Turn On or Off Core Isolation Memory Integrity in Windows 10  

Page 14 of 20 FirstFirst ... 41213141516 ... LastLast

  1. Posts : 68,662
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #130

    purplenate26 said:
    Hi. The hard drive, and the motherboard were both replaced by Dell under warranty, thank goodness. The new hard drive came with a Dell customized version of Windows 10, and I went with that. I went ahead, and tried using the GUI method. Nothing happened for a full minute after ticking the slider, then all the sudden the XPS started asking for UAC password prompt to change the setting. I entered my password, and rebooted the XPS and presto, it worked.

    For all Dell XPS 15 9560, and variants, when you use the GUI method, I would recommend that you wait a full 5 minutes after ticking the slider before you leave the page or do anything else. It might be just my computer, but the fact that it takes so long, I think might be a XPS gotcha, and lead people to believe that the GUI method doesn't work. Can the sticky mention that you might need to wait a few minutes after ticking the slider before anything happens.

    Thank you for the tutorial.

    That's great news. Thank you for letting us know how it went.

    Usually, you would need to restart the computer to apply the setting change.
      My Computers


  2. Posts : 35
    Microsoft Windows 10 Pro 64 Bit
       #131

    Brink said:
    That's great news. Thank you for letting us know how it went.

    Usually, you would need to restart the computer to apply the setting change.
    I restarted for sure.

    Thanks again.
      My Computer


  3. Posts : 68,662
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #132

    It'll be interesting to see if others experience this same delay.
      My Computers


  4. Posts : 62
    Windows 10 Pro x64
       #133

    Anyone care to test if Core Isolation>Memory Integrity works for them in RS5/1809? it used to work for me on the PC that's listed in the specs in RS4, but no longer does. Apparently the PC is no longer compatible, even though it's a relatively modern Z370 platform with the latest BIOS and a fresh, clean RS5.

    I've ran the Device Guard readiness script, and this is the (shortened) output:

    Code:
    Completed scan. List of Compatible Modules can be found at C:\DGLogs\DeviceGuardCheckLog.txt
    No Incompatible Drivers found
     ====================== Step 2 Secure boot present ====================== 
    True
    Secure Boot is present
    Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "SecureBoot" /t REG_DWORD /d 2 /f 
    Output: The operation completed successfully.
    
    
     ====================== Step 3 MS UEFI HSTI tests ====================== 
    Copying HSTITest.dll
    
    Kernel32::LoadLibrary   64bit --> 0x00007FFF24240000
    HstiTest2::QueryHSTIdetails  64bit --> 0x00007FFF24241120
    HSTI Duple Count: 3
    HSTI Blob size: 8584
    String: 01,00,00,00,03,00,00,00,2C,00,00,00 (many, many numbers removed here due to length)
    HSTIStatus: False
    HSTI validation failed
     ====================== Step 4 OS Architecture ====================== 
    64-bit
    64 bit arch.....
     ====================== Step 5 Supported OS SKU ====================== 
    OSNAME:microsoft windows 10 pro|c:\windows|\device\harddisk0\partition4
    Role=0
    Standalone Workstation
    This PC edition is Supported for DeviceGuard
    Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "OSSKU" /t REG_DWORD /d 2 /f 
    Output: The operation completed successfully.
    
    
     ====================== Step 6 Virtualization Firmware ====================== 
    VMMonitorModeExtensions True
    VirtualizationFirmwareEnabled True
    HyperVisorPresent False
    Virtualization firmware check passed
    Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "Virtualization" /t REG_DWORD /d 2 /f 
    Output: The operation completed successfully.
    
    
     ====================== Step 7 TPM version ====================== 
    TPM is absent or not ready for use
    Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "TPM" /t REG_DWORD /d 0 /f 
    Output: The operation completed successfully.
    
    
     ====================== Step 8 Secure MOR ====================== 
    DG_obj 
    DG_obj.AvailableSecurityProperties.length .AvailableSecurityProperties.length
    isSecureMOR= 1 
    Secure MOR is available
    Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "SecureMOR" /t REG_DWORD /d 2 /f 
    Output: The operation completed successfully.
    
    
     ====================== Step 9 NX Protector ====================== 
    DG_obj 
    DG_obj.AvailableSecurityProperties.length .AvailableSecurityProperties.length
    isNXProtected= 1 
    NX Protector is available
    Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "UEFINX" /t REG_DWORD /d 2 /f 
    Output: The operation completed successfully.
    
    
     ====================== Step 10 SMM Mitigation ====================== 
    DG_obj 
    DG_obj.AvailableSecurityProperties.length .AvailableSecurityProperties.length
    isSMMMitigated= 0 
    SMM Mitigation is absent
    Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "SMMProtections" /t REG_DWORD /d 0 /f 
    Output: The operation completed successfully.
    
    
     ====================== End Check ====================== 
     ====================== Summary ====================== 
    Device Guard / Credential Guard can be enabled on this machine
    From my understanding, HSTI failing could be the reason. The 8700K has TPM 2.0 in its onboard PTT implementation, but I never bothered enabling it and was not necessary for Memory Integrity in RS4. SMM Mitigation also seems absent, which I really don't know anything about. Drivers all seem to be compatible.

    Just to be clear, I wouldn't call this a huge bug as I never really bothered much with this feature, but I am annoyed at having it work in RS4 only to stop doing so in RS5. I typically use Kaspersky but I have learned to trust Windows 10 more and more over these 2 years, KIS still has some UI/features advantage, but it costs money, and it caused some interference with Edge in the past that made me remove it.

    So anyone willing to try and enable this in RS5? Thanks.
      My Computer


  5. Posts : 101
    10Pro x64 [2004]
       #134

    t0yz said:
    Anyone care to test if Core Isolation>Memory Integrity works for them in RS5/1809?
    yes, it's working as expected here
      My Computer


  6. Posts : 62
    Windows 10 Pro x64
       #135

    Ita1 said:
    yes, it's working as expected here
    Really? You can just turn it on and it stays on? On the PC listed on your specs? Cause it looks like a custom built PC, like mine. Or is it on some secondary OEM prebuilt/laptop? Those come with some security stuff like TPM and encryption typically activated from the get go.

    I wonder what it could be for me.

    Anyone else willing to give this feature a try see if it runs on properly?
      My Computer


  7. Posts : 68,662
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #136

    t0yz said:
    Really? You can just turn it on and it stays on? On the PC listed on your specs? Cause it looks like a custom built PC, like mine. Or is it on some secondary OEM prebuilt/laptop? Those come with some security stuff like TPM and encryption typically activated from the get go.

    I wonder what it could be for me.

    Anyone else willing to give this feature a try see if it runs on properly?

    I had to use Option Two and restart for it to stay turned on for me in build 18282.
      My Computers


  8. Posts : 62
    Windows 10 Pro x64
       #137

    Brink said:
    I had to use Option Two and restart for it to stay turned on for me in build 18282.
    If you don't mind, what is Option 2? In RS5 there's just an On/Off toggle.
      My Computer


  9. Posts : 68,662
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #138

    t0yz said:
    If you don't mind, what is Option 2? In RS5 there's just an On/Off toggle.

    It would be for the .reg file download in step 2 of Option Two in the tutorial on the first page.
      My Computers


  10. Posts : 62
    Windows 10 Pro x64
       #139

    Brink said:
    It would be for the .reg file download in step 2 of Option Two in the tutorial on the first page.
    Cool, I'll give that a shot and report back. Thanks.
      My Computer


 

Tutorial Categories

Turn On or Off Core Isolation Memory Integrity in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:52.
Find Us




Windows 10 Forums