Site icon Winhelponline

Fix: Cannot Enable Core Isolation Due to Incompatible Drivers

When you attempt to turn on Memory Integrity in Windows Security, the Windows Security page scans the drivers to check their compatibility with the Core Isolation/Memory Integrity feature. If there are incompatible drivers found, the list of incompatible drivers is shown. You’ll be asked to address the issue before enabling Memory Integrity.

Device security

Memory integrity can't be turned on
Try resolving any incompatibilities with your drivers.

Clicking on the “Review incompatible drivers” shows you the list of incompatible drivers.

You need to click on each incompatible driver entry shown on the Windows (Defender) Security page to expand the section. It shows the Published name, Manufacturer name, driver information, and date. If the INF file name is not shown, the driver file name is displayed.

The following drivers were shown as being incompatible with the Memory integrity feature:

**Note: If the Windows Security page doesn’t show any OEM#.INF names on your computer, you can use Microsoft Sysinternals Autoruns or the SC.exe console tool to find and delete the driver.

According to Microsoft: If you want to restore the Memory integrity setting, you can try to resolve a driver incompatibility by seeing if an updated and compatible driver is available through Windows Update or from the driver manufacturer. Microsoft does not recommend that you delete drivers to attempt to restore this setting.

However, an updated device driver version may be unavailable for some devices from the hardware vendor or Windows Update. In that case, you can uninstall the driver if it’s insignificant to the system.

Can I delete the drivers?

Warning: Please exercise caution when deleting device drivers. Delete them only if you’re 100% sure that the device driver is optional for the computer, or you no longer use the corresponding hardware anymore, or you’re found an updated version of the driver from the hardware vendor’s site.

If you open the C:\Windows\INF\OEM##.inf indicated on the Windows Security page, you can find the function of that driver.

For instance, the OEM##.inf had the following information in the headers:

[OEM32.inf]
; Name : ssudobex.inf
; Function : Install SAMSUNG Escape USB Obex Serial Port driver

[OEM36.inf]
; Name : ssudcdf.inf
; Function : Install SAMSUNG Escape USB CD Free driver

[OEM40.inf]
; Installation INF for the Intel Corporation graphics adapter.

[OEM44.inf]
; Name : ssuddmgr.inf
; Function : Install SAMSUNG Escape USB Device Management Serial Port driver

[OEM56.inf]
; Name : ssudserd.inf
; Function : Install SAMSUNG Escape USB Diagnostic Serial Port driver

Four items out of the above six appeared to be unnecessary components. The other entry igdkmd64.sys belongs to Intel Graphics, which is currently in use.

Deleting the drivers

After backing all the device drivers, I decided to bite the bullet and delete all six drivers.

(To know how to backup the device drivers using DISM or PowerShell, check out the article How to Backup and Restore Device Drivers in Windows 11/10.)

The command-line syntax to delete a driver from Admin Command Prompt is:

pnputil /delete-driver <Published Name> /uninstall

Here are the actual commands I used:

pnputil /delete-driver oem44.inf /uninstall

pnputil /delete-driver oem32.inf /uninstall

pnputil /delete-driver oem56.inf /uninstall

pnputil /delete-driver oem36.inf /uninstall

pnputil /delete-driver oem40.inf /uninstall

The first four commands were executed successfully, and their driver packages have been deleted. The 5th one (Intel graphics driver) returned the following error:

Failed to delete drivers package: One or more devices are presently installed using the specified INF.

I reran the pnputil command, but this time used the /force option.

pnputil /delete-driver oem40.inf /force

That did the trick!

You can also try the following command-line, which is more comprehensive than the earlier one:

pnputil /delete-driver oem40.inf /uninstall /force

After rebooting, the Core Isolation again showed the incompatibility list (the 6th item igdkmd64.syswithout an OEM#.INF file name showed up again.)

Deleted the driver using Autoruns

I downloaded Autoruns from Microsoft, searched for the exact driver file name (igdkmd64.sys), and deleted the driver/service from the “Drivers” tab.

After another reboot, I could turn on the Memory integrity feature under Core isolation on Windows (Defender) Security page.

Editor’s note: After the reboot, my Intel Graphics driver didn’t load, but the system was working perfectly fine even without it. Device Manager showed a yellow exclamation (Code 48 error) next to the Intel Graphics driver.

It stated the following:

The driver for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)

Click 'Check for solutions' to send data about this device to Microsoft and to see if there is a solution available.

I got the following pop-up at startup, which I dismissed.

A driver cannot load on this device

Driver: Intel Graphics Kernel Mode Driver
Intel Corporation

A security setting is preventing this driver from loading. You'll need to adjust your settings to load this driver.

Neither Intel nor Dell has the updated drivers for this hardware. The latest version (20.19.15.5063, A08 – Released three years ago) available on Dell’s site is what I had installed and is incompatible with Microsoft Defender’s Core Isolation.

Anyway, the system (“OptiPlex 9020”) is working fine with Memory Integrity turned On, except that the “Sleep” feature is disabled due to the missing Graphics driver. The “Power” menu will no longer list “Sleep”.
Running powercfg.exe /a (which reports the sleep states available on the system) from a Command Prompt window will show this:
The following sleep states are available on this system:
  • Hibernate
  • Fast Startup
The following sleep states are not available on this system:
  • Standby (S1) The system firmware does not support this standby state. An internal system component has disabled this standby state. Graphics

However, the hibernate option works fine for me.

Additional Information

An alternate way to delete the drivers

You can also delete driver packages using the “Driver Store Explorer” software as an alternative to Pnputil.exe. But it shows the “Original Name” instead of the “Published Name” for the drivers/INF files.

So, it would be easier if you ran the following DISM command-line first and noted the INF file name under the “Original File Name” column.

dism /online /get-drivers /format:table

The above command shows the driver information in the following format:

(Note: The list below is shown as an example. It’s not the complete list of drivers.)

Obtaining list of 3rd party drivers from the driver store...

Driver packages listing:


-------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | ---------------
Published Name | Original File Name      | Inbox | Class Name            | Provider Name                  | Date       | Version
-------------- | ----------------------- | ----- | --------------------- | ------------------------------ | ---------- | ---------------
oem0.inf       | ssudrmnetmp.inf         | No    | Net                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem1.inf       | jswpslwfx.inf           | No    | NetService            | Atheros                        | 5/15/2008  | 1.0.0.50
oem10.inf      | hpoa1ss.inf             | No    | Image                 | Hewlett-Packard                | 6/21/2006  | 6.2.8306.0
oem11.inf      | iastorac.inf            | No    | SCSIAdapter           | Intel Corporation              | 11/17/2015 | 14.8.1.1043
oem12.inf      | ntprint.inf             | No    | Printer               | Microsoft                      | 6/21/2006  | 10.0.19041.1806
oem13.inf      | netwtw02.inf            | No    | net                   | Intel                          | 4/29/2019  | 18.33.17.1
oem14.inf      | dbutildrv2.inf          | No    | DellUtils             | Dell Technologies              | 5/6/2021   | 2.7.0.0
oem15.inf      | netwtw04.inf            | No    | net                   | Intel                          | 4/29/2019  | 19.51.21.1
oem16.inf      | ss_conn_usb_driver.inf  | No    | USB                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem18.inf      | intcdaud.inf            | No    | MEDIA                 | Intel(R) Corporation           | 4/26/2018  | 6.16.0.3208
oem19.inf      | ssudmarv.inf            | No    | USB                   | SAMSUNG Electronics Co., Ltd.  | 1/2/2014   | 2.11.7.0
oem2.inf       | oemvista.inf            | No    | Net                   | ExpressVPN                     | 4/30/2019  | 9.24.2.45

Once you note the “Original File Name”, switch to Driver Store Explorer and delete the corresponding items.


wdcsam64_prewin8.sys

If the Western Digital external hard disk driver wdcsam64_prewin8.sys is shown as incompatible, note down its OEM#.inf number as explained earlier, and delete it using the following command:

In the above case, run this command:

pnputil /delete-driver oem23.inf /uninstall /force

The above command deletes the driver from the driver store (location mentioned below) and the registry.

C:\Windows\System32\DriverStore\FileRepository\wdcsam.inf_amd64_7ce69fc8798d6116

wdcsam64.sys

On some systems, the driver wdcsam64.sys shows up without an OEM#inf number.

Company: Western Digital Technologies
Description: WD SCSI Architecture Model (SAM) driver
Product: WD External Storage
Machine Type: 64-bit
Binary Version: 1.0.7.2

You should be able to find and delete the above item (wdcsam64.sys) from the Drivers tab of Autoruns, like we deleted the Intel Graphics driver igdkmd64.sys.

That deletes the WDC_SAM driver/service. Next, delete the corresponding driver file “C:\Windows\System32\Drivers\wdcsam64.sys” manually. If the file is in use, please reboot and then delete the file.

You can use the SC.exe command as well

The SC.exe command-line can also be used to delete the driver/service if you want to automate the task on other systems; if you don’t want to download Autoruns on every computer.

First, find the service’s short name using WMIC.exe console tool.

Example 1: igdkmd64.sys

Assuming you want to find the service name of the driver “igdkmd64.sys“, run this command:

wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State

The output looks like this:

Name  PathName                                  State
igfx  C:\WINDOWS\system32\DRIVERS\igdkmd64.sys  Stopped

Optionally, if you want to get additional info about the driver, run the following:

wmic sysdriver where "PathName like '%igdkmd64%'" get Name, PathName, State, Description, Caption
or
wmic sysdriver where "PathName like '%igdkmd64%'" get /format:list

Now that you know the service name (“igfx“), run this command to delete the service:

sc.exe delete igfx

That’s it. The Intel Graphics service is now deleted.

Example 2: wdcsam64.sys

Likewise, for wdcsam64.sys, find its service’s short name (which is “WDC_SAM“) using this command:

wmic sysdriver where "PathName like '%wdcsam64%'" get Name, PathName, State

Then run:

sc.exe delete WDC_SAM

Output:

C:\windows\system32>sc.exe delete WDC_SAM
[SC] DeleteService SUCCESS

The Western Digital driver is now deleted.

Example 3: xhunter1.sys

xhunter1.sys is a component of XIGNCODE3 anti-cheat program, which is installed with various game titles. If uninstalling the component or the respective game software doesn’t help you enable Core Isolation, then you may delete its driver (whose service name “xhunter1“) using the following command:

sc.exe delete xhunter1

Then, manually delete C:\Windows\System32\Drivers\xhunter1.sys after a reboot.


Delete WD driver via Device Manager

Western Digital suggests that you delete the incompatible driver via Device Manager.

  1. Uninstall all WD software.
  2. Uninstall the older WD driver.
  3. Access Device Manager.
  4. From the the View menu, click “Show Hidden Devices”.
  5. Look for WD Drive Management devices.
  6. Select WD SES Device, right-click, and click “Uninstall device”.
  7. Check the box for “Delete the driver software for this device.”
  8. Click Uninstall.
  9. Reboot the computer.
  10. Enable memory integrity.
  11. Download and install the latest release of WD Software if available.

Here is a related WD support forum thread you may want to check out.

I hope that helps!

Exit mobile version