Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Memory integrity is a virtualization-based security (VBS) feature that protects Windows from kernel-level malware attacks. Available in Windows 10, Windows 11, and Windows Server 2016 and later, memory integrity uses hardware virtualization to isolate code integrity validation in a secure environment, preventing attackers from compromising the kernel.
VBS uses the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS. Memory integrity runs kernel mode code integrity checks within this secure environment and restricts kernel memory allocations that could be used to compromise the system. This ensures that kernel memory pages are only made executable after passing code integrity validation, and executable pages themselves are never writable.
This article explains how memory integrity works, how to enable it, and how to verify driver compatibility with your system.
Note
Memory integrity is sometimes referred to as hypervisor-protected code integrity (HVCI) or hypervisor enforced code integrity. It was originally released as part of Device Guard. Device Guard is no longer used except to locate memory integrity and VBS settings in Group Policy or the Windows registry.
Related content
Hypervisor Code Integrity Readiness Test