shmu26

Level 85
Verified
Trusted
Content Creator
What do I need to do in order to enable this feature, and is it worth the trouble?
Under the category of "Device security" I have Memory integrity on, and Secure boot on.
But I see the message "Standard hardware security not supported."
I have a new desktop, with intel 9th gen, and no discrete GPU.

Windows 10 x64 version 2004
 

shmu26

Level 85
Verified
Trusted
Content Creator

shmu26

Level 85
Verified
Trusted
Content Creator
After I upgraded to 2004, I discovered that if you try to enable memory integrity, and Windows refuses, there is a clickable text at the bottom of the screen that gives you a list of the problems.
I clicked, and found a bunch of Conexant drivers from a fax modem I am not using anymore. I deleted the drivers (I needed to take ownership of them first) and then I was able to enable memory integrity.
 

Gandalf_The_Grey

Level 31
Verified
After I upgraded to 2004, I discovered that if you try to enable memory integrity, and Windows refuses, there is a clickable text at the bottom of the screen that gives you a list of the problems.
I clicked, and found a bunch of Conexant drivers from a fax modem I am not using anymore. I deleted the drivers (I needed to take ownership of them first) and then I was able to enable memory integrity.
Great find. (y)
I have one incompatible driver:
Aantekening 2020-07-09 095156.png
Searched about it on Google:
IGDKMd64 stands for Intel Graphics Driver Kernel Mode 64-bit
Is there a solution for this on my laptop with Intel HD graphics 4600?
 

shmu26

Level 85
Verified
Trusted
Content Creator
Great find. (y)
I have one incompatible driver:
View attachment 244003
Searched about it on Google:

Is there a solution for this on my laptop with Intel HD graphics 4600?
Check what graphics driver is actually in use, you should be able to get driver details like that in Device Manager. If you have a newer driver in use, my guess is that you can delete the old one with impunity.
 

Gandalf_The_Grey

Level 31
Verified
Check what graphics driver is actually in use, you should be able to get driver details like that in Device Manager. If you have a newer driver in use, my guess is that you can delete the old one with impunity.
Thank you for pointing me in the right direction. (y)
After deleting the old Intel driver with Driver Store Explorer, I could enable memory integrity without any problems.
So, now I have Memory Integrity and Secure Boot enabled.
Standard hardware security is not supported because of the lack of an TPM chip in my old Acer laptop.
 

South Park

Level 6
Verified
Windows tell you if it can't enable it after you try to do.

Also it may be your hardware which doesn't support something so Windows disable it.
See also Enable virtualization-based protection of code integrity - Windows security
What's weird is that I can turn on Memory Integrity and it survives multiple power cycles, but it usually (not always) gets turned off when I do a version update. It has also silently turned itself off a few times, seemingly at random, with no error message.

I found that Microsoft (under Settings> Apps) lists much newer graphics drivers for my HD 520 than Device Manager does, Nov. 2019 vs Nov. 2018 to be precise. Apps also shows WiFi drivers a year newer than what appears in Device Manager. I wonder if one of the old drivers gets loaded randomly at start-up and shuts off Memory Integrity. I may have a look with Driver Store Explorer, though I'm not familiar with that software.
 

plat1098

Level 20
Verified
Well, this thread is very beneficial. I'd noticed eons ago that "standard device security is not supported" but never progressed from there because of all the jargon. So, all it boiled down to was going into the BIOS and enabling virtualization, then restarting and toggling Memory Integrity to "on."

Thanks, guys! Very helpful thread, cleared up this small but potentially important issue. And it was so simple. (y)

devsec.png
 
Top