SpyShelter and Windows Core Isolation Feature

Bot

AI-powered Bot
Thread author
Apr 21, 2016
3,660
If you are receiving an error message with SpyShelter’s driver as related to the new Windows Core Isolation feature there is a quick and easy fix available.

How can I disable Windows Core Isolation?
The fastest way to disable Windows Core Isolation to avoid “incompatible drivers” issues is to go to your settings, then click “device security” then “core isolation” then switch off “memory integrity”.



Or alternatively, select Start, type “Core Isolation” into the taskbar, and click on the Core Isolation result to open the Windows security app. From this page, you can turn off the toggle for Memory Integrity.

This issue is causing problems for pretty much every device or software that uses a driver, including Logitech hardware and even Microsoft’s own hardware and software. We are working on a major new SpyShelter update that will solve this issue in the future. Unfortunately the fix is not trivial so it will take us a while to update.

The post SpyShelter and Windows Core Isolation Feature appeared first on SpyShelter | World's best anti keylogger.
 

TedCruz

Level 5
Aug 19, 2022
176
If you are receiving an error message with SpyShelter’s driver as related to the new Windows Core Isolation feature there is a quick and easy fix available. How can I disable Windows Core Isolation? The fastest way to disable Windows Core Isolation to avoid “incompatible drivers” issues is to go Continue reading "SpyShelter and Windows Core Isolation Feature"

The post SpyShelter and Windows Core Isolation Feature appeared first on SpyShelter | World's best anti keylogger.
Naw, dog I am not doing that. Why lower the inherent core security feature of Windows 11 just to allow a program in that will just extend the vulnerability threat space? That's a double whammy. First of all, I am careful about what programs run in real-time on my system since for every program you run, you expose yourself to more and more potential vulnerabilities.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
I read the blog post and laught a bit after reading: "This issue is causing problems for pretty much every device or software that uses a driver, including Logitech hardware and even Microsoft’s own hardware and software."
Yes and other vendors are able to fix it in a timely manner. I have an old (5++ year) Logitech keyboard and they had the Logitech gaming software ready since at least 25.5.2022
I'm running it on Windows 11 22H2 with core isolation on.
 

Andrezj

Level 6
Nov 21, 2022
248
I always get doubts when I need to lower security to allow security programs to work :(
Naw, dog I am not doing that. Why lower the inherent core security feature of Windows 11 just to allow a program in that will just extend the vulnerability threat space? That's a double whammy. First of all, I am careful about what programs run in real-time on my system since for every program you run, you expose yourself to more and more potential vulnerabilities.
core isolation breaks a lot of apps such as antivirus, vmware, virtualbox, etc
I read the blog post and laught a bit after reading: "This issue is causing problems for pretty much every device or software that uses a driver, including Logitech hardware and even Microsoft’s own hardware and software."
Yes and other vendors are able to fix it in a timely manner. I have an old (5++ year) Logitech keyboard and they had the Logitech gaming software ready since at least 25.5.2022
I'm running it on Windows 11 22H2 with core isolation on.
Well, depending if that feature is enable by default or not, then you technically wouldn’t be lowering any security.

Though I don’t remember which is the default now.
core isolation is always off by default because it breaks so many software
with few exceptions it only can be enabled on a system that uses all microsoft
 

Andrezj

Level 6
Nov 21, 2022
248

Jan Willy

Level 12
Verified
Top Poster
Well-known
Jul 5, 2019
573
osarmor does not attempt to access protected memory
Yes, that's just I wanted to say. Maybe I wasn't clear enough or I didn't understand you well. OSArmor is one of the so called exceptions that work well on an all MS system with enabled memory integrity. BTW it doesn't mean that OSAarmor is a full replacement of SpyShelter. And when we talk about exceptions, they only concern security software. Tons of other software don't interfere with core isolation.

Edit: replaced core isolation by memory integrity.
 
Last edited:
F

ForgottenSeer 97327

core isolation is always off by default because it breaks so many software
with few exceptions it only can be enabled on a system that uses all microsoft
The benefits of using Microsoft. I have WDAC enabled which only allows Microsoft, Macrium and Syncback to run (update) in user space.

Thanks for reminding me. I will remove Macrium Free 8 signature from the WDAC policy, because it won't get any updates anymore. Thanks (y)
 
  • Like
Reactions: oldschool

Andrezj

Level 6
Nov 21, 2022
248
My core isolation is active and I have F-Secure Safe running as an AV program. No problem.
core isolation is off by default is a general misstatement as there is no setting for it
core isolation is always on, it is memory integrity (underneath the core isolation label) that is always off by default because it breaks many programs
everybody says core isolation instead of memory integrity
i did not say all antivirus, f secure working with memory integrity can only mean f secure updated the product to work with it, which is what microsoft wants all publishing partners to do, so f secure changed the product to not access certain areas of memory
still today memory integrity breaks many programs, example
 
F

ForgottenSeer 97327

i did not say all antivirus, f secure working with memory integrity can only mean f secure updated the product to work with it, which is what microsoft wants all publishing partners to do, so f secure changed the product to not access certain areas of memory

Seems like the same discussion we had when Microsoft introduced patch protection. When something is protected by virtualization, you don't need to access or control it. So kudo's to F-secure being an early adopter. Well done. (y) I hope more leading Security vendors follow their example.
 

NormanF

Level 8
Verified
Jan 11, 2018
384
If you are receiving an error message with SpyShelter’s driver as related to the new Windows Core Isolation feature there is a quick and easy fix available.

How can I disable Windows Core Isolation?
The fastest way to disable Windows Core Isolation to avoid “incompatible drivers” issues is to go to your settings, then click “device security” then “core isolation” then switch off “memory integrity”.



Or alternatively, select Start, type “Core Isolation” into the taskbar, and click on the Core Isolation result to open the Windows security app. From this page, you can turn off the toggle for Memory Integrity.

This issue is causing problems for pretty much every device or software that uses a driver, including Logitech hardware and even Microsoft’s own hardware and software. We are working on a major new SpyShelter update that will solve this issue in the future. Unfortunately the fix is not trivial so it will take us a while to update.

The post SpyShelter and Windows Core Isolation Feature appeared first on SpyShelter | World's best anti keylogger.
A lot of this could be avoided if SpyShelter relied on the Windows Hypervisor engine.

If you want SS to run, you have to turn off Windows memory core protection. Two different Hypervisor engines conflict and can't run at the same time.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top