Forum Discussion
- helzayatCopper ContributorBuild 22621.2215 here. Memory Integrity is turned off every time I restart the computer.
Turning it on requires a restart, so every restart is now two. I now dread doing anything that requires a restart and keep wondering what would really be wrong with running with Memory Integrity off (except for the annoying exclamation mark in the Defender icon).- Make sure virtualization features of your CPU are turned on in the UEFI.
- jimp335Copper Contributor
i have this problem. i had two files that were shown to be the problem. i removed them, one by renaming and the other by uninstalling a program. neither show up as causing the problem. i also have virtualization turned on in my gigabyte bios. when i restart the machine after re-enabling memory integrity it turns the integrity back off with no explanation. i tried fully turning off the machine and then turning back on but that did not help. are there other ideas that i can try?
TIA
jim
- Deleted
KB5029351 - this is a preview, so your computer is a private device, I really think that you do not have to fear anything, moreover, if you enable the memory integrity and do not restart - then definitely changing the settings will not start, so you only waste time!
- TechTroublerCopper ContributorI see you haven’t received any reply or response for this issue. I have recently noticed the same issue. It seem after activating and restarting windows core isolation is activated but upon any following system restart core isolation will be disabled. It does not occur if the system is shutdown and during start up. It only occurs if the system is restarted after core isolation has been enabled.
It very concerning bug. I have reason to suspect malware or system configuration with regards to permission or access control. Also could have been due to security software I was using Bit Defender maybe certain windows security parameters were changed.
I Hope someone actually has a valid fix to the issue.- StefaniaCastelliBrass Contributor
In my case, the machine seems fully compromised; and even if no performance degradation, no strange attitudes (except for the one in subject), no loss of documents or other occurrences happens, I have tons of duplicated Microsoft drivers loaded on boot, to keep the state of the things "as is".
I mean:
- Different BIOS
- A section "Firmware" (brand new) in Device Manager that's related to another machine to keep the fake BIOS "as is"
- Intel i7 Microcode (sixth generation - Skylake) alteredand I could go on and on and on. (I attached a couple of meaningful screenshots).
Anyway, I don't think to be fully in the hands of a "Spectre" variant.
Some of these things may be the consequence of my studies/experiments with Azure/Intune/Defender Endpoint Protection, that now "administer" some parts of my own identity and hardware security.
The Microcode, Firmware, UEFI and "Secure Boot" failures are great problems for all the brands that adopted UEFI boot instead of MBR BIOS.
I have a couple of 2008 "Core Duo" with 8 GB DDR2 RAM that are my safe docks (just in case we're in front of a foreign deliberated Warfare ACT).
A couple of links among the many:
NVD - CVE-2022-25368 (nist.gov)
New Variant of Spectre Attack Bypasses Intel and Arm Hardware Mitigations | SecurityWeek.Com
AMD Product Security | AMDMicrosoft offers a 100,000 $ bounty for further info and solutions on these matters
- Keith_KeplerMSMicrosoft
I was seeing this issue as well and here is how I resolved it. After 2 weeks, it's stayed enabled after reboots, hibernate, etc. I do not have any incompatible drivers that would conflict with HVCI / Memory Integrity and turn this off, so it's not a driver causing this.
For me, the solution was to disable and then re-enable hibernate so a new hiber.sys file would be created with the necessary memory encryption for when "Memory Integrity" is ON. I primarily use Hibernate to shutdown at night.
1. Open an Admin Command prompt and execute the below to delete the hiber.sys file and bcd boot entries
powercfg /hibernate off
2. Turn on Memory Integrity and reboot.
3. Open an Admin Command prompt and enable hibernate.
powercfg /hibernate on
- jimp335Copper Contributor
- Keith_KeplerMSMicrosoft
From what I understand, it has to do with the entire Dynamic Root of Trust Measurement (DRTM) boot process when hibernate is involved. (Force firmware code to be measured and attested by Secure Launch on Windows 10 | Microsoft Security Blog).
I thought, perhaps when my hiberfil.sys file was created, it (and the relevant BCD entries) were made without the necessary signatures to support Memory Integrity or it was made with a prior release of Windows where security feature X or Y did not exist yet. So, I took a logical leap of faith and removed it and recreated it "after" having Memory Integrity on. I was pleasantly surprised to find it resolved my issue.
FYI: My device is a corp Entra joined device with BitLocker/Secure Boot enabled.
- helzayatCopper Contributor
I tried this but unfortunately in my case it was not the solution. Problem persisted after new hiber.sys was created.
Related Content
- May 15, 2023