bit) Value and name it "Enabled".

Double-click the Enabled value and set the Value data:

  • 1 = Enable Memory Integrity
  • 0 = Disable Memory Integrity

Click OK and close Registry Editor. Restart your computer for the changes to take effect.

Pro tip: After using the registry method, the Windows Security interface will show "Managed by your organization." To regain UI control, set the Enabled value back to 0, restart, then use the Windows Security toggle.

Verification: Run msinfo32 and check the "Virtualization-based security" field. It should show "Running" when enabled or "Not enabled" when disabled.

06

Create Registry Files for Quick Toggle (Optional)

For frequent toggling, create .reg files to quickly enable or disable Memory Integrity without manual registry navigation.

Open Notepad and create the first file for enabling Memory Integrity:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000001

Save this as Enable_Memory_Integrity.reg on your desktop.

Create a second file for disabling:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000000

Save this as Disable_Memory_Integrity.reg.

To use these files, right-click the desired .reg file and select Merge. Approve the UAC prompt and restart your computer.

Warning: Always verify .reg file contents before merging. Malicious registry files can damage your system. Only use files you've created or from trusted sources.

Verification: After merging and restarting, check the Memory Integrity status in Windows Security or run msinfo32 to confirm the change took effect.

07

Troubleshoot Common Memory Integrity Issues

Address the most frequent problems encountered when configuring Memory Integrity in Windows 11.

Issue 1: "Memory Integrity can't be enabled" error
This persistent 2026 error often requires a registry-first approach. Use the registry method (Step 5) to enable the feature, restart, then check for driver updates.

Issue 2: Blue Screen of Death (BSOD) after enabling
Boot into Safe Mode by holding Shift while clicking Restart, then Troubleshoot > Advanced options > Startup Settings > Restart > F4. Disable Memory Integrity via registry or remove problematic drivers.

Issue 3: Applications crashing or refusing to start
Temporarily disable the Microsoft Vulnerable Driver Blocklist in Core isolation details. If crashes persist, the application uses incompatible code injection techniques.

Get-WinEvent -FilterHashtable @{LogName='System'; ID=219} | Select-Object TimeCreated, Message

Use this PowerShell command to check Event Viewer for HVCI-related errors and identify specific problematic drivers.

Issue 4: Gaming performance degradation
Disable both Memory Integrity and Virtual Machine Platform through Windows Features. Re-enable after gaming sessions for security.

Pro tip: Create a batch file or PowerShell script to automate the enable/disable process for gaming scenarios. Always remember to re-enable security features afterward.

Verification: Monitor system stability for 24-48 hours after making changes. Check Windows Event Viewer for any HVCI-related errors or warnings.

Frequently Asked Questions

What happens if I disable Memory Integrity in Windows 11?+
Disabling Memory Integrity removes a critical layer of kernel-level protection, making your system more vulnerable to advanced malware, rootkits, and kernel exploits. However, you may see improved gaming performance and compatibility with older drivers or virtualization software. The security trade-off should be carefully considered, and the feature should be re-enabled when the performance boost is no longer needed.
Why can't I enable Memory Integrity due to incompatible drivers?+
Memory Integrity requires all kernel-mode drivers to meet strict security standards. Older drivers, particularly those from hardware manufacturers who haven't updated their code, may use techniques that HVCI considers unsafe. These drivers must be updated to compatible versions or removed entirely before Memory Integrity can be enabled. Check the Core isolation details page for a list of specific problematic drivers.
Does Memory Integrity affect gaming performance in Windows 11?+
Yes, Memory Integrity can impact gaming performance due to the virtualization overhead required to isolate kernel processes. The performance impact varies by game and system configuration, but can range from negligible to 5-10% FPS reduction in CPU-intensive games. Many gamers disable Memory Integrity and Virtual Machine Platform for maximum performance, then re-enable these features for daily use.
How do I fix Memory Integrity that won't enable after driver updates?+
If Memory Integrity still won't enable after updating drivers, try the registry method first by setting the Enabled DWORD to 1 in the HypervisorEnforcedCodeIntegrity registry key, then restart. After restart, check for any remaining incompatible drivers and remove them through Device Manager. Some users need to boot into Safe Mode to remove stubborn drivers that prevent HVCI activation.
Is it safe to use Registry Editor to control Memory Integrity settings?+
Yes, using Registry Editor to control Memory Integrity is safe when done correctly, but it requires administrator privileges and careful attention to the exact registry path and values. This method is particularly useful when group policy or organizational settings prevent access to the Windows Security interface. Always create a registry backup before making changes, and ensure you're modifying the correct DWORD values in the specified location.
Emanuel DE ALMEIDA
Written by

Emanuel DE ALMEIDA

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#windows-security#memory-integrity#hvci

Further Intelligence

Deepen your knowledge with related resources

How to Use Robocopy in Windows for File Copying and Backup
tutorial
Windows

How to Use Robocopy in Windows for File Copying and Backup

Deep Dive
Remove Weather Icon from Windows 11 Taskbar using Microsoft Intune
tutorial
Cloud Computing

Remove Weather Icon from Windows 11 Taskbar using Microsoft Intune

Deep Dive
How to Enable JavaScript and Cookies in Chrome, Firefox, Safari & Edge
tutorial
Web Development

How to Enable JavaScript and Cookies in Chrome, Firefox, Safari & Edge

Deep Dive

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...