Ways To Set Up Memory Integrity On Windows 11

  • --
  • 3
Ways To Set Up Memory Integrity On Windows 11 Unsplash

Discover the Ways to Set Up Memory Integrity on Windows 11.

In this guide, we will examine various techniques for activating memory integrity on Windows 11. Enabling memory integrity through core isolation on Windows 11 helps to block malicious code from reaching sensitive processes during an attack. Core isolation is a crucial element that protects your device from malicious attacks. Core isolation enhances security by isolating computer processes from the operating system and device, providing extra protection against malware and other attacks.

What Does Memory Integrity Refer To?

Memory integrity in Windows is a security feature based on virtualization known as VBS. Memory integrity is an essential element that safeguards and strengthens Windows by executing kernel mode code integrity in the isolated virtual environment of VBS.

Beginning with Windows 11 22H2, users can expect to receive a notification in Windows Security when memory integrity is disabled. The caution sign is also visible on the Windows Security icon located on the Windows Taskbar and in the Windows Notification Center. The warning can be ignored by the user using Windows Security.

Characteristics of Memory Integrity

Listed below are the essential characteristics that memory integrity from core isolation offers.

Stops intrusions that can insert harmful code into important security operations.

Limits kernel memory allocations that could potentially exploit the system.

Defends against alterations to the bitmap for Control Flow Guard (CFG) in kernel mode drivers.

Ensures the process integrity of kernel mode code, protecting trusted kernel processes with a valid certificate.

Methods for Enabling Memory Integrity on Windows 11

Memory integrity is enabled automatically in Windows 11 and can also be activated through various methods.

Method 1: Activate Memory Integrity in Windows Security

Memory integrity can be located within Windows Security by navigating to Device Security and then Core Isolation. Let's take a look at the process of enabling the memory integrity feature of core isolation manually on Windows 11 through Windows security. Click on the Start button and enter "Core isolation" in the search bar. Choose the Core Isolation system preferences from the search results in order to access the Windows security application.

Enable memory integrity on the core isolation page. After finishing these instructions, it is important to reboot your computer so that the settings can take effect and safeguard your system against potential threats such as malicious code infiltrating sensitive operations. Note that enabling or disabling core isolation memory integrity necessitates a reboot on every occasion.

Method 2: Activate Memory Integrity With Intune Policy

You have the option to activate the memory integrity feature of core isolation on Windows 11 devices through the Intune admin center. Activating this function in Intune necessitates utilizing the Code Integrity node within the VirtualizationBasedTechnology CSP.

You can also set up these configurations with the help of the settings directory regulation. Follow these steps to set up a new policy in the Microsoft Intune admin center that will allow memory integrity on Windows devices:

Begin by logging into the Microsoft Intune Admin Center. Choose Devices > Windows > Configuration Profiles > Add Policy.

Adjust the specified settings on the profile creation window and then click on the Create option.

Operating system required: Windows 10 and newer versions

Type of profile: Catalog of settings

Establish a rule for activating memory integrity on Windows devices.

In the Basics section, input the following information:

Title: Provide a specific name for the profile that you can recognize easily in the future. An example of a suitable profile name is to Enable Memory Integrity on Windows devices.

Description: Provide a concise summary of the profile. This feature is not required, but it is advised. An illustration of this is inputting the description Prevents unauthorized access to your device, safeguarding your data and privacy” for the profile.

Press the Next button.

Develop a plan to activate memory integrity on Windows devices.

Go to the Settings Catalog in the Configuration Settings section and select Add Settings.

In the Settings picker window, enter "Hypervisor Enforced Code Integrity" in the search box and then click on Search. Select the Virtualization-Based Technology category from the search results and choose the Hypervisor Enforced Code Integrity setting. Shut down the Settings Picker panel.

The hypervisor's implementation of code integrity provides three selections to pick from.

Choose (Enabled with UEFI lock) from the given choices to activate Hypervisor-Protected Code Integrity with UEFI lock. Memory integrity will be activated in the core isolation.

Proceed to the following step by selecting the Next option

In Intune, Scope tags control the visibility of objects for administrators. Within the Scope tags category, you define scope tags. It is not required to specify scope tags, so you can choose to skip this step if you prefer. Proceed to the following step.

In the Assignments window, designate the groups that you wish to implement this policy. Our suggestion is to initially implement the profile with a small number of test groups before extending it to additional groups following successful testing. Choose the following option.

Review all defined settings for enabling memory integrity through Intune on the Review + Create page, then proceed by selecting Create.

Once you complete the steps mentioned above, a message will pop up saying: "Policy has been successfully created." This verifies the establishment and implementation of the policy on the selected groups. The recently created profile in Intune to enable memory integrity will be displayed in the configuration profiles list.

You need to be patient for the policy to take effect on the specified groups, and as soon as the devices connect to the Intune service, they will be given your profile configurations. You have the option to manually synchronize Intune policies using various methods, such as PowerShell on your Windows devices. To oversee the implementation, choose the policy and examine the check-in status of the device and user.

Method 3: Activating Memory Integrity Through the Use of the Local Group Policy Editor

You can turn on memory integrity on Windows 11 by using the local group policy editor. To make these changes on your Windows 11 PC, you must have administrator privileges. The Local Group Policy Editor can be accessed exclusively on Windows Pro and Enterprise versions. Users of Windows 10 Home Edition cannot use the GP Editor on their computers.

Executing the command gpedit.msc will launch the Local Group Policy Editor.

Go to Computer Configuration and then select Administrative Templates navigate to System and then Device Guard.

Twice click on the policy setting for activating Virtualization Based Security.

Choose Enabled and choose Enabled with UEFI lock under Virtualization Based Protection of Code Integrity.

Press the Apply and OK buttons to keep the modifications. After rebooting your computer, make sure to turn on memory integrity in Windows Security.

Related Posts
Commnets --
Leave A Comment