oldschool

Level 56
Verified
Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off. The advice, issued last week, should bring relief to many users of Memory Integrity, a feature designed to protect Windows computers from badly behaved drivers.

Memory Integrity is a feature inside a broader set of protections called Core Isolation. It uses hardware virtualisation to protect sensitive processes from infection. These features are a subset of virtualisation-based security features that Microsoft has offered to enterprise users since Windows 10 shipped. It rolled out Core Isolation and Memory Integrity to all Windows editions in 2018.

Memory Integrity (also called hypervisor-protected code Integrity or HVCI), uses Microsoft’s Hyper-V hypervisor to virtualise the hardware running some Windows kernel-model processes, protecting them against the injection of malicious code.

One use case for Memory Integrity is to protect Windows from user-mode drivers and applications that misbehave, perhaps due to an exploited security flaw. Hardware drivers are pieces of software developed by the hardware vendors that enable devices to work with Windows. Even legitimate drivers can have bugs. An attacker could use those bugs to gain privileged access to the system. Memory Integrity walls off sensitive kernel processes from that software.

When Microsoft first shipped this feature as an upgrade, you had to enable it. In fresh installations of Windows, it was turned on by default.

This virtualisation-powered technology is great at protecting your system, but it isn’t without its drawbacks. Users have complained that they’re not compatible with different brands and builds of PCs, and that they don’t work with peripherals, including Microsoft’s own webcams.

https://secure2.sophos.com/en-us/pr...ll/free-trial/xg-firewall-demo.aspx?cmp=40280
Microsoft said early on that Memory Integrity might cause compatibility problems, and even silently switches it off when it gets in the way of boot-critical drivers. However, in some cases, users must take action themselves.

In a 5 March 2020 support bulletin, Microsoft addresses a specific error that Memory Integrity can trigger. If your computer tells you “A driver can’t load on this device”, then check this out.

The bulletin says:

You are receiving this message because the Memory integrity setting in Windows Security is preventing a driver from loading on your device.
And it advises you to get it sorted, quickly:

If you choose to continue using your device without addressing the driver problem, you might discover that the functionality the driver supports does not work any longer, which could have consequences ranging from negligible to severe.
But how? Here’s where the advice isn’t especially stellar. It tells you to look for an updated driver from the vendor, which will hopefully fix the problem. If not, then your best technical support option is to, um, turn Memory Integrity off.

The bulletin comes with clear instructions on how to do that:

  1. Open the Core isolation page by selecting Start > Settings > Update & Security > Windows Security > Device Security and then under Core isolation, selecting Core isolation details.
  2. Turn the Memory integrity setting Off if it isn’t already. Restart your computer.
Being able to turn off Memory Integrity isn’t a new feature. Microsoft is just reminding you that it’s there. You should always keep all your drivers up to date to avoid any potential performance or security problems. This is a last resort to deal with any vendors that haven’t made their devices compatible with the security feature yet.

 
Top