Unsolved
1 Rookie
•
13 Posts
1
5798
June 8th, 2024 06:29
Cannot Turn on Memory Integrity
Hello folks, I would appreciate everyone trying something: TURN ON MEMORY INTEGRITY to prove you cannot easily turn it on. If, in Windows 10 or 11 on any Dell laptop or desktop that is 0 to (say) 5 years old, and where you have all the Dell extras (SupportAssist, etc.) i.e., don't try it if it's a Windows PC you imaged from a Microsoft ISO.
- Click on the Start menu and type
Windows Security. - Select Windows Security from the search results.
- In the Windows Security window, click on Device security from the left-hand menu or wherever that option appears
- Under the Core isolation section, click on Core isolation details.
- In the Core isolation details window, find the Memory integrity toggle switch.
- Turn the toggle switch to On.
After a short period of time (Windows is scanning for incompatible drivers), you will almost certainly get the notification message (lower right corner) that looks like this:
[Insert image previewed but does not show up -- it said Memory integrity can’t be turned on. Try resolving any incompatibilities with your drivers]
A link to see the incompatible drivers will be in the place where the Scan failed. When you click on that link to see the incompatible drivers, none are shown. The red area below is empty:
[Insert image previewed but does not show up -- but you can see an example of no driver names shown here: https://filestore.community.support.microsoft.com/api/images/24a1c4f5-7640-4d67-97de-e328a898bbd5?upload=true and by the way, that image came from the same complaint getting nowhere on a Microsoft forum with 408 people saying "I have the same question" - see https://answers.microsoft.com/en-us/windows/forum/all/windows-11-will-not-show-incompatible-drivers/b059f22e-95b7-410f-a922-59313ff75c6a
If this happens (no driver names shown), please just click on I HAVE THIS PROBLEM TOO and stop.
According to the search in this community, this problem strikes me as being hugely widespread. The search for "cannot turn on memory integrity" had over 700,000 results in the Dell Community with similar complaints. This is not a question of whether the BIOS is set correctly for virtualization, this is a question of why no drivers are shown in the incompatible drivers window red-circled above.
If driver names are shown in the red-circled area, you should STOP IMMEDIATELY and read carefully Scott Hansleman's excellent article with MASSIVE WARNING at https://www.hanselman.com/blog/how-to-turn-on-memory-integrity-and-core-isolation-in-windows-10
Again, my clients are simple they install Google Chrome, Microsoft365, Adobe Reader and a printer. They would normally not see a lot of drivers like Scott showed in his example. They would likely be able to turn Memory Integrity on if they just knew what was stopping them.
Please do not reply with suggestions -- I've studied them all and noted and documented every single suggestion known to mankind on this and other forums and none of them work. These include
[x] verifier /standard /all
[x] sfc /scannow, DSIM, driverquery /V, installeddriverslist (Nirsoft), Device Manager (yellow)
[x] Dell Support Assist driver updates
[x] BIOS firmware updates and reset BIOS to defaults (all virtualization related settings are on/enabled)
[x] Windows updates
[x] uninstall any antivirus and printer software
[x] run procmon during the failed Scan to try to isolate which driver(s) might be the culprit
[x] Get-WinEvent -ProviderName Microsoft-Windows-Kernel-Boot | Where-Object {$_.Id -eq 219} | Select-Object -ExpandProperty Message and it reported nothing
[x] manually look in the event logs
[x] ran the Intel download Assistant and updated drivers
[x] ran the sysinternals autoruns and look under the "Drivers" tab
[x] confirmed this was an issue on three of three separate Dell computers with nothing in common (Alienware, Inspiron, Windows 10, Windows 11)
[x] observed there are over 700,000 posts in this community when you search for “cannot turn on memory integrity”
[x] opened up a ticket with Dell and told support to try it themselves and eventually the ticket was archived and escalated to engineering and I would perhaps hear about it when a fix was found. I also observed a few posts here in the community clamoring for “when will this be fixed”. It has never been fixed.
[x] I noted the benefit of memory integrity as follows: Memory Integrity is part of System Integrity which includes things like Secure Boot, Device Guard, TPM, Core Isolation and Credential Guard. Memory Integrity (Hypervisor-Protected Code Integrity - HVCI) uses virtualization to ensure that only trusted code runs in the Windows kernel. It prevents unsigned or improperly signed drivers and system files from being loaded, reducing the risk of kernel-level malware. Core Isolation and Memory Integrity are discussed here:
https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity
and
https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement
Also, in EXHIBIT A below, I show what chatGPT4.o says about the benefits of enabling system integrity.
I can say this: it is unimaginable how many Dell computers (from https://www.statista.com/statistics/298943/pc-shipments-worldwide-dell/ it looks like at least 20M per year) have shipped with this problem and I have finally, after a huge amount of persistent, hard work, have proven to myself what I believe the issue is and how to fix it. It's not a simple process but it's manageable and doable and safe. The root cause is a combination of Microsoft and Dell. However, due to undisclosed reasons, I am not comfortable disclosing the solution here and am only comfortable providing it to Karen Q if she (and only she) personally gets in touch with me.
Thank you.
Harry Stein
<Private data removed from public view. DELL-Admin>
EXHIBIT A
Memory Integrity is a feature in Windows 10 and 11 that uses virtualization-based security (VBS) to protect core processes from being tampered with by isolating them in a secure, virtual environment. Here are some consequences of not turning on Memory Integrity:
[1] Increased Vulnerability to Malware and Exploits: Without Memory Integrity, your system is more susceptible to malware that can manipulate system processes, leading to potential data theft or system compromise. Memory Integrity helps to prevent malicious code from accessing and altering high-security processes.
[2] Reduced Protection Against Rootkits and Other Advanced Threats: Rootkits and other advanced persistent threats (APTs) often aim to gain control over the system by compromising the kernel. Memory Integrity helps to block such attacks by ensuring that only trusted code can run in the kernel mode, thus providing an additional layer of security .
[3] Potential Compliance Issues: For organizations, especially those in regulated industries, not enabling Memory Integrity might lead to compliance issues. Regulatory standards often require the implementation of advanced security measures to protect sensitive information.
[4] Missed Security Enhancements: Memory Integrity is part of Windows Defender Device Guard, which includes various other security features. By not enabling it, you miss out on comprehensive security enhancements designed to safeguard your system from a wide range of threats .
[5] Impact on System Performance: While enabling Memory Integrity might have a slight impact on system performance due to the additional security checks, the trade-off is often worthwhile considering the security benefits. However, without it, you might face more significant performance issues in the event of a security breach.
[6] Lower Overall System Security: Memory Integrity works alongside other security features like Secure Boot and Trusted Platform Module (TPM) to create a robust security posture. Not enabling it lowers the overall effectiveness of these integrated security measures.
the end
Chino de Oro
9 Legend
•
8.1K Posts
0
June 9th, 2024 22:44
I said 3 main statements in my post. Would you elaborate on which one and the reason why it's incorrect. I will be happy to remove my post.
OP post is very lengthy. This could not be it.
Is it an essential function that a computer can not run without it? Not every computers can use memory integrity and it does not replace other system protection or security software? Is this wrong.
Or the question be better asked at Dell instead of at Microsoft. Many are still unsolved here.
Did you offer solution to those who posted that same question in this community?
(edited)
RoHe
10 Elder
•
45.2K Posts
0
June 10th, 2024 20:45
Typically, when you can't turn Memory Integrity on, there's a link to Review Incompatible Drivers.
That screen will name the specific driver and the software that installed it. My PC shows this driver prevents using Memory Integrity. It's part of the Sonic (RealTec) audio suite that Dell installs on PCs to play/burn CDs and DVDs:
(edited)
Harry STein
1 Rookie
•
13 Posts
1
June 11th, 2024 18:26
@RoHe The problem is when it won't turn the feature on for millions of Dell computers and it does not list ANY drivers (yours listed one). All of those Dell computers are eligible and configured to be able to turn the feature on. How do I know this? I experienced it on three straight Dell computers that were eligible and had to apply my fix to be able to turn it on. It's not the registry fix some talk about. It's nuanced and non-trivial. All of those Dell computers report zero problematic drivers. That gives engineers the false impression their machine is not qualified for system integrity. <Attacking other users is not allowed. DELL-Admin>
Secondly, Microsoft and the legendary Scot Hanselman who works there all talk about how important System Integrity is. As a DFIR and malware hunter, I understand it's importance and am sad people can't turn it on when there is nothing shown in the list of drivers. Users are hugely dismissive of this feature as though it is not important at all. <Attacking other users is not allowed. DELL-Admin>
Finally, since I have a solution, I happen to know it's an issue that deserves the attention of both Microsoft and Dell. Over the last 20 years, I occasionally see hard-to-solve (but important) problems not being addressed by both companies with each side pointing to the other as the root cause. That's sad. It's 100% an issue for both companies but it *is* mostly a Dell issue.
(edited)
RoHe
10 Elder
•
45.2K Posts
0
June 11th, 2024 23:27
Did you try searching the C: drive for the driver shown in the image I posted, even if Windows on whatever PCs doesn't list it as being incompatible with memory integrity...?
Harry STein
1 Rookie
•
13 Posts
0
June 12th, 2024 09:34
@RoHe the three PCs I fixed did not have that driver. What was your resolution for this incompatible driver? Or perhaps you chose to leave things as is? Scott Hanselman gives excellent guidance for your case.
RoHe
10 Elder
•
45.2K Posts
0
June 12th, 2024 17:45
I've left things as is and didn't mess with any "fixes" or uninstall Sonic which I use all the time. Memory Integrity cannot be enabled on my PC.
Never have had any worries about or problems with malware, etc, and all I use is Windows Security (Windows Defender).
Harry STein
1 Rookie
•
13 Posts
1
June 13th, 2024 07:11
@RoHe yes you were informed what the incompatible driver was .. imagine seeing a blank screen instead. That's the case I am talking about. No driver is listed and memor integrity cannot be turned on.
li000
1 Rookie
•
1 Message
0
June 16th, 2024 02:05
Follow https://answers.microsoft.com/en-us/windows/forum/all/windows-11-will-not-show-incompatible-drivers/b059f22e-95b7-410f-a922-59313ff75c6a?page=1
Next2Last
1 Rookie
•
2 Posts
1
June 18th, 2024 03:58
I have 2 laptops an Inspiron 15 and an Inspiron 16 5620 the Inspiron 15 came with Win 10 and was upgraded to Win 11, the Inspiron 16 came with Win 11. The 15 had this error of having incompatible drivers however not showing any. But the 16, which is newer did not have this problem. To solve the problem on the 15 I did the registry hack of creating the key "HypervisorEnforcedCodeIntegrity" then created the DWORD "Enabled" and set the value to "1". It did show now that under Device Security / Core Isolation that the memory integration is on. However it now also states that "This can only be changed by the Administrator". Well <Profanity is never allowed on our Forum. DELL-Admin> it does look that Dell and MS have an issue cooperating with one another. Came to the conclusion that the older devices may not get a solution and we are stuck with what we have.
(edited)
Next2Last
1 Rookie
•
2 Posts
0
June 18th, 2024 04:50
@Harry STein
Thanks for your detailed research and it gave me something to go by for finding a solution to this problem of Dell devices with Microsoft Win 11.
(edited)
Harry STein
1 Rookie
•
13 Posts
0
July 3rd, 2024 03:54
@Next2Last Thank you – I can see we're like-minded. I recently tested this issue on a new Dell Windows 11 computer and believe you are margin: 0;">
Karen Q never contacted me, and it seems Dell doesn't prioritize this solution. I'll escalate my Dell ticket and point them to this thread, hoping they forward it to their management, preferably Karen Q
Next2Last, I hesitated to post the answer because the Microsoft tool involved in the fix is unofficially deprecated due to a known vulnerability. However, I've disassembled it into C code, and if run briefly on a healthy system, the vulnerability is likely a non-issue. The tool reveals Dell drivers used by Dell tools that are either (1) missing a digital certificate or (2) not properly removed when uninstalled. I've fixed this issue on three different computers with these drivers, which were unimportant and could be permanently uninstalled. My concern is that disclosing this fix might put a lot of people at risk due to the vulnerability, and I don't want to endanger users.
It's disappointing that Dell's uninstall process is faulty and that Microsoft doesn't address the widespread issue of Memory Integrity failing with a blank list of incompatible drivers. Since Ms. hasn't reached out, I'll update the Dell support ticket and email Scott H as part of my side project, highlighting the indifference of some corporate entities to practical solutions.
During my brief (recent) contract tenure at Microsoft, I noticed an emphasis on security over quality this is likely as a result of the June 2023 Azure breach (see CRN article https://www.crn.com/news/security/2024/microsoft-s-inadequate-security-behind-cloud-email-breach-us-review-board ), which affected U.S. government emails.
Recent issues, such as the SSD performance drop in Windows 11, the Windows 10 KB5034441 error (see the Neowin article https://www.neowin.net/news/microsoft-admits-it-cant-fix-windows-10-kb5034441-0x80070643---errorinstallfailure/ , and the KB5039302 taskbar corruption (see the PCWorld article https://www.pcworld.com/article/2382235/windows-update-kb5039302-corrupts-taskbar-these-windows-versions-are-affected.html ), which attest to this.
Despite these issues, I still support and love Microsoft and Dell and believe they are trying their best. It would be nice if they treated the community as a valuable resource.
Blessings,
Harry
(edited)
Wahabby
1 Rookie
•
1 Message
1
August 4th, 2024 01:02
Cannot Turn on Memory Integrity and no incompatible drivers listed.
BobJS11
1 Rookie
•
6 Posts
0
May 13th, 2025 22:02
I have this problem now as of May 2025 in Windows 11 Ver 24H2 on an Aurora R9. Memory Integrity will not stay on. No incompatible drivers listed.
I have found turning on Memory Integrity to be equivalent to using RegEdit to toggle HypervisorEnforcedCodeIntegry\Enabled from 0 to 1. Upon reboot this bit is back to 0 and Memory Integrity is off.
I have tried all trouble-shooting I can find. I don't know if this is related, but I find my Alien Command Center will not let me into Fusion area to change CPU clocking saying :
"The current operating system or other software application has blocked Monitoring or Overclocking functions on this device. In order to access Monitoring or Overclocking functions, please disable this feature to access Monitoring or Overclocking function.
- Core Isolation Memory Integrity
- Hyper-V
- Virtual Machine Platform"
Harry STein
1 Rookie
•
13 Posts
1
May 13th, 2025 22:32
Your other Alien issues aside, the correct first step for memory integrity is to download the hvc scan tool here
https://www.microsoft.com/en-us/download/details.aspx?id=105437
and understand the risks and report the results here. The registry mod you made is not correct and should be undone. The hvciscan_amd64.exe tool is a command prompt utility.
If you go to the https://www.facebook.com/steinsolutions site you will find my phone number and can text me to identify yourself and I'll be happy to advise you.
stdau
1 Rookie
•
2 Posts
0
May 28th, 2025 00:17
I have the same issue and no drivers are listed as incompatible.
After investigating, it appears the OpenCL.dll driver that Dell distributes as part of the UHD Graphics 730 package is unsigned and out of date. This may prevent memory integrity from being enabled. Does Dell plan to distribute a newer version of this driver?