Like additional ransomware protection, this setting won’t boost your defenses unless it’s manually turned on.
Windows Security is the built-in antivirus suite within Microsoft’s operating system, and for most folks, it does a good job.
But out of the box (so to speak), a couple of protections are turned off by default—and one of them is Memory Integrity. This setting defends your memory from malicious apps that try to exploit Windows drivers to take over your computer.
When you flip on this setting, it enables Virtualization Based Security, which both isolates the feature that verifies code from the operating system and adds a second layer of verification to the process.
The advantage of leaving Memory Integrity deactivated is a smoother experience with apps—some may not run properly when the setting is on, as the extra layer of protection can cause interference with code execution. Meanwhile, if you flip on Memory Integrity, you don’t have to worry about malicious programs somehow thwarting or bypassing the normal integrity check.
For disadvantages, when Memory Integrity is turned on, older systems may see a dip in performance.
You can try for yourself to see how your system behaves with Memory Integrity—enabling and disabling it is simple and fast. To turn it on, type Windows Security into Windows search or your Start menu. If it’s off, you’ll likely see a notification in your dashboard settings under Device security. Click on the button, then on Core Isolation. Under Memory Integrity, flip the toggle to turn it on. To turn off this feature later, simply come back to these settings and click the toggle again.
