[SOLVED] Memory Integrity bounces back to "turned off" state after Windows restart - fast ring 19536

MVP

This is an old post and the issue is no longer relevant.

 

This has been happening since a couple of builds ago as well.

I turn on the Memory Integrity in Core isolation section of Windows Defender, then after a restart or two, I go check again and see it's turned off.

it usually happens when I uninstall a program that needs to be restarted. but it also happens when I uninstall a software that does Not need Windows restart to finish uninstall process.

 

https://aka.ms/AA6xajf

 

5 Replies
I see you haven’t received any reply or response for this issue. I have recently noticed the same issue. It seem after activating and restarting windows core isolation is activated but upon any following system restart core isolation will be disabled. It does not occur if the system is shutdown and during start up. It only occurs if the system is restarted after core isolation has been enabled.

It very concerning bug. I have reason to suspect malware or system configuration with regards to permission or access control. Also could have been due to security software I was using Bit Defender maybe certain windows security parameters were changed.

I Hope someone actually has a valid fix to the issue.

@TechTroubler 

 

In my case, the machine seems fully compromised; and even if no performance degradation, no strange attitudes (except for the one in subject), no loss of documents or other occurrences happens, I have tons of duplicated Microsoft drivers loaded on boot, to keep the state of the things "as is".
I mean:
- Different BIOS
- A section "Firmware" (brand new) in Device Manager that's related to another machine to keep the fake BIOS "as is"
- Intel i7 Microcode (sixth generation - Skylake) altered

 

and I could go on and on and on. (I attached a couple of meaningful screenshots).
Anyway, I don't think to be fully in the hands of a "Spectre" variant.
Some of these things may be the consequence of my studies/experiments with Azure/Intune/Defender Endpoint Protection, that now "administer" some parts of my own identity and hardware security.

The Microcode, Firmware, UEFI and "Secure Boot" failures are great problems for all the brands that adopted UEFI boot instead of MBR BIOS.
I have a couple of 2008 "Core Duo" with 8 GB DDR2 RAM that are my safe docks (just in case we're in front of a foreign deliberated Warfare ACT).

A couple of links among the many:
NVD - CVE-2022-25368 (nist.gov)
New Variant of Spectre Attack Bypasses Intel and Arm Hardware Mitigations | SecurityWeek.Com
AMD Product Security | AMD

Microsoft offers a 100,000 $ bounty for further info and solutions on these mattersIntel SA 00233 Patched - Rev.0xD6.png

 


 

Build 22621.2215 here. Memory Integrity is turned off every time I restart the computer.
Turning it on requires a restart, so every restart is now two. I now dread doing anything that requires a restart and keep wondering what would really be wrong with running with Memory Integrity off (except for the annoying exclamation mark in the Defender icon).
Make sure virtualization features of your CPU are turned on in the UEFI.

@helzayat  

KB5029351 - this is a preview, so your computer is a private device, I really think that you do not have to fear anything, moreover, if you enable the memory integrity and do not restart - then definitely changing the settings will not start, so you only waste time!