When you attempt to turn on Memory Integrity in Windows Security, the Windows Security page scans the drivers to check their compatibility with the Core Isolation/Memory Integrity feature. If there are incompatible drivers found, the list of incompatible drivers is shown. You’ll be asked to address the issue before enabling Memory Integrity.
Device security Memory integrity can't be turned on Try resolving any incompatibilities with your drivers.
Clicking on the “Review incompatible drivers” shows you the list of incompatible drivers.
You need to click on each incompatible driver entry shown on the Windows (Defender) Security page to expand the section. It shows the Published name, Manufacturer name, driver information, and date. If the INF file name is not shown, the driver file name is displayed.
The following drivers were shown as being incompatible with the Memory integrity feature:
- ssudcdf.sys [Published Name: oem36.inf]
- ssudmgr.sys [Published Name: oem34.inf]
- ssudobex.sys [Published Name: oem42.inf]
- ssudserd.sys [Published Name: oem36.inf]
- igdkmd64.sys [Published Name: oem56.inf]
- igdkmd64.sys [Published Name: oem40.inf]
- igdkmd64.sys (without an INF file name**) – this item is not showing in the above screenshot.
According to Microsoft: If you want to restore the Memory integrity setting, you can try to resolve a driver incompatibility by seeing if an updated and compatible driver is available through Windows Update or from the driver manufacturer. Microsoft does not recommend that you delete drivers to attempt to restore this setting.
However, an updated device driver version may be unavailable for some devices from the hardware vendor or Windows Update. In that case, you can uninstall the driver if it’s insignificant to the system.
Can I delete the drivers?
Warning: Please exercise caution when deleting device drivers. Delete them only if you’re 100% sure that the device driver is optional for the computer, or you no longer use the corresponding hardware anymore, or you’re found an updated version of the driver from the hardware vendor’s site.
If you open the C:\Windows\INF\OEM##.inf indicated on the Windows Security page, you can find the function of that driver.
For instance, the OEM##.inf had the following information in the headers:
[OEM32.inf] ; Name : ssudobex.inf ; Function : Install SAMSUNG Escape USB Obex Serial Port driver [OEM36.inf] ; Name : ssudcdf.inf ; Function : Install SAMSUNG Escape USB CD Free driver [OEM40.inf] ; Installation INF for the Intel Corporation graphics adapter. [OEM44.inf] ; Name : ssuddmgr.inf ; Function : Install SAMSUNG Escape USB Device Management Serial Port driver [OEM56.inf] ; Name : ssudserd.inf ; Function : Install SAMSUNG Escape USB Diagnostic Serial Port driver
Four items out of the above six appeared to be unnecessary components. The other entry
igdkmd64.sys belongs to Intel Graphics, which is currently in use.
Deleting the drivers
After backing all the device drivers, I decided to bite the bullet and delete all six drivers.
(To know how to backup the device drivers using DISM or PowerShell, check out the article How to Backup and Restore Device Drivers in Windows 11/10.)
The command-line syntax to delete a driver from Admin Command Prompt is:
pnputil /delete-driver <Published Name> /uninstall
Here are the actual commands I used:
pnputil /delete-driver oem44.inf /uninstall pnputil /delete-driver oem32.inf /uninstall pnputil /delete-driver oem56.inf /uninstall pnputil /delete-driver oem36.inf /uninstall pnputil /delete-driver oem40.inf /uninstall
The first four commands were executed successfully, and their driver packages have been deleted. The 5th one (Intel graphics driver) returned the following error:
Failed to delete drivers package: One or more devices are presently installed using the specified INF.
I reran the pnputil command, but this time used the
pnputil /delete-driver oem40.inf /force
That did the trick!
You can also try the following command-line, which is more comprehensive than the earlier one:
pnputil /delete-driver oem40.inf /uninstall /force
After rebooting, the Core Isolation again showed the incompatibility list (the 6th item
igdkmd64.sys – without an OEM#.INF file name showed up again.)
I downloaded Autoruns from Microsoft, searched for the exact driver file name (
igdkmd64.sys), and deleted the driver/service from the “Drivers” tab.
After another reboot, I could turn on the Memory integrity feature under Core isolation on Windows (Defender) Security page.
Editor’s note: After the reboot, my Intel Graphics driver didn’t load, but the system was working perfectly fine even without it. Device Manager showed a yellow exclamation (Code 48 error) next to the Intel Graphics driver.
It stated the following:
The driver for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48) Click 'Check for solutions' to send data about this device to Microsoft and to see if there is a solution available.
I got the following pop-up at startup, which I dismissed.
A driver cannot load on this device Driver: Intel Graphics Kernel Mode Driver Intel Corporation A security setting is preventing this driver from loading. You'll need to adjust your settings to load this driver.
Neither Intel nor Dell has the updated drivers for this hardware. The latest version (18.104.22.16863, A08 – Released three years ago) available on Dell’s site is what I had installed and is incompatible with Microsoft Defender’s Core Isolation.
powercfg.exe /a(which reports the sleep states available on the system) from a Command Prompt window will show this:
The following sleep states are available on this system:
- Fast Startup
The following sleep states are not available on this system:
- Standby (S1) The system firmware does not support this standby state. An internal system component has disabled this standby state. Graphics
However, the hibernate option works fine for me.
An alternate way to delete the drivers
You can also delete driver packages using the “Driver Store Explorer” software as an alternative to Pnputil.exe. But it shows the “Original Name” instead of the “Published Name” for the drivers/INF files.
So, it would be easier if you ran the following DISM command-line first and noted the INF file name under the “Original File Name” column.
dism /online /get-drivers /format:table
The above command shows the driver information in the following format:
(Note: The list below is shown as an example. It’s not the complete list of drivers.)
Obtaining list of 3rd party drivers from the driver store... Driver packages listing: -------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | --------------- Published Name | Original File Name | Inbox | Class Name | Provider Name | Date | Version -------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | --------------- oem0.inf | ssudrmnetmp.inf | No | Net | SAMSUNG Electronics Co., Ltd. | 1/2/2014 | 22.214.171.124 oem1.inf | jswpslwfx.inf | No | NetService | Atheros | 5/15/2008 | 126.96.36.199 oem10.inf | hpoa1ss.inf | No | Image | Hewlett-Packard | 6/21/2006 | 6.2.8306.0 oem11.inf | iastorac.inf | No | SCSIAdapter | Intel Corporation | 11/17/2015 | 188.8.131.523 oem12.inf | ntprint.inf | No | Printer | Microsoft | 6/21/2006 | 10.0.19041.1806 oem13.inf | netwtw02.inf | No | net | Intel | 4/29/2019 | 184.108.40.206 oem14.inf | dbutildrv2.inf | No | DellUtils | Dell Technologies | 5/6/2021 | 220.127.116.11 oem15.inf | netwtw04.inf | No | net | Intel | 4/29/2019 | 18.104.22.168 oem16.inf | ss_conn_usb_driver.inf | No | USB | SAMSUNG Electronics Co., Ltd. | 1/2/2014 | 22.214.171.124 oem18.inf | intcdaud.inf | No | MEDIA | Intel(R) Corporation | 4/26/2018 | 126.96.36.19908 oem19.inf | ssudmarv.inf | No | USB | SAMSUNG Electronics Co., Ltd. | 1/2/2014 | 188.8.131.52 oem2.inf | oemvista.inf | No | Net | ExpressVPN | 4/30/2019 | 184.108.40.206
Once you note the “Original File Name”, switch to Driver Store Explorer and delete the corresponding items.
If the Western Digital external hard disk driver
wdcsam64_prewin8.sys is shown as incompatible, note down its OEM#.inf number as explained earlier, and delete it using the following command:
In the above case, run this command:
pnputil /delete-driver oem23.inf /uninstall /force
The above command deletes the driver from the driver store (location mentioned below) and the registry.
On some systems, the driver wdcsam64.sys shows up without an OEM#inf number.
Company: Western Digital Technologies Description: WD SCSI Architecture Model (SAM) driver Product: WD External Storage Machine Type: 64-bit Binary Version: 220.127.116.11
You should be able to find and delete the above item (
wdcsam64.sys) from the Drivers tab of Autoruns, like we deleted the Intel Graphics driver
That deletes the
WDC_SAM driver/service. Next, delete the corresponding driver file “
C:\Windows\System32\Drivers\wdcsam64.sys” manually. If the file is in use, please reboot and then delete the file.
Delete WD driver via Device Manager
Western Digital suggests that you delete the incompatible driver via Device Manager.
- Uninstall all WD software.
- Uninstall the older WD driver.
- Access Device Manager.
- From the the View menu, click “Show Hidden Devices”.
- Look for WD Drive Management devices.
- Select WD SES Device, right-click, and click “Uninstall device”.
- Check the box for “Delete the driver software for this device.”
- Click Uninstall.
- Reboot the computer.
- Enable memory integrity.
- Download and install the latest release of WD Software if available.
Here is a related WD support forum thread you may want to check out.
SC.exe command-line can also be used to delete the driver/service if you want to automate the task on other systems; if you don’t want to download Autoruns on every computer.
First, find the service’s short name using WMIC.exe console tool.
Example 1: igdkmd64.sys
Assuming you want to find the service name of the driver “
igdkmd64.sys“, run this command:
wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State
The output looks like this:
Name PathName State igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys Stopped
Optionally, if you want to get additional info about the driver, run the following:
wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State, Description, Caption or wmic sysdriver where "PathName like '%igdkmd64%'" get /format:list
Now that you know the service name (“
igfx“), run this command to delete the service:
sc.exe delete igfx
That’s it. The Intel Graphics service is now deleted.
Example 2: wdcsam64.sys
Likewise, for wdcsam64.sys, find its service’s short name (which is “
WDC_SAM“) using this command:
wmic sysdriver where "PathName like '%wdcsam64%'" get Name, PathName, State
sc.exe delete WDC_SAM
C:\windows\system32>sc.exe delete WDC_SAM [SC] DeleteService SUCCESS
The Western Digital driver is now deleted.
Example 3: xhunter1.sys
xhunter1.sys is a component of XIGNCODE3 anti-cheat program, which is installed with various game titles. If uninstalling the component or the respective game software doesn’t help you enable Core Isolation, then you may delete its driver (whose service name “
xhunter1“) using the following command:
sc.exe delete xhunter1
Then, manually delete
C:\Windows\System32\Drivers\xhunter1.sys after a reboot.
Example 4: PxHlpa64.sys
PxHlpa64.sys is a module supplied with DVD-burning programs such as Roxio/Sonic, which Corel Corporation now owns. Other programs, such as Adobe Premiere Elements, seem to use this module for DVD-burning capability.
To delete the service, run this command:
sc.exe delete PxHlpa64
And then run:
ren C:\WINDOWS\system32\drivers\PxHlpa64.sys PxHlpa64.sys.old
Also, check out this Corel KB article You cannot enable the Windows Memory Integrity feature because PxHlpa64.sys is not compatible.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!