How to Enable HVCI: Complete Guide to Memory Integrity Protection in 2026

By /

Hypervisor-protected Code Integrity (HVCI) is a Windows security feature that stops malicious code from running on your computer. It uses virtualization to create a protected environment where only trusted code can execute. This guide shows you exactly how to turn it on.

What Is HVCI and Why Should You Enable It?

HVCI, also called Memory Integrity, protects your system’s kernel memory from attacks. It works by isolating the code integrity service in a secure environment created by Windows Hypervisor. This means even if malware gets onto your computer, it can’t inject malicious code into critical system processes.

Key benefits:

  • Blocks kernel-mode malware and rootkits
  • Prevents unauthorized code execution
  • Protects against driver-based attacks
  • Works silently in the background

Windows 11 includes HVCI by default on new installations with compatible hardware. Windows 10 users need to enable it manually in most cases.

System Requirements for HVCI

Before enabling HVCI, verify your system meets these requirements:

Hardware requirements:

  • 64-bit processor with virtualization extensions (Intel VT-x or AMD-V)
  • Second Level Address Translation (SLAT)
  • Minimum 4GB RAM (8GB recommended)
  • UEFI firmware with Secure Boot capability
  • TPM 2.0 (Trusted Platform Module)

Software requirements:

  • Windows 10 version 1803 or later
  • Windows 11 (any version)
  • All drivers must be compatible with HVCI

Important note: Some older drivers and certain software like anti-cheat systems or virtualization tools may conflict with HVCI. Always check compatibility first.

How to Enable HVCI

How to Check If HVCI Is Already Enabled

Before making changes, see if HVCI is already running:

  1. Press Windows key + R
  2. Type msinfo32 and press Enter
  3. Look for “Virtualization-based security” at the bottom of the System Summary
  4. If it shows “Running,” check for “Hypervisor enforced Code Integrity” status

Alternative method using Windows Security:

  1. Open Windows Security (search in Start menu)
  2. Click “Device security”
  3. Select “Core isolation details”
  4. Check if “Memory integrity” is turned on

If it shows “On,” you’re already protected. If not, continue with the steps below.

Method 1: Enable HVCI Through Windows Security (Easiest Way)

This is the simplest approach for most users.

Step-by-step process:

  1. Open Settings (Windows key + I)
  2. Click “Privacy & Security” (Windows 11) or “Update & Security” (Windows 10)
  3. Select “Windows Security”
  4. Click “Device security”
  5. Under Core isolation, click “Core isolation details”
  6. Toggle “Memory integrity” to On
  7. Restart your computer when prompted
See also  Uninstall.exe: What It Is, How It Works, and How to Use It Safely

If the toggle is grayed out:

This means your system doesn’t meet hardware requirements or has incompatible drivers. Check the compatibility section below.

Method 2: Enable HVCI Using Registry Editor

For advanced users who need more control:

  1. Press Windows key + R
  2. Type regedit and press Enter
  3. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
  4. Double-click “Enabled”
  5. Change value from 0 to 1
  6. Click OK
  7. Restart your computer

If the registry key doesn’t exist:

Create it manually:

  1. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
  2. Right-click DeviceGuard, select New > Key
  3. Name it “Scenarios”
  4. Right-click Scenarios, create new key “HypervisorEnforcedCodeIntegrity”
  5. Right-click the new key, select New > DWORD (32-bit) Value
  6. Name it “Enabled”
  7. Set value to 1

Method 3: Enable HVCI Using Group Policy Editor

This method works for Windows Pro, Enterprise, and Education editions:

  1. Press Windows key + R
  2. Type gpedit.msc and press Enter
  3. Navigate to: Computer Configuration > Administrative Templates > System > Device Guard
  4. Double-click “Turn On Virtualization Based Security”
  5. Select “Enabled”
  6. Under “Virtualization Based Protection of Code Integrity,” select “Enabled with UEFI lock”
  7. Click Apply, then OK
  8. Restart your computer

Understanding the lock option:

“Enabled with UEFI lock” prevents HVCI from being disabled remotely or through software. Only UEFI settings can turn it off. This provides maximum security but less flexibility.

Method 4: Enable Required Prerequisites (BIOS/UEFI Settings)

HVCI needs certain firmware features enabled first.

Enable virtualization in BIOS/UEFI:

  1. Restart your computer
  2. Press the BIOS key during startup (usually F2, F10, Del, or F12)
  3. Find virtualization settings (location varies by manufacturer):
    • Intel: Look for “Intel VT-x” or “Intel Virtualization Technology”
    • AMD: Look for “AMD-V” or “SVM Mode”
  4. Set to Enabled
  5. Save and exit

Enable Secure Boot:

  1. In BIOS/UEFI settings
  2. Find Security or Boot menu
  3. Locate “Secure Boot” option
  4. Set to Enabled
  5. Save and exit

Common BIOS menu names by manufacturer:

ManufacturerBIOS KeyVirtualization Setting Location
DellF2 or F12Virtualization Support > VT for Direct I/O
HPF10 or EscSystem Configuration > Virtualization Technology
LenovoF1 or F2Security > Virtualization
ASUSF2 or DelAdvanced > CPU Configuration
MSIDelOC > CPU Features
AcerF2Main > Intel Virtualization Technology

Troubleshooting HVCI Issues

Problem: Memory Integrity Toggle Is Grayed Out

Solutions to try:

Check virtualization status:

  1. Open Task Manager (Ctrl + Shift + Esc)
  2. Go to Performance tab
  3. Click CPU
  4. Look for “Virtualization: Enabled”

If it shows Disabled, enable it in BIOS as described above.

Verify Secure Boot:

  1. Press Windows key + R
  2. Type msinfo32
  3. Check “Secure Boot State” (should say “On”)

If Off, enable Secure Boot in BIOS settings.

Problem: System Crashes or Blue Screen After Enabling HVCI

This usually means driver incompatibility.

Quick fix:

  1. Boot into Safe Mode (hold Shift while clicking Restart, then Troubleshoot > Advanced options > Startup Settings > Restart > press F4)
  2. Disable HVCI using the Registry method (change value back to 0)
  3. Boot normally
  4. Update all drivers, especially graphics, chipset, and network drivers
  5. Try enabling HVCI again

Check for incompatible drivers:

  1. Download and run the Device Guard and Credential Guard hardware readiness tool from Microsoft
  2. Run PowerShell as administrator
  3. Navigate to the tool’s folder
  4. Run: .\DG_Readiness_Tool_v3.6.ps1 -Ready
  5. Review the report for incompatible drivers
See also  Which Term Describes the Process of Using Generative AI to Act as If It Were a Certain Type of User?

Problem: Performance Issues After Enabling HVCI

HVCI can cause slight performance reduction (typically 5-10%) on older systems.

Optimization steps:

Update to latest Windows version:

  1. Open Settings
  2. Go to Windows Update
  3. Install all available updates
  4. Restart if required

Check driver compatibility and update:

  1. Press Windows key + X
  2. Select Device Manager
  3. Right-click each device category
  4. Select “Update driver”
  5. Choose “Search automatically for drivers”

For gaming systems, the performance impact is usually negligible on modern hardware (2020 or newer).

Problem: Specific Software Won’t Run with HVCI Enabled

Some programs conflict with HVCI:

Known problematic software types:

  • Older anti-cheat systems (Valorant’s Vanguard now supports HVCI)
  • Some virtualization software (VMware Workstation, VirtualBox older versions)
  • Certain driver-level utilities
  • Outdated hardware monitoring tools

Solutions:

  1. Update the software to the latest version
  2. Check the software vendor’s website for HVCI compatibility information
  3. Contact the developer for an update
  4. If no solution exists, decide whether to keep HVCI enabled or use the software

Most modern software works fine with HVCI in 2026.

Verifying HVCI Is Working Properly

After enabling HVCI and restarting, confirm it’s active:

Method 1: System Information:

  1. Press Windows key + R
  2. Type msinfo32
  3. Scroll down to find these entries:
    • “Virtualization-based security” should show “Running”
    • “Virtualization-based security Services Running” should include “Hypervisor enforced Code Integrity”

Method 2: Windows PowerShell:

  1. Right-click Start menu
  2. Select “Windows PowerShell (Admin)”
  3. Type: Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
  4. Look for “SecurityServicesRunning” which should include value 2 (HVCI enabled)

Method 3: Event Viewer:

  1. Press Windows key + R
  2. Type eventvwr.msc
  3. Navigate to: Applications and Services Logs > Microsoft > Windows > CodeIntegrity > Operational
  4. Look for Event ID 3076 (indicates HVCI is active)

HVCI vs Other Security Features

Understanding how HVCI fits with other Windows security:

HVCI and Virtualization Based Security (VBS):

VBS is the underlying technology that enables HVCI. HVCI is one specific feature that runs on top of VBS. When you enable HVCI, VBS automatically enables too.

HVCI and Credential Guard:

Both use VBS but protect different things. Credential Guard protects login credentials, while HVCI protects code integrity. You can run both simultaneously for maximum protection.

HVCI and Windows Defender:

These work together. Windows Defender Application Guard also uses VBS. Combined with HVCI, they create multiple protection layers.

Security comparison table:

FeatureWhat It ProtectsPerformance ImpactRequires VBS
HVCIKernel code integrityLow (2-5%)Yes
Credential GuardDomain credentialsMinimal (<1%)Yes
Application GuardBrowser isolationModerate (5-10%)Yes
BitLockerData encryptionLow (1-3%)No
Windows DefenderMalware/virusesLow (1-3%)No

Should You Enable HVCI?

Enable HVCI if:

  • You have compatible hardware (2018 or newer typically)
  • You prioritize security over maximum performance
  • You don’t use incompatible legacy software
  • Your system runs Windows 11 (it’s designed for it)
  • You work with sensitive data
  • You’re in an enterprise environment with security requirements

Consider not enabling HVCI if:

  • You rely on software confirmed incompatible with HVCI
  • You use older hardware with performance limitations
  • You need every bit of performance (competitive gaming, rendering workstations)
  • You run specialized industrial or legacy business software
See also  Internet Options Settings: Complete Configuration Guide for 2026

For most home users and businesses in 2026, HVCI should be enabled. The security benefits outweigh minor performance costs on modern hardware.

Best Practices for Running HVCI

Keep everything updated:

Windows updates often include HVCI improvements and driver compatibility fixes. Enable automatic updates or check monthly.

Monitor system stability:

For the first week after enabling HVCI, watch for crashes, freezes, or unusual behavior. If problems occur, check Event Viewer for specific error codes.

Maintain driver hygiene:

Only install drivers from official manufacturer websites. Avoid driver update utilities that may install incompatible versions. According to Microsoft’s security guidelines, signed drivers from Windows Update are most compatible.

Document your configuration:

Keep notes about when you enabled HVCI and any compatibility issues you resolved. This helps with troubleshooting future problems.

Regular security audits:

Every few months, verify HVCI is still running using the verification methods above. Updates or system changes can sometimes disable it.

Advanced Configuration Options

For enterprise administrators or power users:

Configure HVCI strictness levels:

  1. Open Registry Editor
  2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
  3. Create DWORD value “HVCIMATRequired”
  4. Set to 1 for strict mode (blocks all unsigned drivers)
  5. Set to 0 for standard mode (allows Microsoft-signed drivers)

Audit mode for testing:

Before fully enabling HVCI in production environments:

  1. Enable VBS without HVCI enforcement
  2. Use Event Viewer to log compatibility issues
  3. Review logs after 1-2 weeks
  4. Address flagged drivers
  5. Enable full HVCI enforcement

Conclusion

Enabling HVCI provides significant security benefits with minimal impact on modern systems. The process is straightforward through Windows Security settings, though BIOS configuration may be needed for older systems. Always verify compatibility first, especially if you use specialized software or older hardware.

Start by checking if HVCI is already enabled using System Information. If not, use the Windows Security toggle method for the easiest activation. Enable virtualization and Secure Boot in your BIOS if the option is grayed out. After enabling, verify functionality through System Information or PowerShell.

The security protection HVCI provides against kernel-mode malware and rootkits makes it worth enabling for most users in 2026. Keep your system and drivers updated to maintain compatibility and optimal performance.

Frequently Asked Questions

Does HVCI slow down my computer?

HVCI causes minimal performance impact on modern hardware (2018 or newer). Most users see 0-5% reduction in CPU-intensive tasks. Gaming performance is typically unaffected on systems with dedicated graphics cards. Older systems may experience more noticeable slowdown, particularly during disk operations or software compilation.

Can I disable HVCI after enabling it?

Yes, you can disable HVCI anytime using the same methods. Go to Windows Security > Device security > Core isolation details and toggle Memory integrity to Off. Restart your computer for changes to take effect. If you enabled it with UEFI lock through Group Policy, you’ll need to disable it through BIOS settings.

Will HVCI affect my games or gaming performance?

Modern games and anti-cheat systems work fine with HVCI in 2026. Popular titles like Valorant, Fortnite, Call of Duty, and Apex Legends all support HVCI. The performance impact is typically under 3% for gaming workloads. Some older games with kernel-level anti-cheat from before 2020 may have issues, but developers have updated most systems.

What’s the difference between Memory Integrity and HVCI?

They’re the same feature with different names. Microsoft calls it Memory Integrity in consumer-facing Windows Security settings, while the technical name is Hypervisor-protected Code Integrity (HVCI). Both terms refer to the same security protection that isolates code integrity verification in a virtualized environment.

My computer doesn’t have TPM 2.0, can I still enable HVCI?

HVCI technically works without TPM 2.0, though Microsoft recommends it for full security benefits. You can enable HVCI if you have virtualization support and Secure Boot, but you won’t get complete Device Guard protection. Windows 11 requires TPM 2.0 anyway, so this mainly affects Windows 10 users with older hardware.

MK Usmaan
Latest posts by MK Usmaan (see all)