Skip to main content

How to enable memory integrity protection on Windows 10 April 2018 Update

On Windows 10 version 1803, the Windows Defender Security Center experience introduces a number of improvements, including a new "Device Security" section that provides reporting and management tools for the security features supported on your computer, and core isolation is one of these tools.

Core isolation is a virtualization-based security feature designed to provide an extra layer of security against sophisticated attacks. And memory integrity is a feature, part of core isolation, which helps prevent attempts to inject and run malware in high-security processes by making kernel memory pages executable only when they pass integrity check.

In this Windows 10 guide, we'll walk you through the steps to turn on core isolation's memory integrity feature included with the Windows 10 April 2018 Update to increase the security of your computer.

How to enable core isolation's memory integrity feature

To enable this security feature on your device running Windows 10 version 1803, do the following:

  1. Open Windows Defender Security Center.
  2. Click on Device security.
  3. Under "Core isolation," click the Core isolation details link.

  1. Turn on the Memory integrity toggle switch.

Once you've completed the steps, you'll need to restart your computer to apply the new changes. (You can learn more about this feature in this Microsoft Tech Community article (opens in new tab).)

It's worth pointing out that this is a virtualization-based security feature, which means that your processor must support virtualization, and virtualization has to be enabled in the BIOS or UEFI firmware. Otherwise, the option will not be available.

Fixing problems with core isolation

In rare cases, it's possible to come across app compatibility problems if core isolation is enabled, if this is the case, you may need to disable the feature to resolve this issue.

If you're trying to disable memory integrity in Windows Defender Security Center, but the option is grayed out with the "This setting is managed by your administrator" message, you can use the Registry to disable the feature:

Warning: This is a friendly reminder that editing the Registry is risky, and it can cause irreversible damage to your installation if you don't do it correctly. It's recommended to make a full backup of your PC before proceeding.

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type regedit, and click OK to open the Registry.
  3. Browse the following path:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
  4. Double-click the Enabled key.
  5. Set it value from 1 to 0.
  6. Click OK.

After completing the steps, restart your computer to apply the changes.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.

9 Comments
  • I tried this because it seems useful. After enabling memory integrity, I couldn't use my Logitech keyboard's hotkeys to open apps, I had to disable the feature again
  • This would cause performance hits yes? Not to office apps maybe but gaming, CPU memory hungry stuff?
  • Yes, performance may be affected.
  • Can't say I've noticed a performance hit on my SP4, doesn't mean that it won't though.
  • My X79 motherboard from 2014 has old drivers for USB that don't support this feature. As a result, all my USB devices stopped working (including keyboard and mouse). I had to roll back the update in order to get around this.
  • After enabling this option everything continued to work normally or so I think XD. But when I went to play Counter Strike 1.6 (Sorry, I'm old school) I noticed a loss of up to 10 fps so I proceeded to turn off this option and my 10 fps returned.
    I had to use the Regedit method to turn off this option.
  • Small reminder that enabling virtualization kills Blu-ray playback support.
  • I wanted to do it but had to disable it since it stopped me from using virtual box which SAS University Editon uses.
  • So this is the successor to EMET huh? I tried to use it back then but had a lot of Java runtime issues. So for most people, don't enable this!