How to Disable Core Isolation in Windows 10 and Windows 11

Section 01

What Is Core Isolation in Windows 10 and Windows 11?

Core Isolation is a Windows Security feature that uses virtualization-based protection to isolate important Windows processes from the rest of the operating system. Its most visible option is Memory Integrity, also known as Hypervisor-Protected Code Integrity or HVCI.

When Memory Integrity is enabled, Windows checks kernel-mode code more strictly and helps prevent malicious or incompatible drivers from injecting unsafe code into high-privilege areas of the system. In simple terms, it adds an extra security boundary around sensitive parts of Windows.

💡

Important distinction Many users say “disable Core Isolation,” but in most cases they actually need to disable Memory Integrity. Core Isolation is the category; Memory Integrity is the switch most users see in Windows Security.

Why Users Disable Core Isolation

Although Core Isolation improves security, there are situations where you may need to turn it off temporarily. Common examples include older device drivers, anti-cheat systems, low-level hardware utilities, virtual machine software, debugging tools, and certain legacy applications that do not work correctly with HVCI enabled.

Some users also disable Memory Integrity while diagnosing performance issues, driver installation errors, or compatibility problems with specialized software. However, it should not be treated as a general “speed tweak.” If your system works normally with Memory Integrity enabled, leaving it on is usually the safer choice.

Section 02

Before You Disable Core Isolation: Security Risks and Safe Preparation

Disabling Memory Integrity reduces protection against kernel-level attacks and unsafe drivers. This does not instantly make your computer infected or unusable, but it removes one defensive layer that Windows can use against sophisticated malware and vulnerable drivers.

⚠️

Security warning Turn off Core Isolation only when you have a specific reason: driver compatibility, software troubleshooting, virtualization conflicts, or controlled testing. If you are disabling it only because a random guide says it improves performance, reconsider.

Recommended Steps Before Making Changes

Create a restore point: open Start, search for Create a restore point, select your system drive, and click Create.
Update Windows: install pending updates before assuming Core Isolation is the cause of a problem.
Update device drivers: especially chipset, graphics, storage, audio, network, and security software drivers.
Write down the reason: note which program, driver, or error message requires the change so you can re-enable protection later.
Restart after changes: Core Isolation settings usually require a reboot before the new state is applied.

Section 03

How to Disable Core Isolation Memory Integrity in Windows Security

The easiest and safest way to turn off Memory Integrity is through the Windows Security app. This method works in both Windows 10 and Windows 11, although the visual layout may differ slightly.

Steps for Windows 11

Open Start and type Windows Security.
Launch the Windows Security app.
Go to Device security.
Under Core isolation, click Core isolation details.
Turn Memory integrity to Off.
Confirm the User Account Control prompt if it appears.
Restart the computer.

Steps for Windows 10

Open Start and search for Windows Security.
Select Device security from the left menu.
Click Core isolation details.
Switch Memory integrity to Off.
Restart Windows to apply the change.

✅

Best first method Use Windows Security first. It is the most transparent method, shows driver compatibility warnings, and avoids unnecessary Registry or policy changes.

Fast Command to Open the Core Isolation Page

You can also open the Core Isolation page directly from the Run dialog.

windowsdefender://coreisolation

Press Win + R, paste the command, and press Enter. If Windows recognizes the URI, it opens the relevant page in Windows Security.

Section 04

How to Disable Core Isolation Using Registry Editor

If the Windows Security interface is unavailable, broken, or managed incorrectly, you can disable Memory Integrity through the Registry. This method changes the HVCI setting directly.

⛔

Registry caution Editing the Registry incorrectly can cause system problems. Create a restore point first and change only the values described below.

Manual Registry Method

Press Win + R, type regedit, and press Enter.
Confirm the User Account Control prompt.
Go to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity

Find the Enabled value.
Double-click Enabled and set its value to 0.
If the value does not exist, create a new DWORD (32-bit) Value named Enabled and set it to 0.
Close Registry Editor and restart the computer.

REG File to Turn Memory Integrity Off

You can create a small .reg file instead of editing the key manually. Open Notepad, paste the text below, save the file as disable-memory-integrity.reg, then run it as administrator.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000000

Restart Windows after importing the file. Without a restart, the Windows Security app may still show the previous status.

Section 05

How to Disable Virtualization-Based Security with Group Policy

On Windows Pro, Enterprise, and Education editions, Group Policy may control virtualization-based security. This is especially common on work computers, school devices, and PCs configured by an administrator.

Disable VBS Policy Locally

Press Win + R, type gpedit.msc, and press Enter.
Open Computer Configuration.
Go to Administrative Templates → System → Device Guard.
Open Turn On Virtualization Based Security.
Select Disabled.
Click Apply and OK.
Restart the computer.

🏢

Managed devices If the setting is controlled by your organization, a local change may not persist. Domain policy, Microsoft Intune, security baselines, or enterprise configuration profiles can re-enable it after restart or policy refresh.

Windows Home Note

Windows Home does not include the Local Group Policy Editor by default. Use the Windows Security method or the Registry method instead.

Section 06

How to Check Whether Core Isolation Is Actually Disabled

After restarting, verify the result. Do not rely only on the toggle immediately after changing it; some security features update their reported state only after reboot.

Check in Windows Security

Open Windows Security.
Go to Device security.
Click Core isolation details.
Confirm that Memory integrity is Off.

Check with System Information

Press Win + R, type msinfo32, and press Enter.
In System Summary, look for Virtualization-based security.
If it says Not enabled, VBS is off. If it says Running, some virtualization-based security component is still active.

Check with PowerShell

Open PowerShell as administrator and run:

Get-CimInstance -ClassName Win32_DeviceGuard

Review the output for configured and running security services. This is useful when Windows Security says Memory Integrity is off, but System Information still reports virtualization-based security as running.

Section 07

Core Isolation Troubleshooting: Missing Switch, Greyed Out Setting, or It Turns Back On

Core Isolation settings can be affected by drivers, administrator policy, Secure Boot configuration, virtualization settings, Windows edition, and security management tools. Use the scenarios below to identify the cause.

The Memory Integrity Switch Is Greyed Out

If the switch is unavailable or says it is managed by your administrator, check these items:

Your PC may be managed by a company, school, or organization.
Group Policy may enforce Virtualization-Based Security.
Microsoft Intune or another endpoint management tool may be applying a security baseline.
Registry values may lock the setting.
You may not be signed in with an administrator account.

Memory Integrity Turns Back On After Restart

If Memory Integrity is disabled but becomes enabled again after reboot, the most likely cause is a policy or security tool that reapplies the setting. Check Local Group Policy, domain policy, Windows security baselines, device management software, and third-party hardening tools.

Core Isolation Page Is Missing

If the Core Isolation page is not visible, try these fixes:

Install all Windows updates.
Update chipset and firmware drivers from the PC or motherboard manufacturer.
Make sure hardware virtualization is enabled in BIOS/UEFI.
Restart the Security Center service.
Run System File Checker:

sfc /scannow

Then run DISM if SFC reports problems it cannot repair:

DISM /Online /Cleanup-Image /RestoreHealth

An Incompatible Driver Is Listed

Incompatible drivers are more commonly a problem when turning Memory Integrity on, but they can also explain why a user wants to disable it. Do not delete random driver files from System32\drivers. Instead:

Identify the device or application that installed the driver.
Download a newer version from the manufacturer.
Uninstall unused hardware utilities that install old kernel drivers.
Remove old printer, scanner, VPN, RGB, overclocking, or anti-cheat software if it is no longer needed.
Restart and test again.

Section 08

How to Turn Core Isolation Back On Later

If you disabled Core Isolation only for troubleshooting, re-enable it after the incompatible software is removed or updated. Keeping Memory Integrity enabled is generally better for everyday security.

Enable Memory Integrity in Windows Security

Open Windows Security.
Go to Device security.
Open Core isolation details.
Turn Memory integrity to On.
Restart the computer.

REG File to Turn Memory Integrity Back On

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000001

If Windows reports incompatible drivers, update or remove those drivers before trying again. Forcing Memory Integrity on while incompatible drivers remain can lead to device failures or startup issues.

Section 09

Best Method to Disable Core Isolation: Quick Comparison

Method	Best For	Difficulty	Restart Required
Windows Security	Most home users and normal troubleshooting	Easy	Yes
Registry Editor	Broken UI, scripted repair, advanced users	Medium	Yes
Group Policy	Windows Pro/Enterprise and managed configurations	Medium	Yes
Enterprise management	Work or school PCs controlled by IT policy	Admin-only	Usually

FAQ

Frequently Asked Questions About Disabling Core Isolation

Q Is it safe to disable Core Isolation in Windows 11? ▼

It can be safe for temporary troubleshooting, but it lowers protection against kernel-level attacks and unsafe drivers. If you disable it to install or test specific software, re-enable it after the compatibility issue is resolved.

Q Does turning off Memory Integrity improve gaming performance? ▼

On some systems, disabling Memory Integrity may slightly reduce virtualization overhead, but the difference is often small and depends on hardware, drivers, and the game. Do not disable it only for performance unless you have tested before-and-after results on your own PC.

Q Why does Windows say Memory Integrity is off and my device may be vulnerable? ▼

That warning appears because a Windows security layer is disabled. It does not necessarily mean malware is present, but it means Windows cannot use Memory Integrity protection until the feature is turned back on.

Q Is Core Isolation the same as virtualization? ▼

No. Core Isolation uses virtualization-based security, but it is not the same as running a virtual machine. You can have CPU virtualization enabled in BIOS while Memory Integrity is either on or off inside Windows.

Q Can I disable only Memory Integrity and keep other security features enabled? ▼

Yes. In many cases, turning off the Memory Integrity switch disables HVCI while other Windows Security features remain active. However, System Information may still show virtualization-based security as running if other VBS components are enabled.

Q Do I need to disable Secure Boot to turn off Core Isolation? ▼

Usually no. Secure Boot and Core Isolation are related to platform security, but they are separate settings. Disabling Secure Boot is not normally required and is not recommended unless a specific technical scenario demands it.

🧩 Summary & Key Takeaways

Core Isolation is an important Windows security feature, and Memory Integrity is the main setting most users disable when dealing with driver or software compatibility issues. The recommended method is to open Windows Security, go to Device security, open Core isolation details, switch Memory integrity off, and restart.

If the Windows Security interface does not work, you can use Registry Editor or Group Policy, but those methods should be reserved for advanced troubleshooting. After you finish installing, testing, or repairing the software that required the change, turn Memory Integrity back on to restore the extra protection layer.