Windows security often gets boiled down to antivirus suites and firewalls, but Microsoft has quietly built a far more formidable defense into the operating system. Core isolation—and memory integrity in particular—acts as a locked vault for your PC’s most sensitive processes, yet countless users have never even seen the toggle. The feature first appeared with the Windows 10 April 2018 Update and ships enabled by default on every clean Windows 11 installation. Despite that, it remains one of the most overlooked, misconfigured, and underappreciated tools for stopping modern cyberattacks.

What Is Core Isolation?

Core isolation is a blanket term for a collection of virtualization-based security (VBS) features that shield critical Windows components from the rest of the operating system. VBS uses hardware virtualization to create an isolated, secure region of memory where high-trust processes can run. Even if the main Windows environment is compromised by malware, the attacker cannot reach this secured enclave.

The isolation is enforced at the hypervisor level—the same technology that powers Hyper-V virtual machines. Windows runs its most sensitive operations, like credential management and kernel integrity checks, inside this virtual bubble. Other parts of the OS, including drivers and applications, sit outside and communicate only through tightly controlled channels.

Microsoft splits core isolation into several sub-features, but the one every user should know about is memory integrity.

Memory Integrity Explained

Memory integrity, also known as hypervisor-enforced code integrity (HVCI), is the star player of core isolation. Its job is simple in concept but enormous in impact: it prevents any code from running inside the Windows kernel unless that code is signed by a trusted authority and adheres to strict integrity rules.

Under the hood, memory integrity leverages the hypervisor to verify that all kernel-mode drivers and binaries are legitimate before they execute. When a driver attempts to load, HVCI checks its digital signature and confirms it has not been tampered with. If the check fails, the driver is blocked outright—no pop-ups, no second chances. This slams the door on an entire class of attacks that rely on injecting malicious, unsigned code into the kernel.

Sophisticated threats like rootkits, bootkits, and advanced ransomware often try to slip bad drivers into the kernel to disable security software, steal credentials, or establish persistence. Memory integrity neutralizes that approach by making the kernel a fortress that accepts only pre-approved guests.

How Memory Integrity Protects Your PC

Traditional antivirus scans for known bad files. Memory integrity flips that model: it denies everything except explicitly trusted code. This “allow list” approach dramatically shrinks the attack surface. Even a zero-day exploit that slips past all other defenses cannot install an unsigned kernel driver and gain complete control of the machine.

The protection extends to dynamically generated code as well. Advanced exploits often attempt to allocate memory, write shellcode into it, and then mark it executable inside the kernel. HVCI denies non-image memory mappings that are writable and executable, blocking those techniques outright.

In practical terms, memory integrity stops attacks like:

  • Driver hijacking: replacing a legitimate driver file with a malicious version.
  • BYOVD (bring your own vulnerable driver): loading an old, signed but vulnerable driver to exploit its flaws.
  • Kernel-mode code injection: techniques used by nation-state malware to bypass user-mode defenses.

These aren’t hypothetical scenarios. Real-world incidents like the 2021 SolarWinds supply chain attack involved kernel-level components; strong VBS enforcement could have blunted some of those tactics.

Checking Memory Integrity Status

Before you rush to turn it on, see if it’s already running. The check takes under a minute:

  1. Open Windows Security from the Start menu or system tray icon.
  2. Click Device security in the left pane.
  3. Under the “Core isolation” section, select Core isolation details.
  4. The Memory integrity toggle shows the current state.

If the toggle is on and you see a green checkmark, congratulations—your system is already shielded. If it’s off, you’ll see a warning that memory integrity is disabled and your device may be vulnerable.

Windows 11 clean installs turn this on automatically if the hardware supports it. Upgraded machines or those with older drivers often keep it deactivated to avoid compatibility problems during the upgrade process. On Windows 10, memory integrity is off by default across the board, requiring a manual flip.

Enabling Memory Integrity

Flipping the switch is trivial:

  • Go back to the Core isolation details screen.
  • Click the Memory integrity toggle to On.
  • Restart your PC when prompted.

After the reboot, Windows boots with the hypervisor enforcing code integrity from the very first moment. The change is invisible during normal use—you won’t see pop-ups, slowdowns, or any other immediate sign. Security just got a substantial upgrade behind the curtain.

If the toggle is grayed out or you get an error, the road gets a little bumpier.

Why Can’t I Turn On Memory Integrity?

The most common culprit is incompatible drivers. Because memory integrity must vet every kernel-mode driver, even one unsigned or malformed driver can block the whole feature. Windows attempts to detect this and will list the problematic drivers with a message like “Resolve any driver incompatibilities” alongside a link to review them.

To see the incompatible drivers:

  • From the memory integrity screen, click the Review incompatible drivers link.
  • A list appears showing the driver name and its published date.

These are often old drivers for printers, audio interfaces, VPNs, gaming peripherals, or low-level hardware monitoring tools. Some common offenders include legacy versions of Logitech gaming software, certain anti-cheat components, and outdated fingerprint scanner drivers.

Fixing the problem involves:

  1. Update the driver—visit the manufacturer’s website and install the latest version. Many vendors have released HVCI-compatible updates since 2018.
  2. Remove the driver if it’s no longer needed. Go to Device Manager, find the associated hardware, uninstall the device, and check the box to delete the driver files.
  3. Check Windows Update—Microsoft occasionally pushes updated drivers that resolve compatibility issues.
  4. Use the command line to locate and delete stubborn driver packages: pnputil /enum-drivers lists all driver packages, and pnputil /delete-driver oemXX.inf /uninstall removes a specific one (where oemXX.inf is the offending package).

After clearing the incompatible drivers, you may need to reboot once before Windows allows the memory integrity toggle to be enabled. Then flip it on and reboot again.

If no incompatible drivers appear but the toggle remains gray, verify that hardware virtualization is enabled in your UEFI/BIOS. Restart into the firmware settings and look for options like Intel VT-x, AMD-V, or SVM Mode. Also ensure that your system meets the minimum requirements: a 64-bit CPU with Second Level Address Translation (SLAT) support and at least 4 GB of RAM. Almost any modern Intel Core or AMD Ryzen processor qualifies, but some low-end or older chips may lack the necessary extensions.

Performance Impact: Is It Worth the Trade-off?

Any time you add a virtualized security layer, there’s a performance question. Early iterations of VBS and HVCI, especially on older hardware, caused measurable slowdowns in gaming, I/O-heavy workloads, and even everyday task switching. Benchmarks from 2018–2020 showed up to a 5% frame rate hit in some games when memory integrity was enabled.

Much has changed since then. Hardware improvements, driver optimizations, and Windows kernel tweaks have shrunk the overhead dramatically. On modern PCs with fast SSDs, abundant RAM, and processors from the last three to four years, the performance cost is often under 2% for most tasks—virtually imperceptible in daily use. Gamers with high-refresh-rate monitors might still notice a few frames lost, but casual players and productivity users likely won’t.

Microsoft has also moved optimizations into the latest Windows 11 releases. The 23H2 update, for example, improved hypervisor scheduling and memory management, further reducing the footprint of VBS. The 24H2 build expected later this year is rumored to include even more fine-tuned performance profiles for systems with memory integrity on.

That said, some older devices do struggle. If you’re running a sixth- or seventh-generation Intel chip with integrated graphics, the combined load of VBS and the graphics driver can cause stutters or reduced battery life. In those cases, weigh the security gain against the usability hit—or consider a hardware upgrade if the budget allows.

Windows 11 and Default Security

Microsoft drew a hard line with Windows 11: all newly manufactured PCs must ship with memory integrity enabled by default. When you buy a Windows 11 laptop or desktop from a major OEM, core isolation is already on, and your drivers have been validated against HVCI. That’s a massive shift from the Windows 10 era, where the feature was opt-in and largely ignored.

For machines that upgrade from Windows 10, the situation varies. The Windows 11 upgrade process itself doesn’t force memory integrity on if it was previously disabled, to avoid breaking the system with incompatible drivers post-upgrade. Users must take the proactive step of checking and enabling it themselves. That small gap leaves millions of upgraded PCs unprotected, despite running the latest OS.

Even with a supported CPU and TPM 2.0, memory integrity remains off on many Windows 11 devices that weren’t built for it from day one. The irony is that those are often the machines that need the protection most—older systems more likely to be running unpatched, vulnerable drivers.

The Road Ahead

Virtualization-based security is not a passing trend. Microsoft has tied core isolation to the overall Windows security architecture so tightly that future features—like credential guard, application guard, and secure boot enhancements—all depend on the same VBS foundation. Firmware attacks, ransomware that targets the kernel, and supply chain compromises are only growing in sophistication. Hardware-backed isolation is one of the few defenses that consistently holds up against these threats.

The trade-offs are shrinking. As driver ecosystems mature, incompatible packages become rare. Performance penalties approach zero on recent hardware. And the alternative—running without memory integrity—leaves a path open for some of the most destructive attacks in the wild.

Take fifteen minutes today. Open Windows Security, dig into the core isolation panel, and check your memory integrity status. If it’s on, breathe easier. If it’s off, review the incompatible drivers list and start cleaning house. The toggle doesn’t cost a cent, and the protection it brings is years ahead of signature-based antivirus alone.