How to Remove Incompatible Drivers Blocking Memory Integrity in Windows 11

Memory integrity or Hypervisor-protected Code Integrity (HVCI) in Windows 11 is a quiet yet important feature that keeps systems protected. However, it usually won’t turn on if an outdated or unsigned driver is lingering in the background. If you’re an administrator or managed service provider (MSP), you will have to take several steps to fix the issue, including tracking down the exact driver causing the block, updating it when possible, and removing older packages if needed.

To help you do this safely, here’s a practical and low-risk guide for removing incompatible drivers in Windows 11 to keep memory integrity enabled without disrupting tools or hardware.

How to remove incompatible drivers on Windows 11

When Windows 11 refuses to enable memory integrity, you need to clean up old or incompatible drivers that load silently during startup. Here’s a step-by-step approach to help you restore protection without interrupting how the device is being used.

📌 Prerequisites:

• Local administrator rights and a planned maintenance window
• A fresh backup or snapshot for rollback
• Access to OEM driver packages and a test account for validation

Confirmation step: Check memory integrity and HVCI status

Before you start troubleshooting drivers, confirm that memory integrity is actually disabled or unavailable on the device, because in some cases, the feature is simply turned off, restricted, or disabled, not blocked by a driver.

1. Open Settings > Privacy & security > Windows Security > Device security > Core isolation details.
2. Check whether memory integrity is turned off, greyed out, or unavailable.
   • If the setting is available and turns on without errors, no driver remediation is required.
   • If the setting is blocked or shows incompatible drivers, continue with the steps below.
   • If the setting is unavailable and no driver is listed, verify virtualization support in BIOS and Windows features.

Step 1: Identify the blocking driver

First, find the specific driver holding memory integrity back. Windows will usually give you hints, but you should still double-check the related device and look for any older kernel drivers that tend to load early during startup. This should save you time later and keep you from removing the wrong component.

1. Open Settings > Privacy & security > Windows Security > Device security > Core isolation details, and then check whether there are any incompatible drivers listed.
2. Check Device Manager for the device or software component tied to the driver.
3. Optionally, run this PowerShell command to inventory kernel drivers:

Get-WindowsDriver -Online | Sort-Object -Property ClassName, Driver

4. Look closely at third-party filter drivers that load early in the boot process.

Step 2: Update or replace from OEM sources

Once you know which driver is causing trouble, the safest fix is usually to update it straight from the hardware or software vendor. OEM packages are more reliable, properly signed, and far less likely to break memory integrity after a reboot. A clean update often resolves the issue without needing to remove anything.

1. Download the latest signed driver package from the device or component OEM.
2. Install the update, restart the device, and check Core isolation details in Windows Security again.
3. If the updated driver loads correctly, continue with validation and documentation.

Step 3: Uninstall device software and delete the driver package

If the previous step didn’t fix the issue, try removing the software tied to the incompatible driver, including the app, device entry, or any leftover INF packages that Windows might reload quietly later. Removing everything should keep the system from reverting to the same issue after a reboot.

1. Uninstall the related app or device software from Settings > Apps when available.
2. Open Device Manager, right-click the device, select Uninstall device, and check Delete the driver software for this device.

Warning: Deleting driver packages can disable the associated device or feature. Make sure you have a compatible OEM driver available or a backup in place before continuing.

3. Remove any remaining INF packages when needed:
   1. Run pnputil /enum-drivers to list all third-party driver packages.
   2. Run pnputil /delete-driver oem##.inf /uninstall /force to remove a package.

💡Note: Replace ## with the number from the published name of the specific driver you want to remove.

1. 3. Restart the device and recheck Core isolation details.

As mentioned, removing a driver will temporarily disable the associated hardware or feature. To restore functionality, reinstall the approved OEM-signed driver after confirming it is compatible with memory integrity, or roll back using your backup or snapshot if the device is no longer usable. Once restored, verify that memory integrity remains enabled.

Step 4: Clean up legacy or ghosted drivers

Older or hidden entries may still linger and keep memory integrity disabled even after removing the main driver package. These ghosted devices often appear after hardware changes, past software installs, or failed updates. Clear them out to ensure nothing unexpected loads during boot.

1. In Device Manager, enable the option to show hidden devices and remove any ghosted hardware using the same uninstall process.
2. Check for duplicate filter drivers in storage, USB, or security-related stacks and remove any that no longer belong.

Step 5: Enable memory integrity and verify

After clearing or updating incompatible drivers, you should be able to turn memory integrity back on and keep it enabled. Confirm that there are no more issues with a quick reboot and another look at the core isolation page.

1. Open Windows Security > Device security > Core isolation details and turn on memory integrity.
2. Restart the device when prompted.
3. After the reboot, confirm the toggle remains on and ensure that no new incompatible drivers appear.

Step 6: Safeguards and exceptions

You may also run into hardware or specialized software that still relies on an older, legacy driver. When this happens, your goal should be to keep the device functional without leaving the rest of the environment exposed.

1. Reach out to the vendor when a business-critical device relies on a legacy driver and request a properly signed version.
2. When no compatible driver exists, document the exception, isolate the device as needed, and plan for a long-term hardware or software replacement.

Step 7: Evidence and fleet rollout

After fixing the issue on a single device, it’s helpful to collect clear records, then test your approach on a small group before rolling out changes. This makes future fixes easier and reduces the chance of surprises across different hardware models.

1. Capture before-and-after screenshots, along with INF names, driver versions, and hashes.
2. Store the notes in your RMM, including the device model and BIOS version.
3. Test the process on a few representative models before scaling to the rest of the fleet.

Best practices summary

Here are some best practices to help you keep the process consistent and prevent memory integrity from failing after a reboot.

What is memory integrity in Windows 11?

Memory integrity is a security feature that protects the OS from malicious code by isolating critical kernel processes inside a virtualized environment. Essentially, it creates a barrier that prevents unsigned or tampered-with drivers from slipping into the system at boot. This helps reduce the risk of rootkits and similar attacks. While it works quietly in the background, it depends on clean, properly signed drivers to function correctly. So if something outdated or incompatible is present, Windows will block the feature from turning on.

Troubleshooting

Even with a careful workflow, you may encounter a few common issues that will slow things down. Consider the following scenarios to save you from a lot of trial and error.

The driver keeps reinstalling

Something in the system is actively reinstating the removed drive, like a companion app, an OEM background service, or even Windows Update. Removing the app, blocking the specific update, or pushing the correct driver through policy usually stops the loop.

Toggle is still greyed out with no drivers listed

If memory integrity still won’t turn on and Windows isn’t showing a blocked driver, it may be missing the virtualization features required for core isolation. Double-check the BIOS virtualization settings, Hyper-V components, and any documentation you already follow for core isolation posture to ensure the environment is ready.

Dependent hardware stops working

If removing an incompatible driver restores memory integrity but disables required hardware, reinstalling the same legacy driver may be necessary to regain functionality. In that case, memory integrity should be expected to remain disabled, and the device should be handled as an exception (as described in Step 6), including documentation, isolation where appropriate, and planning for a compatible hardware or software replacement.

Multiple blocked drivers

When Windows lists several incompatible drivers, it’s best to remove them one at a time. Rebooting between each removal can also help you see which driver affects what and keep you from troubleshooting multiple variables at once.

Policy conflict

Application control policies like WDAC can interfere with which drivers are allowed to load. If something still isn’t adding up, review these policies to ensure they’re not blocking necessary components or causing unexpected behavior during startup.

Hardening Windows 11 through clean driver hygiene

To reliably set up memory integrity, MSPs and administrators should follow a step-by-step process, from identifying and updating stubborn drivers to confirming changes and keeping clear records. With the steps discussed, organizations can maintain stronger kernel-level protection across their entire fleet and avoid recurring issues in the future.

Related topics:

• How to Turn On or Off Core Isolation Virtualization-based Security in Windows 10
• How to Enable and Disable Kernel-mode Hardware-enforced Stack Protection
• How to Update Drivers on PCs and Troubleshoot Common Issues
• Complete Guide: How to Uninstall a Driver in Windows
• How to Enable or Disable the Microsoft Vulnerable Driver Blocklist in Windows 11