Fix: Cannot Enable Core Isolation Due to Incompatible Drivers

When you attempt to turn on Memory Integrity in Windows Security, the Windows Security page scans the drivers to check their compatibility with the Core Isolation/Memory Integrity feature. If there are incompatible drivers found, the list of incompatible drivers is shown. You’ll be asked to address the issue before enabling Memory Integrity.

Device security

Memory integrity can't be turned on
Try resolving any incompatibilities with your drivers.

memory integrity notification

Clicking on the “Review incompatible drivers” shows you the list of incompatible drivers.

defender core integrity - list of incompatible drivers

You need to click on each incompatible driver entry shown on the Windows (Defender) Security page to expand the section. It shows the Published name, Manufacturer name, driver information, and date. If the INF file name is not shown, the driver file name is displayed.

The following drivers were shown as being incompatible with the Memory integrity feature:

  • ssudcdf.sys [Published Name: oem36.inf]
  • ssudmgr.sys [Published Name: oem34.inf]
  • ssudobex.sys  [Published Name: oem42.inf]
  • ssudserd.sys [Published Name: oem36.inf]
  • igdkmd64.sys [Published Name: oem56.inf]
  • igdkmd64.sys [Published Name: oem40.inf]
  • igdkmd64.sys (without an INF file name**) – this item is not showing in the above screenshot.

**Note: If the Windows Security page doesn’t show any OEM#.INF names on your computer, you can use Microsoft Sysinternals Autoruns or the SC.exe console tool to find and delete the driver.

According to Microsoft: If you want to restore the Memory integrity setting, you can try to resolve a driver incompatibility by seeing if an updated and compatible driver is available through Windows Update or from the driver manufacturer. Microsoft does not recommend that you delete drivers to attempt to restore this setting.

However, an updated device driver version may be unavailable for some devices from the hardware vendor or Windows Update. In that case, you can uninstall the driver if it’s insignificant to the system.

Can I delete the drivers?

Warning: Please exercise caution when deleting device drivers. Delete them only if you’re 100% sure that the device driver is optional for the computer, or you no longer use the corresponding hardware anymore, or you’re found an updated version of the driver from the hardware vendor’s site.

If you open the C:\Windows\INF\OEM##.inf indicated on the Windows Security page, you can find the function of that driver.

For instance, the OEM##.inf had the following information in the headers:

[OEM32.inf]
; Name : ssudobex.inf
; Function : Install SAMSUNG Escape USB Obex Serial Port driver

[OEM36.inf]
; Name : ssudcdf.inf
; Function : Install SAMSUNG Escape USB CD Free driver

[OEM40.inf]
; Installation INF for the Intel Corporation graphics adapter.

[OEM44.inf]
; Name : ssuddmgr.inf
; Function : Install SAMSUNG Escape USB Device Management Serial Port driver

[OEM56.inf]
; Name : ssudserd.inf
; Function : Install SAMSUNG Escape USB Diagnostic Serial Port driver

Four items out of the above six appeared to be unnecessary components. The other entry igdkmd64.sys belongs to Intel Graphics, which is currently in use.

Deleting the drivers

After backing all the device drivers, I decided to bite the bullet and delete all six drivers.

(To know how to backup the device drivers using DISM or PowerShell, check out the article How to Backup and Restore Device Drivers in Windows 11/10.)

The command-line syntax to delete a driver from Admin Command Prompt is:

pnputil /delete-driver <Published Name> /uninstall

Here are the actual commands I used:

pnputil /delete-driver oem44.inf /uninstall

pnputil /delete-driver oem32.inf /uninstall

pnputil /delete-driver oem56.inf /uninstall

pnputil /delete-driver oem36.inf /uninstall

pnputil /delete-driver oem40.inf /uninstall

pnputil delete drivers

The first four commands were executed successfully, and their driver packages have been deleted. The 5th one (Intel graphics driver) returned the following error:

Failed to delete drivers package: One or more devices are presently installed using the specified INF.

I reran the pnputil command, but this time used the /force option.

pnputil /delete-driver oem40.inf /force

That did the trick!

pnputil delete driver force

You can also try the following command-line, which is more comprehensive than the earlier one:

pnputil /delete-driver oem40.inf /uninstall /force

After rebooting, the Core Isolation again showed the incompatibility list (the 6th item igdkmd64.syswithout an OEM#.INF file name showed up again.)

incompatible drivers list without the oem inf number

Deleted the driver using Autoruns

I downloaded Autoruns from Microsoft, searched for the exact driver file name (igdkmd64.sys), and deleted the driver/service from the “Drivers” tab.

autoruns delete intel graphics driver

After another reboot, I could turn on the Memory integrity feature under Core isolation on Windows (Defender) Security page.

defender core isolation memory integrity enabled

Editor’s note: After the reboot, my Intel Graphics driver didn’t load, but the system was working perfectly fine even without it. Device Manager showed a yellow exclamation (Code 48 error) next to the Intel Graphics driver.intel graphics yellow exclamation

It stated the following:

The driver for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)

Click 'Check for solutions' to send data about this device to Microsoft and to see if there is a solution available.

I got the following pop-up at startup, which I dismissed.

intel graphics can't load - memory integrity enabled

A driver cannot load on this device

Driver: Intel Graphics Kernel Mode Driver
Intel Corporation

A security setting is preventing this driver from loading. You'll need to adjust your settings to load this driver.

Neither Intel nor Dell has the updated drivers for this hardware. The latest version (20.19.15.5063, A08 – Released three years ago) available on Dell’s site is what I had installed and is incompatible with Microsoft Defender’s Core Isolation.

Anyway, the system (“OptiPlex 9020”) is working fine with Memory Integrity turned On, except that the “Sleep” feature is disabled due to the missing Graphics driver. The “Power” menu will no longer list “Sleep”.
Running powercfg.exe /a (which reports the sleep states available on the system) from a Command Prompt window will show this:
The following sleep states are available on this system:
    • Hibernate

 

    • Fast Startup

 

The following sleep states are not available on this system:

    • Standby (S1) The system firmware does not support this standby state. An internal system component has disabled this standby state. Graphics

 


However, the hibernate option works fine for me.

Additional Information

An alternate way to delete the drivers

You can also delete driver packages using the “Driver Store Explorer” software as an alternative to Pnputil.exe. But it shows the “Original Name” instead of the “Published Name” for the drivers/INF files.

So, it would be easier if you ran the following DISM command-line first and noted the INF file name under the “Original File Name” column.

dism /online /get-drivers /format:table

The above command shows the driver information in the following format:

(Note: The list below is shown as an example. It’s not the complete list of drivers.)

Obtaining list of 3rd party drivers from the driver store...

Driver packages listing:


-------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | ---------------
Published Name | Original File Name      | Inbox | Class Name            | Provider Name                  | Date       | Version
-------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | ---------------
oem0.inf       | ssudrmnetmp.inf         | No    | Net                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem1.inf       | jswpslwfx.inf           | No    | NetService            | Atheros                        | 5/15/2008  | 1.0.0.50
oem10.inf      | hpoa1ss.inf             | No    | Image                 | Hewlett-Packard                | 6/21/2006  | 6.2.8306.0
oem11.inf      | iastorac.inf            | No    | SCSIAdapter           | Intel Corporation              | 11/17/2015 | 14.8.1.1043
oem12.inf      | ntprint.inf             | No    | Printer               | Microsoft                      | 6/21/2006  | 10.0.19041.1806
oem13.inf      | netwtw02.inf            | No    | net                   | Intel                          | 4/29/2019  | 18.33.17.1
oem14.inf      | dbutildrv2.inf          | No    | DellUtils             | Dell Technologies              | 5/6/2021   | 2.7.0.0
oem15.inf      | netwtw04.inf            | No    | net                   | Intel                          | 4/29/2019  | 19.51.21.1
oem16.inf      | ss_conn_usb_driver.inf  | No    | USB                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem18.inf      | intcdaud.inf            | No    | MEDIA                 | Intel(R) Corporation           | 4/26/2018  | 6.16.0.3208
oem19.inf      | ssudmarv.inf            | No    | USB                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem2.inf       | oemvista.inf            | No    | Net                   | ExpressVPN                     | 4/30/2019  | 9.24.2.45

Once you note the “Original File Name”, switch to Driver Store Explorer and delete the corresponding items.

driver store explorer dashboard


wdcsam64_prewin8.sys

If the Western Digital external hard disk driver wdcsam64_prewin8.sys is shown as incompatible, note down its OEM#.inf number as explained earlier, and delete it using the following command:

pnputil delete drivers - western digital

In the above case, run this command:

pnputil /delete-driver oem23.inf /uninstall /force

The above command deletes the driver from the driver store (location mentioned below) and the registry.

C:\Windows\System32\DriverStore\FileRepository\wdcsam.inf_amd64_7ce69fc8798d6116

wdcsam64.sys

On some systems, the driver wdcsam64.sys shows up without an OEM#inf number.

western digital pnputil delete drivers - wdcsam64.sys



Company: Western Digital Technologies
Description: WD SCSI Architecture Model (SAM) driver
Product: WD External Storage
Machine Type: 64-bit
Binary Version: 1.0.7.2

You should be able to find and delete the above item (wdcsam64.sys) from the Drivers tab of Autoruns, like we deleted the Intel Graphics driver igdkmd64.sys.

wdcsam.sys wdcsam64.sys - Autoruns delete

That deletes the WDC_SAM driver/service. Next, delete the corresponding driver file “C:\Windows\System32\Drivers\wdcsam64.sys” manually. If the file is in use, please reboot and then delete the file.

Delete WD driver via Device Manager

Western Digital suggests that you delete the incompatible driver via Device Manager.

  1. Uninstall all WD software.
  2. Uninstall the older WD driver.
  3. Access Device Manager.
  4. From the the View menu, click “Show Hidden Devices”.
  5. Look for WD Drive Management devices.
  6. Select WD SES Device, right-click, and click “Uninstall device”.
     western digital uninstall drivers
  7. Check the box for “Delete the driver software for this device.”
     western digital uninstall drivers
  8. Click Uninstall.
  9. Reboot the computer.
  10. Enable memory integrity.
  11. Download and install the latest release of WD Software if available.

Here is a related WD support forum thread you may want to check out.


You can use the SC.exe command as well

The SC.exe command-line can also be used to delete the driver/service if you want to automate the task on other systems; if you don’t want to download Autoruns on every computer.

First, find the service’s short name using WMIC.exe console tool.

Example 1: igdkmd64.sys

Assuming you want to find the service name of the driver “igdkmd64.sys“, run this command:

wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State

The output looks like this:

Name  PathName                                  State
igfx  C:\WINDOWS\system32\DRIVERS\igdkmd64.sys  Stopped

wmic sysdriver get info

Optionally, if you want to get additional info about the driver, run the following:

wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State, Description, Caption
or
wmic sysdriver where "PathName like '%igdkmd64%'" get /format:list

Now that you know the service name (“igfx“), run this command to delete the service:

sc.exe delete igfx

That’s it. The Intel Graphics service is now deleted.

Example 2: wdcsam64.sys

Likewise, for wdcsam64.sys, find its service’s short name (which is “WDC_SAM“) using this command:

wmic sysdriver where "PathName like '%wdcsam64%'" get Name, PathName, State

Then run:

sc.exe delete WDC_SAM

Output:

C:\windows\system32>sc.exe delete WDC_SAM
[SC] DeleteService SUCCESS

The Western Digital driver is now deleted.

Example 3: xhunter1.sys

xhunter1.sys is a component of XIGNCODE3 anti-cheat program, which is installed with various game titles. If uninstalling the component or the respective game software doesn’t help you enable Core Isolation, then you may delete its driver (whose service name “xhunter1“) using the following command:

sc.exe delete xhunter1

Then, manually delete C:\Windows\System32\Drivers\xhunter1.sys after a reboot.

Example 4: wacomhidfilter.sys

Wacomhidfilter.sys is the Wacom tablet driver. To uninstall it, run:

sc.exe delete wacomhidfilter

To see if it has registered any filter drivers, run:

reg query hklm\system /f wacomhidfilter /s

Check the output. Open Regedit.exe and go to that location and delete the “wacomhidfilter” entry in LowerFilters or UpperFilters. Please create a Restore Point first before editing the registry.

Example 5: PxHlpa64.sys

PxHlpa64.sys is a module supplied with DVD-burning programs such as Roxio/Sonic, which Corel Corporation now owns. Other programs, such as Adobe Premiere Elements, seem to use this module for DVD-burning capability.

To delete the service, run this command:

sc.exe delete PxHlpa64

And then run these two commands to delete the “PxHlpa64” filter driver reference in the registry and rename the driver file:

reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}" /v "LowerFilters" /f

ren C:\WINDOWS\system32\drivers\PxHlpa64.sys PxHlpa64.sys.old

Note: You should see the output message “The operation completed successfully.” for the “reg.exe” command-line above.

Restart Windows.

Also, check out this Corel KB article You cannot enable the Windows Memory Integrity feature because PxHlpa64.sys is not compatible.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

6 thoughts on “Fix: Cannot Enable Core Isolation Due to Incompatible Drivers”

  1. When I click on “review incompatible drivers”, there are are no drivers listed in the area you show. The computer still says there are incompatible drivers though. Is there a solution to this?

    Reply
  2. I have the same issue as Eli above. “When I click on “review incompatible drivers”, there are are no drivers listed in the area you show. The computer still says there are incompatible drivers though. Is there a solution to this?”

    Reply

Leave a Comment