Unable to Enable Core Isolation Memory Integrity due to Western Digital Driver (Windows 10 2004)

When trying to enable Windows 10 Core Isolation Memory Integrity in Microsoft Defender, it says “Memory integrity can’t be turned on” due to incompatibilities with your drivers.

The setting can be found here: [Windows Security App > Device Security > Core Isolation Details > Memory Integrity].

The incompatible driver is the below Western Digital driver, which is located here:
C:\Windows\System32\DriverStore\FileRepository\wdcsam.inf_amd64_7ce69fc8798d6116

wdcsam64_prewin8.sys
Western Digital Technologies

Device:  WD SES Device
Import Date:  5/28/2020
Driver Date:  11/30/2017
Driver Version:  1.2.0.0
Published Name:  oem87.inf

This isn’t a driver that I have installed, but one that comes automatically through Windows Update. The harddrive in the actual machine is a Samsung SSD, therefore this driver is to do with a couple of external USB Western Digital harddrives that are sometimes plugged into the machine, rather than the main drive.

Looking at the driver name, this appears to be a pre-Windows 8 driver – meaning an old driver that is no longer required is preventing an Operating System security feature from being enabled.

I have looked on the Western Digital website for a newer version of the driver HERE, however it only lists a 9 year old driver from 15 March 2011.

I have also looked in Windows Device Manager for the driver to attempt to uninstall it, however it doesn’t appear in Windows Device Manager.

Although not ideal, I attempted to manually delete the wdcsam64_prewin8.sys driver (leaving the wdcsam64.sys driver in place), however it requires SYSTEM privileges to delete it, so I didn’t pursue it any further.

This really needs Western Digital or Microsoft to either prevent the old pre-Windows 8 driver from being automatically installed on people’s Windows 10 machines, or release updated drivers to the Windows Hardware Developer Portal that is compatible with Windows 10 Core Isolation Memory Integrity in Microsoft Defender. As it is, a driver that a lot of people don’t need is preventing them from enabling an OS security feature.

Screenshot:


Windows 10 2004 (19041.264) x64

1 Like

Hi,

You could refer to the following link: Driver Error Message: WD SES Device USB Device

I was looking under the ‘Disk drives’ section in Windows Device Manager, rather than the ‘WD Drive Management devices’ section – which is where it is.

Although, as the drivers are automatically pushed to the device via Windows Update when the drive is plugged into the machine, if you uninstall the ‘WD SES Device’ driver in Windows Device Manager, it will reinstall itself again as soon as the drive is plugged back in or the machine is restarted.

However, if it’s just a single machine, as a workaround it’s possible to uninstall the ‘WD SES Device’ driver and enable Memory Integrity before the driver has a chance to reinstall itself. I.E. Plug the Western Digital external harddrive into a USB port and perform the following steps without unplugging the drive:

However, the original post still stands: This really needs Western Digital to either prevent the old pre-Windows 8 driver from being automatically installed on people’s Windows 10 machines, or release updated drivers to the Windows Hardware Developer Portal that are compatible with Windows 10 Memory Integrity in Microsoft Defender. The above is just a workaround.

1 Like

Hello,

Newer SES Drivers are distributed through Windows and macOS Updates and are installed automatically with WD Security, WD Drive Utilities and WD Smartware. You can check out the following links:

https://support-en.wd.com/app/answers/detail/a_id/19581

https://support-en.wd.com/app/answers/detail/a_id/13977

Very well described! For Western Digital it should be a matter of course to guarantee its customers absolute product and data security. Especially as security problems have regularly occurred in the past.

There is no newer driver available than version 1.2.0.0 from 11/30/2017. Neither I could find one on https://www.catalog.update.microsoft.com

Please provide a download of your updated driver.

Indeed I have the same problem, please provide the exact location (URL) of the updated drivers, that support the Windows 10 ‘Core Isolation / Memory Integrity’ security feature.
Rgds
bavo

I have just installed WD Drive Utilities 2.0.0.71. No new driver has been installed to support SES Device in the system. Core Isolation Memory Integrity still reports the very same wdcsam64_prewin8.sys as a culprit preventing it being switched back on

Jonty.S - It is now widespread that wdcsam64_prewin8.sys is an old, bad driver and is causing Microsoft Defender to issue error messages in Event Viewer, on Win 10 machines. Core Isolation and Virtualization Based Security in MS Defender DO NOT WORK if wdcsam64_prewin8.sys is present anywhere on the system.

How can we purge our systems of the old, bad WD drivers, and then how do we re-connect our WD external hard drives without this old, bad driver being reinstalled? What are the steps to connect a WD external hard drive with NONE of the WD drivers being installed? How do we use your external hard drives using only Microsoft’s native drivers for external hard drives?

Please answer these questions.

FYI - these forums are actively discussing this topic, but we all need you to answer my questions.

This is discussed in two places:

https://www.tenforums.com/antivirus-firewalls-system-security/161859-windows-defender-network-inspection-service-fails-start.html

and

https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-antivirus-network-inspection/e3ed244b-6fd1-4a46-9828-1c0ba973dacc

PLEASE ANSWER MY QUESTIONS ABOVE.

2 Likes

Jonty S. See also

https://www.askwoody.com/2020/windows-defender-throwing-error-events-7000-7001/
(and hit the link for https://www.askwoody.com/forums/topic/windows-defender-throwing-error-events-7000-7001

BUT WE NEED YOU TO ANSWER MY QUESTIONS IN THE PRECEDING POST.

1 Like

On my Win 10 Pro 64-bit version 1909 (updated through 07-2020) I managed to get
Antimalware Client Version: 4.18.2008.4

But I still cannot turn on Memory Integrity.

I still have my WD external drive hooked up. The driver for “WD SES Device” is disabled . My efforts to uninstall that driver fail - it is reinstalled on every boot.

What next?

EDIT - I completely UNinstalled the WD SES drivers in Device Manager, but I also had to disconnect the WD drive, reboot AND search for the wdcsam64 drivers and delete them everywhere (including from File Repository, which required taking ownership of the relevant WD subfolder’s security) before I could turn on Memory Integrity. Wow!

Now - what happens if I connect the WD drive again - back to square one?

EDIT FIVE DAYS LATER ON AUGUST 20 –

This is still an issue, and Jonty S has not responded.

Also, on each reboot, my WD external drive will re-load its drivers into my Win 10 64-bit v 1909. They are on a separate partition in the external drive, and I cannot edit its autorun.inf file

In case it helps anyone, I managed to resolve this (enable Memory Integrity and achieve "enhanced hardware security) on my own Windows 10 Pro version 2004 machine, and still use my WD passport drive

This is what I did (it’s possible some steps were unnecessary):

  1. Logged in to Windows as an administrator (normally I run as a Standard user), and connected all devices that were causing problems so that I could see them in Device Manager. Working out which devices are the culprits is of course the hard part, but it only required a bit of googling for the drivers listed in Settings > Windows Security > Device Security > Core isolation details. In my case the WD Drive Management drivers, a TV card driver and a Logitech keyboard settings app were responsible.

  2. In Device Manager, disable each of the problematic devices, then uninstall their drivers, selecting the option to remove all files and settings where this is offered. In Windows > Apps and Features uninstall any programs that were used to install the affected drivers (WD has none but the others did).

  3. Power down the PC. Unplug all the affected devices. Start the PC again.

  4. Return to the Core isolation details page. You should now be able to enable Memory Integrity. If not, check in your BIOS that virtualisation is enabled, in my case this was tricky to find, on the “Overclocking” page in a setting called “SVM”. Reboot the PC.

  5. I found that I could then plug in my WD Passport drive and re-enable the other devices and use them as normal. In other words, once Memory Integrity is enabled it seems to stay enabled, even though the WD SES device has reappeared in Device Manager.

The WD Security application still seems to run and offers to encrypt the drive but I haven’t tested that fully because the encryption is “totally useless” according to The Register so I prefer to use other tools for that anyway. https://www.theregister.com/2015/10/20/western_digital_bad_hard_drive_encryption/