Why do incompatible drivers prevent using memory integrity security windows 10

When you attempt to turn on Memory Integrity in Windows Security, the Windows Security page scans the drivers to check their compatibility with the Core Isolation/Memory Integrity feature. If there are incompatible drivers found, the list of incompatible drivers is shown. You’ll be asked to address the issue before enabling Memory Integrity.

Device security

Memory integrity can't be turned on
Try resolving any incompatibilities with your drivers.

Clicking on the “Review incompatible drivers” shows you the list of incompatible drivers.

You need to click on each incompatible driver entry shown on the Windows (Defender) Security page to expand the section. It shows the Published name, Manufacturer name, driver information, and date. If the INF file name is not shown, the driver file name is displayed.

The following drivers were shown as being incompatible with the Memory integrity feature:

• ssudcdf.sys [Published Name: oem36.inf]
• ssudmgr.sys [Published Name: oem34.inf]
• ssudobex.sys  [Published Name: oem42.inf]
• ssudserd.sys [Published Name: oem36.inf]
• igdkmd64.sys [Published Name: oem56.inf]
• igdkmd64.sys [Published Name: oem40.inf]
• igdkmd64.sys (without an INF file name**) – this item is not showing in the above screenshot.

**Note: If the Windows Security page doesn’t show any OEM#.INF names on your computer, you can use Microsoft Sysinternals Autoruns or the SC.exe console tool to find and delete the driver.

According to Microsoft: If you want to restore the Memory integrity setting, you can try to resolve a driver incompatibility by seeing if an updated and compatible driver is available through Windows Update or from the driver manufacturer. Microsoft does not recommend that you delete drivers to attempt to restore this setting.

However, an updated device driver version may be unavailable for some devices from the hardware vendor or Windows Update. In that case, you can uninstall the driver if it’s insignificant to the system.

Can I delete the drivers?

Warning: Please exercise caution when deleting device drivers. Delete them only if you’re 100% sure that the device driver is optional for the computer, or you no longer use the corresponding hardware anymore, or you’re found an updated version of the driver from the hardware vendor’s site.

If you open the C:WindowsINFOEM##.inf indicated on the Windows Security page, you can find the function of that driver.

For instance, the OEM##.inf had the following information in the headers:

[OEM32.inf]
; Name : ssudobex.inf
; Function : Install SAMSUNG Escape USB Obex Serial Port driver

[OEM36.inf]
; Name : ssudcdf.inf
; Function : Install SAMSUNG Escape USB CD Free driver

[OEM40.inf]
; Installation INF for the Intel Corporation graphics adapter.

[OEM44.inf]
; Name : ssuddmgr.inf
; Function : Install SAMSUNG Escape USB Device Management Serial Port driver

[OEM56.inf]
; Name : ssudserd.inf
; Function : Install SAMSUNG Escape USB Diagnostic Serial Port driver

Four items out of the above six appeared to be unnecessary components. The other entry igdkmd64.sys belongs to Intel Graphics, which is currently in use.

Deleting the drivers

After backing all the device drivers, I decided to bite the bullet and delete all six drivers.

(To know how to backup the device drivers using DISM or PowerShell, check out the article How to Backup and Restore Device Drivers in Windows 11/10.)

The command-line syntax to delete a driver from Admin Command Prompt is:

pnputil /delete-driver <Published Name> /uninstall

Here are the actual commands I used:

pnputil /delete-driver oem44.inf /uninstall

pnputil /delete-driver oem32.inf /uninstall

pnputil /delete-driver oem56.inf /uninstall

pnputil /delete-driver oem36.inf /uninstall

pnputil /delete-driver oem40.inf /uninstall

The first four commands were executed successfully, and their driver packages have been deleted. The 5th one (Intel graphics driver) returned the following error:

Failed to delete drivers package: One or more devices are presently installed using the specified INF.

I reran the pnputil command, but this time used the /force option.

pnputil /delete-driver oem40.inf /force

That did the trick!

You can also try the following command-line, which is more comprehensive than the earlier one:

pnputil /delete-driver oem40.inf /uninstall /force

After rebooting, the Core Isolation again showed the incompatibility list (the 6th item igdkmd64.sys – without an OEM#.INF file name showed up again.)

Deleted the driver using Autoruns

I downloaded Autoruns from Microsoft, searched for the exact driver file name (igdkmd64.sys), and deleted the driver/service from the “Drivers” tab.

After another reboot, I could turn on the Memory integrity feature under Core isolation on Windows (Defender) Security page.

The driver for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)

Click 'Check for solutions' to send data about this device to Microsoft and to see if there is a solution available.

A driver cannot load on this device

Driver: Intel Graphics Kernel Mode Driver
Intel Corporation

A security setting is preventing this driver from loading. You'll need to adjust your settings to load this driver.

The following sleep states are available on this system:

Additional Information

An alternate way to delete the drivers

You can also delete driver packages using the “Driver Store Explorer” software as an alternative to Pnputil.exe. But it shows the “Original Name” instead of the “Published Name” for the drivers/INF files.

So, it would be easier if you ran the following DISM command-line first and noted the INF file name under the “Original File Name” column.

dism /online /get-drivers /format:table

The above command shows the driver information in the following format:

(Note: The list below is shown as an example. It’s not the complete list of drivers.)

Obtaining list of 3rd party drivers from the driver store...

Driver packages listing:


-------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | ---------------
Published Name | Original File Name      | Inbox | Class Name            | Provider Name                  | Date       | Version
-------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | ---------------
oem0.inf       | ssudrmnetmp.inf         | No    | Net                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem1.inf       | jswpslwfx.inf           | No    | NetService            | Atheros                        | 5/15/2008  | 1.0.0.50
oem10.inf      | hpoa1ss.inf             | No    | Image                 | Hewlett-Packard                | 6/21/2006  | 6.2.8306.0
oem11.inf      | iastorac.inf            | No    | SCSIAdapter           | Intel Corporation              | 11/17/2015 | 14.8.1.1043
oem12.inf      | ntprint.inf             | No    | Printer               | Microsoft                      | 6/21/2006  | 10.0.19041.1806
oem13.inf      | netwtw02.inf            | No    | net                   | Intel                          | 4/29/2019  | 18.33.17.1
oem14.inf      | dbutildrv2.inf          | No    | DellUtils             | Dell Technologies              | 5/6/2021   | 2.7.0.0
oem15.inf      | netwtw04.inf            | No    | net                   | Intel                          | 4/29/2019  | 19.51.21.1
oem16.inf      | ss_conn_usb_driver.inf  | No    | USB                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem18.inf      | intcdaud.inf            | No    | MEDIA                 | Intel(R) Corporation           | 4/26/2018  | 6.16.0.3208
oem19.inf      | ssudmarv.inf            | No    | USB                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem2.inf       | oemvista.inf            | No    | Net                   | ExpressVPN                     | 4/30/2019  | 9.24.2.45

Once you note the “Original File Name”, switch to Driver Store Explorer and delete the corresponding items.

wdcsam64_prewin8.sys

If the Western Digital external hard disk driver wdcsam64_prewin8.sys is shown as incompatible, note down its OEM#.inf number as explained earlier, and delete it using the following command:

In the above case, run this command:

pnputil /delete-driver oem23.inf /uninstall /force

The above command deletes the driver from the driver store (location mentioned below) and the registry.

C:WindowsSystem32DriverStoreFileRepositorywdcsam.inf_amd64_7ce69fc8798d6116

wdcsam64.sys

On some systems, the driver wdcsam64.sys shows up without an OEM#inf number.

Company: Western Digital Technologies
Description: WD SCSI Architecture Model (SAM) driver
Product: WD External Storage
Machine Type: 64-bit
Binary Version: 1.0.7.2

You should be able to find and delete the above item (wdcsam64.sys) from the Drivers tab of Autoruns, like we deleted the Intel Graphics driver igdkmd64.sys.

That deletes the WDC_SAM driver/service. Next, delete the corresponding driver file “C:WindowsSystem32Driverswdcsam64.sys” manually. If the file is in use, please reboot and then delete the file.

You can use the SC.exe command as well

The SC.exe command-line can also be used to delete the driver/service if you want to automate the task on other systems; if you don’t want to download Autoruns on every computer.

First, find the service’s short name using WMIC.exe console tool.

Example 1: igdkmd64.sys

Assuming you want to find the service name of the driver “igdkmd64.sys“, run this command:

wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State

The output looks like this:

Name  PathName                                  State
igfx  C:WINDOWSsystem32DRIVERSigdkmd64.sys  Stopped

Optionally, if you want to get additional info about the driver, run the following:

wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State, Description, Caption
or
wmic sysdriver where "PathName like '%igdkmd64%'" get /format:list

Now that you know the service name (“igfx“), run this command to delete the service:

sc.exe delete igfx

That’s it. The Intel Graphics service is now deleted.

Example 2: wdcsam64.sys

Likewise, for wdcsam64.sys, find its service’s short name (which is “WDC_SAM“) using this command:

wmic sysdriver where "PathName like '%wdcsam64%'" get Name, PathName, State

Then run:

sc.exe delete WDC_SAM

Output:

C:windowssystem32>sc.exe delete WDC_SAM
[SC] DeleteService SUCCESS

The Western Digital driver is now deleted.

Example 3: xhunter1.sys

xhunter1.sys is a component of XIGNCODE3 anti-cheat program, which is installed with various game titles. If uninstalling the component or the respective game software doesn’t help you enable Core Isolation, then you may delete its driver (whose service name “xhunter1“) using the following command:

sc.exe delete xhunter1

Then, manually delete C:WindowsSystem32Driversxhunter1.sys after a reboot.

Example 4: PxHlpa64.sys

PxHlpa64.sys is a module supplied with DVD-burning programs such as Roxio/Sonic, which Corel Corporation now owns. Other programs, such as Adobe Premiere Elements, seem to use this module for DVD-burning capability.

To delete the service, run this command:

sc.exe delete PxHlpa64

And then run:

ren C:WINDOWSsystem32driversPxHlpa64.sys PxHlpa64.sys.old

Restart Windows.

Also, check out this Corel KB article You cannot enable the Windows Memory Integrity feature because PxHlpa64.sys is not compatible.

Click on Windows Security in the System Tray, or go to Start > Settings > Update & security > Windows Security > Open Windows Security. Click on Device security. Click on Core isolation details . Under Core Isolation, you can turn Memory Integrity on, or off.

Should I turn on memory integrity on Windows 10?

Memory integrity is one feature of core isolation which regularly verifies the integrity of the code running those core processes in an attempt to prevent any attacks from altering them. We recommend that you leave this setting on, if your system supports it.”Jul 6, 2021.

It is recommended to turn this feature on for better protection in your system. However, in case you turn it on, it might cause compatibility issue and some errors in some systems and if that happens turn it off. However, in case you turn it on and everything works fine, leave it on.

Can I turn off memory integrity in Windows 10?

This one setting could cause hardware problems for your PC “Memory integrity is a feature of Windows that ensures code running in the Windows kernel is securely designed and trustworthy. All you do need to understand is this feature is supposed to protect your computer but right now it can negatively affect your PC.

Why can I turn on memory integrity?

Memory integrity is a feature of core isolation. By turning on the Memory integrity setting, you can help prevent malicious code from accessing high-security processes in the event of an attack.

How do I turn off HVCI mode?

How to turn off HVCI Restart the device. To confirm HVCI has been successfully disabled, open System Information and check Virtualization-based security Services Running, which should now have no value displayed.

What is HVCI mode?

The HVCI service in Windows 10 determines whether code executing in kernel mode is securely designed and trustworthy. It offers Zero Day and vulnerability exploit protection capabilities by ensuring that all software running in kernel mode, including drivers, securely allocate memory and operate as they are intended.

Why do incompatible drivers prevent using memory integrity?

Turning on the Memory integrity setting would block these incompatible drivers from loading. Because blocking these drivers might cause unwanted or unexpected behaviors, the Memory integrity setting is turned off to allow these drivers to load.

Does memory integrity slow down PC?

Memory integrity is a security feature of Core isolation that prevents attacks from inserting malicious code into high-security processes. So the question iswill this slow down your system? The answer would be – yes; but, with caveats.

How do I disable memory integrity?

Click on Windows Security in the System Tray, or go to Start > Settings > Update & security > Windows Security > Open Windows Security. Click on Device security. Click on Core isolation details . Under Core Isolation, you can turn Memory Integrity on, or off.

What is Windows 10 hypervisor protected code integrity HVCI?

Hypervisor-protected Code Integrity (HVCI) is a virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity.

How do I turn on HVCI?

How to Enable (HVCI)? Launch the “Windows Security” app. Navigate to “Device Security” Click on “Core isolation details” Enable HVCI – Click to toggle “Memory integrity” to “On” There will be prompt from Device Security to Restart. Restart to apply these protection changes.

How do I enable my CPU security?

Go to Start > Settings > Update & Security > Windows Security > Device security . Under Security processor, select Security processor details.

Should secure boot be enabled or disabled Windows 10?

Secure Boot must be enabled before an operating system is installed. If an operating system was installed while Secure Boot was disabled, it will not support Secure Boot and a new installation is required. Secure Boot requires a recent version of UEFI.

How do I disable device guard in BIOS?

Go to Local Computer Policy > Computer Configuration > Administrative Templates > System. Double Click on Device Guard on the right hand side to open. Double Click on “Turn On Virtualization Security” to open a new window. It would be “Not Configured”, Select “Disable” and click “Ok”Sep 9, 2020.

What is Windows code integrity?

What is code integrity? Code integrity is a threat protection feature that checks the drivers and system files on your device for signs of corruption or malicious software. For code integrity to work on your device, another security feature called Secure Boot must be enabled.

How do I turn off device guard in Windows 10?

Press Windows Key + R to open Run. Type gpedit. In the Group Policy Editor, navigate to the following location: Select Device Guard. On the right pane, double-click the “Turn on Virtualization Based Security” policy. In the new dialogue box, select Disabled / Not Configured option. Click OK to save the changes.

How do I know if HVCI is enabled?

How do I verify that HVCI is enabled? HVCI is labeled Memory integrity in the Windows Security app and it can be accessed via Settings > Update & Security > Windows Security > Device security > Core isolation details > Memory integrity.

Does credential Guard require Hyper V?

Requirements for running Windows Defender Credential Guard in Hyper-V virtual machines. The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. TPM is not a requirement, but we recommend that you implement TPM.

Will there be a Windows 11?

Microsoft has officially announced Windows 11, the next major software update, which will be coming to all compatible PCs later this year. Microsoft has officially announced Windows 11, the next major software update that will be coming to all compatible PCs later this year.

How do you fix incompatible drivers?

Press Windows Key + R, type devmgmt. In Device Manager, expand Mice and other pointing devices. Right-click on your mouse and select Update driver. Select Browser my computer for driver software. Select the downloaded driver file and click Open. Restart the PC once the driver is successfully installed.

How do I get rid of incompatible drivers?

How to uninstall drivers from Windows, in 5 steps Try to delete a driver by using the device’s uninstaller. Open the Device Manager. Find the device or hardware component with the faulty drivers. Open the properties of the hardware device with the bad drivers. Uninstall and delete the drivers completely.

What is the Pnputil command?

Pnputil.exe is a command line utility that you can use to manage the driver store. You can use this command to add driver packages, remove driver packages, and list driver packages that are in the store.