Enabling HVCI on a Windows PC requires flipping the Memory integrity toggle inside Windows Security’s Core isolation section, then restarting.
HVCI—Hypervisor-protected Code Integrity—is a virtualization-based security layer that checks every driver and kernel binary before it runs. You can find how to enable HVCI under Device security in Windows Security, and the setting is named Memory integrity. This guide walks through the exact toggle path, what to do when the switch won’t stick, and the BIOS setting most people miss.
What Is HVCI And Why Enable It?
HVCI uses hardware virtualization to isolate code-integrity checks from the main operating system, so even kernel-level malware can’t tamper with the verification process. Microsoft’s documentation positions the feature as a core part of Windows’ virtualization-based security stack, alongside Credential Guard and Device Guard.
The most common reason people enable HVCI today is game compatibility. Riot’s Vanguard anti-cheat in VALORANT requires HVCI to be active before the game will launch, and the same restriction applies to a growing number of competitive titles that enforce kernel-level integrity. Even if you don’t game, HVCI hardens the system against driver-based exploits with no noticeable performance hit on modern hardware.
How To Enable HVCI In Windows Security
The official Microsoft path to enable HVCI takes under a minute and requires only the Windows Security app that ships with every current version of the OS.
- Open Windows Security (search for it from the Start menu).
- Click Device security in the main navigation.
- Under the Core isolation heading, select Core isolation details.
- Flip the Memory integrity toggle to On.
- Restart your PC when the system prompt appears.
The same settings path works on both Windows 10 and Windows 11. Riot Support gives identical steps for VALORANT players, noting the toggle lives under Update & Security > Windows Security > Device Security in older Windows 10 menu layouts. Microsoft’s official documentation for Memory integrity setup confirms the Core isolation path and adds that enterprise environments can also enable HVCI via App Control policy or the Set-HVCIOptions PowerShell cmdlet.
What If Memory Integrity Won’t Turn On?
When the Memory integrity toggle is grayed out or flips back to Off after a restart, the cause is almost always a disabled CPU virtualization setting or an incompatible driver blocking the feature.
Start by checking whether virtualization is available on your system. Press Win + R, type msinfo32, and look for lines that mention virtualization or Hyper-V. If those show as disabled, the fix lives in your system’s firmware. If virtualization is already enabled and the toggle still won’t stay on, Windows has detected a driver that can’t run under HVCI. Open Core isolation details again and check for any flagged drivers under the incompatibility notice—updating or removing those drivers usually resolves the issue.
| Issue | Likely Cause | Fix |
|---|---|---|
| Memory integrity toggle is grayed out | CPU virtualization disabled in BIOS/UEFI | Enable Intel VT-x or AMD SVM in firmware settings |
| Toggle resets to Off after restart | Incompatible or outdated driver detected | Check Windows Security for driver details, then update or remove the driver |
| Core isolation section missing entirely | Windows version too old (pre-1607) | Update to Windows 10 version 1607 or later, or upgrade to Windows 11 |
| HVCI active but a game or app crashes | Driver conflict with HVCI enforcement | Locate the blocked driver in Windows Security and update it |
| Virtualization option absent in BIOS menu | CPU lacks hardware virtualization support | Verify your CPU model supports Intel VT-x or AMD SVM |
| Memory integrity toggle stuck permanently Off | Group Policy or MDM policy override | Check local security policy or contact your IT administrator |
| Toggle available but won’t move | Pending Windows update required | Install all pending updates and retry |
Enabling Virtualization In BIOS/UEFI
If msinfo32 shows virtualization is disabled, you need to turn it on in your system firmware before HVCI will work. The exact BIOS key and menu path vary by manufacturer, but the setting is usually labeled Intel Virtualization Technology, Intel VT-x, AMD SVM, or simply Virtualization.
Restart the PC and press the BIOS key repeatedly during boot. Once inside the firmware setup, look for the setting under a CPU, Advanced, or Security tab. Enable it, save the changes, and boot back into Windows. The Memory integrity toggle should become available immediately.
| Manufacturer | Typical BIOS Key | Common Menu Path |
|---|---|---|
| ASUS | F2 or Del | Advanced > CPU Configuration > Intel Virtualization Technology / SVM Mode |
| MSI | Del | OC > CPU Features > Intel Virtualization Technology / SVM Mode |
| Gigabyte | F2 or Del | Tweaker > Advanced CPU Settings > SVM Mode |
| ASRock | F2 or Del | Advanced > CPU Configuration > SVM Mode |
| Dell | F2 | Virtualization Support > Enable Intel Virtualization Technology |
| HP | F10 | Security > System Security > Virtualization Technology |
| Lenovo | F1 or F2 | Security > Virtualization > Intel Virtualization Technology |
Common Mistakes With HVCI Setup
The most frequent error is skipping the restart after enabling Memory integrity. The toggle won’t take effect until Windows reboots and the hypervisor loads. Another common miss is looking for the setting in the old Windows 10 Security interface instead of the current Windows Security app that opens directly from the Start menu.
Microsoft’s documentation on Memory integrity and driver compatibility warns that some older drivers simply won’t work with HVCI enabled. If a critical peripheral stops functioning after you turn on HVCI, check the manufacturer’s site for updated drivers that carry HVCI-compatible signatures. In rare cases, removing the incompatible device and its software is the only path forward—CORSAIR notes that the feature is enabled by default in Windows 11 on newer hardware, so any driver that shipped pre-HVCI may need a replacement.
A subtler issue: some systems ship with virtualization on in the BIOS but with Hyper-V platform services disabled at the OS level. Running systeminfo in Command Prompt and checking the Hyper-V Requirements line at the bottom will tell you whether all virtualization prerequisites are satisfied. If any line reads No, the BIOS setting or a Windows feature is blocking HVCI.
From First Boot To Working HVCI
The full sequence to enable HVCI on a Windows PC covers three phases: BIOS preparation, the Windows Security toggle, and post-enablement verification. Each step is necessary—skipping the firmware check is the single biggest cause of a toggle that won’t stay on.
- Boot into BIOS/UEFI and enable CPU virtualization (Intel VT-x or AMD SVM). Save and exit.
- Boot into Windows and open Windows Security > Device security > Core isolation details.
- Turn Memory integrity to On and restart when prompted.
- After the restart, open Core isolation details again to confirm the toggle reads On.
- Run
msinfo32and verify that Virtualization-based security shows as Running. - Launch any HVCI-dependent game or app to confirm compatibility. If it fails, check the driver incompatibility list in Windows Security.
References & Sources
- Microsoft Learn. “Enable virtualization-based protection of code integrity.” Official UI path and policy methods for Memory integrity/HVCI.