XPS 8950, memory Integrity off, no incompatible drivers found

Just wanted to post an update for any that might be interested. I uninstalled SupportAssist, but that didn't have any noticeable impact on the Memory Integrity issue.

Thanks. I didn't really think SupportAssist was the issue, but I've been wanting to remove it for quite a while, so this was a win-win. I've also been following the myriad MS Defender bugs on ElevenForum and other sites.

I've not yet applied the Registry tweak, hoping for MSFT to get their act together, but am wondering, since MS Defender thinks there's an issue (maybe a false positive, maybe just failing to identify the offending driver) might the Registry tweak itself result in a false negative - i.e., show Memory Integrity (MI) as now being on (checking a box), when it's still really disabled. How do we know if MI is truly on or not?

I would never had expect SA or any of its components or drivers to be the problem. Otherwise everyone here would be reporting it, and to me, that would be a serious Dell problem to have released that.

That said, I am almost SURE that this is an MS Defender problem. Only hesitancy I have it that, at least for me, the Registry 'hack' works. I'm not sure where in Defender the problem exists, in the ability to set it or the problem of not seeing the driver that is the issue that Defender doesn't show? Two different possible problems it seems.

That said, the Mar. 2023 Windows Update really has caused some Defender and LSA problems for people.

See these links:

https://borncity.com/win/2023/03/22/windows-11-22h2-microsoft-confirms-defender-bug-protection-by-local-security-authority-is-disabled-in-device-security/ 

https://winbuzzer.com/2023/03/23/microsoft-defender-bug-could-be-causing-windows-11-to-miss-tpm-support-on-devices-xcxwbn/ 

https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-glitchedbroken/b1daf3ca-33d9-45e1-b10a-28b70ba76e8d 

https://genuinetechnews.com/windows-11-march-2023-update-issues/ 

None mention the Core Isolation, but do list the other Defender issues and others as well. At least from what I can see I'm not seeing the SSD issue 

I am not sure when the Core Isolation issue started either, just got the warning recently, but that could also be a 'fix' in Defender that produced that, it was like that for some time? However, the problem was too, and some time ago, months for sure, I did have the same problem and used the Registry hack to overcome the problem. Like I said, I did have the new entry, but it was 0, all I needed to do was change it to 1. So, probably the Update put in a new Defender and reset the data for it? Like I said, more than likely the problem is in Defender... but not many complaints about it on-line either?

@And Ye Shall Find 

You posed an interesting question? Is Core Isolation actually active?

So, I Googled to no real avail? I can find out what it is though:

Basically a form of Process Isolation from each other, https://www.intel.com/content/www/us/en/support/articles/000059005/processors.html 

So I started looking for how to test it is working? Surely someone would have one?

I might have found the answer 'why' we might be seeing the issue though? Are you using McAfee or Kasperky (and possible other A/V programs)? Check these links out:

https://community.spiceworks.com/topic/2478093-mcafee-is-incompatable-with-windows-10-11-core-isolation 

https://forum.kaspersky.com/topic/issue-with-kaspersky-and-windows-11-core-isolation-memory-integrity-from-defender-33221/ 

So it is 'possible' MS will not tell you about those drivers for fear you'd remove a line of protection?

Also, it seems for games, with Core Isolation enabled Frame Rate is decreased... and I wonder if some games have drivers that can/will disable it and MS will not report those either?

I guess more questions than answers, but I can't figure out how to test if it works other than trying an attack and see if it fails. Not sure how to create one? Not sure even if there was one, if you would know it was stopped other then trying to change memory I guess?

If you have such a way, let me know? I'm thinking with a program that could write to memory anywhere, but it might not even be able to do that normally as it didn't own the right to do that? Has to be done using an API that had the right I suspect?

The thought about A/V struck a cord. I've only used MS Defender, but Dell of course included McAfee as part of it's OEM bloatware. Uninstalling it (in Settings, since Revo had not yet been installed) was the very first thing I did after booting the machine, but of course that leaves tons of junk behind. I just did a search for McAfee in the Registry, and found a number remnants, and I deleted whichever possible.

After rebooting, the Memory Integrity issue remains. 

I have only a couple of basis games installed (nothing at all GPU intensive) so I don't think that's an issue.

Only RELIABLE way to get rid of McAfee is to use the MCPR (https://www.majorgeeks.com/files/details/mcafee_consumer_product_removal_tool.html ).

From what I gather it is drivers Windows finds on your PC, not necessarily those running or even can be used? Reason being I assume is IF you ran a program that loads a driver so it can use it?

That said, even Norton has a similar too, I don't know how reliable or 'safe' they are?

At one time on my older XPS's that came with McAfee on it I tried that. Seemed to work fine, and my intention was to use the copy of Norton my wife had and it allowed 3 licenses for other units.

Well, I used the tool, and did a reboot. TONS of errors... things didn't work well or at all... luckily I did a full C: back-up before running that tool and did a Restore. Rebooted OK. So all I did was STOP McAfee from running... turned off all McAfee Services, Start-ups, and tasks....

I remembered that, and when McAfee was up last year I didn't want to mess with it, only $39 and I renewed it. This year, I think I'll try the MCPR and if it doesn't present a problem, I'll put on Norton... no sense paying to 2 different programs. Easier to work with one as all have different ways an quirks in them.

Historically MCPR has not worked for me. (Of course they all do it, but) I resent Dell for forcing unwanted and unnecessary software on my device that doesn't uninstall cleanly - just to squeeze a few extra $$$ of profit, as if they weren't making enough on the sale. IMO MS Defender - a.k.a. Windows Security - is adequate, and I don't want the overhead of a 3rd party A/V running on my device.

As far as I can tell, there are no McAfee Services, Processes etc running on the device, so in any event, this brings us back to square-1 re Memory Integrity. If I find anything I'll be sure to let you know.