mr.WHO wrote: ↑Wed, 7. Sep 22, 17:48
Recently I had another issue with Windows Defender (probably valid for both Win11 and Win10).
Aparently, out of blue, one day, some old drivers caused my Defender to be unable to trigger Memory Core Isolation.
Had to do some 30 minute search on Google to diagnose and fix the issue.
In case someone has same issue pop-up, here is quick guide how to fix it:
When defender pop-up with warning icon and say it's unable to trigger core isolation, try to trigger it, it will fail and go to the details to see which drivers trigger the problem, it should be like that:
<Driver name>
<version,date>
<oem#.inf> , where # is a ID number on your system (e.g. order of driver instalation, so can differ for each system).
Then identify, what are those drivers and if you can:
- update them - in my case, those were old, no longer used smart card reader drivers...from 2008,which I installed in 2019, but no longer need.
- delete them from WIndows application
For me, the drivers were so old, that they weren't listed in applications, unused, but somehow still noticable by Windows defender.
Therefore I had to dig deeper.
Run commandline/PowerShell as administrator:
type
pnputil /enum-drivers
it will give you the list of drivers currently used by your system.
Try to find the drivers that trigger issue with Defender.
My problematic drivers weren't listed in application list, nor here, so this strongly suggest there were old and redundant.
then type this (remember to have the temp folder created, if you don't have it):
dism /Online /get-drivers /format:table > C:\temp\drivers.txt
it will create a txt file with nice table list of ALL your drivers.
Here, I found the problematic drivers and confirmed their oem#.inf number
Now, finally go back to command line/Powershell and run this (IMPORTANT, be careful and double sure you type the correct driver number, not to delete wrong driver by accident, so if your problematic driver is oem40.inf, type that number)
pnputil /delete-driver oem#.inf
It will delete drivers (+ aparently in case if driver is used, e.g. by some device, it will reject the delete command).
Now you can go back to Windows Defender and trigger core isolation, restart and enjoy again that cheerful green Defender icon.