Windows 11 Security warning that memory integrity is turned off.
If you are running a recent version of Windows 11, the Windows Security Center icon in the system tray might show a yellow warning triangle, and if you move your mouse over it, the notification that there are actions recommended is displayed. Opening Security Center, you might notice that memory integrity is off.
 |
What is memory security? How do we turn it on or off? Should we turn it on if we get a warning that it's off? Is our computer at risk if we let it turned off?
Memory integrity features include
- Protection of the modification of the Control Flow Guard (CFG) bitmap for kernel mode drivers.
- Protection of the kernel mode code integrity process that ensures that other trusted kernel processes have a valid certificate.
You get to the memory integrity configuration page by clicking the Go to settings button below the "Device security" icon in the summary window of Security Center. Here, you can use the on-off switch to enable resp. disable it. Or, you can do as I did, and click the Dismiss link. Doing so tells Security Center that we have taken notice of the disabled protection, but that we have decided not to enable it and that Security Center should no longer issue any warning concerning this setting.
 |
If Memory Integrity is a supplementary protection against malware, why did I choose not to enable it (if I chose to dismiss the warning, it's simply in order to get the green "everything ok" sign with the Security Center tray icon if all other security settings, such as firewall and antivirus, are fine)? The reason is that some applications and hardware device drivers may be incompatible with memory integrity. In the article Enable virtualization-based protection of code integrity on the Microsoft Learn website, they write: "This incompatibility can cause devices or software to malfunction and in rare cases may result in a boot failure (blue screen). Such issues may occur after memory integrity has been turned on or during the enablement process itself."
Malfunctioning devices or applications would be the minor problem; provided that we remember that if they occur they may be due to our Memory Integrity settings. But, risking to get a blue screen (even if this happens very rarely)? What if we don't succeed to boot Windows any longer and have no recent image? Too high a risk for me! Especially my Windows 11 being a VMware virtual machine that very rarely connects to the Internet, and thus the infection by malware is relatively small.
This said, do not misunderstand me! I do not recommend to let Memory Integrity turned off (it's you and you alone who must decide about enabling it or not). I just want to tell you: Only turn it on if you are sure about what you are doing, in other words, if you understand that this may eventually corrupt your Windows, and (if you are really unlucky) make it unusable!
If you find this text helpful, please, support me and this website by signing my guestbook.