Windows Security: What is Memory Integrity, and why is it off by default?

Windows Security is the built-in antivirus suite within Microsoft’s operating system, and for most folks, it does a good job.

But out of the box (so to speak), a couple of protections are turned off by default—and one of them is Memory Integrity. This setting defends your memory from malicious apps that try to exploit Windows drivers to take over your computer.

When you flip on this setting, it enables Virtualization Based Security, which both isolates the feature that verifies code from the operating system and adds a second layer of verification to the process.

The advantage of leaving Memory Integrity deactivated is a smoother experience with apps—some may not run properly when the setting is on, as the extra layer of protection can cause interference with code execution. Meanwhile, if you flip on Memory Integrity, you don’t have to worry about malicious programs somehow thwarting or bypassing the normal integrity check.

PCWorld

PCWorld

PCWorld

For disadvantages, when Memory Integrity is turned on, older systems may see a dip in performance.

You can try for yourself to see how your system behaves with Memory Integrity—enabling and disabling it is simple and fast. To turn it on, type Windows Security into Windows search or your Start menu. If it’s off, you’ll likely see a notification in your dashboard settings under Device security. Click on the button, then on Core Isolation. Under Memory Integrity, flip the toggle to turn it on. To turn off this feature later, simply come back to these settings and click the toggle again.

This setting isn’t the only one that Microsoft leaves off by default, in an effort to balance security against a seamless Windows experience. You can also switch on ransomware protections that safeguard folders you specify, so that shady apps can’t take control of that data and lock you out, as well as higher screening procedures for apps.

Author: Alaina Yee, Senior Editor, PCWorld