Robbie

Level 29
Verified
Content Creator
I have read about Core Isolation module on Windows Defender and it is pretty interesting. I would very much like to use it, but it blocks ThrottleStop, an undervolt and overclock software, which I use in order to cool down the temperatures on my laptop.

As far as I have read, Core Isolation protects high-security processes from being injected by malicious software. I can understand why ThrottleStop would need to do this in order to limit my hardware's performance, but I cannot see a way to exclude it from this module.

I have manually added the whole folder and executables to the exclusions, but I believe this only applies for real-time protection and scanning, since it does nothing.

So far, I have the Core Isolation module disabled so I can run ThrottleStop. Any ideas?
 

venustus

Level 46
Verified
Trusted
Content Creator
Several users on this forum have run into the issue that ThrottleStop does not start when Windows 10's Core Isolation feature is turned on. Based on my looking into this, the solution would be for ThrottleStop's WinRing*.dll binaries to be signed. The main ThrottleStop executable as well as the drivers, WinRing*.sys, are signed with keys that chain up to trusted roots, but the DLL's are not.

Signing the DLL's should allow ThrottleStop to operate with Core Isolation on. This is evidenced by attempting to launch ThrottleStop with Core Isolation on, then looking in Event Viewer, under Windows Logs -> System, where the source is the Service Control Manager, event ID 7000. This shows:
 

Robbie

Level 29
Verified
Content Creator
Thanks for sharing the article. Sadly, I know already it is a common issue. I am just hoping somebody knows a work around to temporarily fix it without having to disable the module.
 

Vasudev

Level 29
Verified
Thanks for sharing the article. Sadly, I know already it is a common issue. I am just hoping somebody knows a work around to temporarily fix it without having to disable the module.
You can't. In short, all access to IOMMU and other sensitive registers are disabled by default and all API hooks are terminated.
I did notify the author of ThrottleStop after many people complained that TS isn't working after new W10 update. We were spellbound why OC tools weren't working out of the blue!
Maybe @Andy Ful and other MT senior members can shed more light into this. I am just a noob in this protected memory access thingy!
 
P

Pkjfkknm

I have read about Core Isolation module on Windows Defender and it is pretty interesting. I would very much like to use it, but it blocks ThrottleStop, an undervolt and overclock software, which I use in order to cool down the temperatures on my laptop.

As far as I have read, Core Isolation protects high-security processes from being injected by malicious software. I can understand why ThrottleStop would need to do this in order to limit my hardware's performance, but I cannot see a way to exclude it from this module.

I have manually added the whole folder and executables to the exclusions, but I believe this only applies for real-time protection and scanning, since it does nothing.

So far, I have the Core Isolation module disabled so I can run ThrottleStop. Any ideas?
core isolation is much an alpha\beta feature
there no way to allow a blocked dll injection or load in core isolation
throttlestop author wrote "tired of carrying community on my back"
so do not expect fix
fix is not to use core isolation