Unable to Enable Core Isolation Memory Integrity due to Western Digital Driver (Windows 10 2004)

When trying to enable Windows 10 Core Isolation Memory Integrity in Microsoft Defender, it says “Memory integrity can’t be turned on” due to incompatibilities with your drivers.

The setting can be found here: [Windows Security App > Device Security > Core Isolation Details > Memory Integrity].

The incompatible driver is the below Western Digital driver, which is located here:
C:\Windows\System32\DriverStore\FileRepository\wdcsam.inf_amd64_7ce69fc8798d6116

wdcsam64_prewin8.sys
Western Digital Technologies

Device:  WD SES Device
Import Date:  5/28/2020
Driver Date:  11/30/2017
Driver Version:  1.2.0.0
Published Name:  oem87.inf

This isn’t a driver that I have installed, but one that comes automatically through Windows Update. The harddrive in the actual machine is a Samsung SSD, therefore this driver is to do with a couple of external USB Western Digital harddrives that are sometimes plugged into the machine, rather than the main drive.

Looking at the driver name, this appears to be a pre-Windows 8 driver – meaning an old driver that is no longer required is preventing an Operating System security feature from being enabled.

I have looked on the Western Digital website for a newer version of the driver HERE, however it only lists a 9 year old driver from 15 March 2011.

I have also looked in Windows Device Manager for the driver to attempt to uninstall it, however it doesn’t appear in Windows Device Manager.

Although not ideal, I attempted to manually delete the wdcsam64_prewin8.sys driver (leaving the wdcsam64.sys driver in place), however it requires SYSTEM privileges to delete it, so I didn’t pursue it any further.

This really needs Western Digital or Microsoft to either prevent the old pre-Windows 8 driver from being automatically installed on people’s Windows 10 machines, or release updated drivers to the Windows Hardware Developer Portal that is compatible with Windows 10 Core Isolation Memory Integrity in Microsoft Defender. As it is, a driver that a lot of people don’t need is preventing them from enabling an OS security feature.

Screenshot:

Screenshot1920×1080 129 KB

Windows 10 2004 (19041.264) x64

Hi,

You could refer to the following link: Driver Error Message: WD SES Device USB Device

I was looking under the ‘Disk drives’ section in Windows Device Manager, rather than the ‘WD Drive Management devices’ section – which is where it is.

Although, as the drivers are automatically pushed to the device via Windows Update when the drive is plugged into the machine, if you uninstall the ‘WD SES Device’ driver in Windows Device Manager, it will reinstall itself again as soon as the drive is plugged back in or the machine is restarted.

However, if it’s just a single machine, as a workaround it’s possible to uninstall the ‘WD SES Device’ driver and enable Memory Integrity before the driver has a chance to reinstall itself. I.E. Plug the Western Digital external harddrive into a USB port and perform the following steps without unplugging the drive:

Screenshot B1920×1080 226 KB

However, the original post still stands: This really needs Western Digital to either prevent the old pre-Windows 8 driver from being automatically installed on people’s Windows 10 machines, or release updated drivers to the Windows Hardware Developer Portal that are compatible with Windows 10 Memory Integrity in Microsoft Defender. The above is just a workaround.

Hello,

Newer SES Drivers are distributed through Windows and macOS Updates and are installed automatically with WD Security, WD Drive Utilities and WD Smartware. You can check out the following links:

Very well described! For Western Digital it should be a matter of course to guarantee its customers absolute product and data security. Especially as security problems have regularly occurred in the past.

There is no newer driver available than version 1.2.0.0 from 11/30/2017. Neither I could find one on https://www.catalog.update.microsoft.com

incompatible_drivers1202×493 23.3 KB

Please provide a download of your updated driver.

Indeed I have the same problem, please provide the exact location (URL) of the updated drivers, that support the Windows 10 ‘Core Isolation / Memory Integrity’ security feature.
Rgds
bavo

I have just installed WD Drive Utilities 2.0.0.71. No new driver has been installed to support SES Device in the system. Core Isolation Memory Integrity still reports the very same wdcsam64_prewin8.sys as a culprit preventing it being switched back on

Jonty.S - It is now widespread that wdcsam64_prewin8.sys is an old, bad driver and is causing Microsoft Defender to issue error messages in Event Viewer, on Win 10 machines. Core Isolation and Virtualization Based Security in MS Defender DO NOT WORK if wdcsam64_prewin8.sys is present anywhere on the system.

How can we purge our systems of the old, bad WD drivers, and then how do we re-connect our WD external hard drives without this old, bad driver being reinstalled? What are the steps to connect a WD external hard drive with NONE of the WD drivers being installed? How do we use your external hard drives using only Microsoft’s native drivers for external hard drives?

Please answer these questions.

FYI - these forums are actively discussing this topic, but we all need you to answer my questions.

This is discussed in two places:

https://www.tenforums.com/antivirus-firewalls-system-security/161859-windows-defender-network-inspection-service-fails-start.html

and

https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-antivirus-network-inspection/e3ed244b-6fd1-4a46-9828-1c0ba973dacc

PLEASE ANSWER MY QUESTIONS ABOVE.

Jonty S. See also

https://www.askwoody.com/2020/windows-defender-throwing-error-events-7000-7001/
(and hit the link for https://www.askwoody.com/forums/topic/windows-defender-throwing-error-events-7000-7001

BUT WE NEED YOU TO ANSWER MY QUESTIONS IN THE PRECEDING POST.

On my Win 10 Pro 64-bit version 1909 (updated through 07-2020) I managed to get
Antimalware Client Version: 4.18.2008.4

But I still cannot turn on Memory Integrity.

I still have my WD external drive hooked up. The driver for “WD SES Device” is disabled . My efforts to uninstall that driver fail - it is reinstalled on every boot.

What next?

EDIT - I completely UNinstalled the WD SES drivers in Device Manager, but I also had to disconnect the WD drive, reboot AND search for the wdcsam64 drivers and delete them everywhere (including from File Repository, which required taking ownership of the relevant WD subfolder’s security) before I could turn on Memory Integrity. Wow!

Now - what happens if I connect the WD drive again - back to square one?

EDIT FIVE DAYS LATER ON AUGUST 20 –

This is still an issue, and Jonty S has not responded.

Also, on each reboot, my WD external drive will re-load its drivers into my Win 10 64-bit v 1909. They are on a separate partition in the external drive, and I cannot edit its autorun.inf file

In case it helps anyone, I managed to resolve this (enable Memory Integrity and achieve "enhanced hardware security) on my own Windows 10 Pro version 2004 machine, and still use my WD passport drive

This is what I did (it’s possible some steps were unnecessary):

1. Logged in to Windows as an administrator (normally I run as a Standard user), and connected all devices that were causing problems so that I could see them in Device Manager. Working out which devices are the culprits is of course the hard part, but it only required a bit of googling for the drivers listed in Settings > Windows Security > Device Security > Core isolation details. In my case the WD Drive Management drivers, a TV card driver and a Logitech keyboard settings app were responsible.

2. In Device Manager, disable each of the problematic devices, then uninstall their drivers, selecting the option to remove all files and settings where this is offered. In Windows > Apps and Features uninstall any programs that were used to install the affected drivers (WD has none but the others did).

3. Power down the PC. Unplug all the affected devices. Start the PC again.

4. Return to the Core isolation details page. You should now be able to enable Memory Integrity. If not, check in your BIOS that virtualisation is enabled, in my case this was tricky to find, on the “Overclocking” page in a setting called “SVM”. Reboot the PC.

5. I found that I could then plug in my WD Passport drive and re-enable the other devices and use them as normal. In other words, once Memory Integrity is enabled it seems to stay enabled, even though the WD SES device has reappeared in Device Manager.

The WD Security application still seems to run and offers to encrypt the drive but I haven’t tested that fully because the encryption is “totally useless” according to The Register so I prefer to use other tools for that anyway. Western Digital's hard drive encryption is useless. Totally useless • The Register

This is pretty bad Western Technologies. Not only is your driver not up-to-date with the latest Microsoft Windows security features, it can be a pain to delete because it requires SYSTEM access. Talk about TechnocraticArrogance.sys at its worst.

Still getting this issue. Can WD resolve this please. Thanks

Hello! You may try to install Western Digital Technologies WD Security utility. Then You will be able to remove the WD SES Device wdcsam64.sys driver from Windows Device Manager.

finally figured it out. The key here is the tool PnPUtil. I used this post as a launching point.

I did not see a single other way to remove this out of date, useless, broken Western Digital Driver. Not sure if this solution will work for everyone; it worked for me and I’ve included my thought process.

Goal: Delete out of date/broken drivers which stop memory isolation from running.
Problem: Drivers aren’t being used, are not associated with any useable software, and can’t be traditionally uninstalled.

Process:

1. Open up command prompt (CMD) as an administrator

2. type in “pnputil /?” without the quotation marks and hit enter.
   2a. This will show you all the parameters and what they do. Helps a novice figure things out.

3. type in “pnputil /enum-drivers” without the quotation marks and hit enter.
   3a. This shows all the third party drivers installed. Find the drivers and that correspond to the incompatible drivers from memory isolation. You can get more details by clicking on the incompatible driver in memory isolation.
   3b. Confirm the drivers match and jot down the details of the drivers

4. type in “pnputil /enum-devices /connected” without the quotation marks and hit enter.
   4a. To make sure the incompatible drivers aren’t being used, go through all the devices and check if the incompatible driver is listed by “Driver Name.” This part was annoying but made me less worried about breaking something.

5. After confirming you’re in the clear, type in “pnputil /delete-driver oem#.inf /uninstall /force /reboot” without the quotation marks and hit enter.
   5a. Substitute oem#.inf with whatever your driver is causing problems.
   5b. Do this for each driver, one at a time, changing oem#.inf to match as you go along
   5c. /uninstall makes sure the driver is uninstalled; /force makes sure the driver is deleted, not a problem for us since we made sure it wasn’t being used; /reboot will restart the computer if deleting the driver requires it.

That’s it! super easy, super simple, super straight forward. Glad PnPUtil exists. Afterwards, I restarted my computer to be safe then turned on memory isolation, no problem.

From everything I have been able to find, the WD SES device in Device Manager is not necessary and is now obsolete. You can remove the device by right clicking on it and uninstalling it. Be sure to check the remove/uninstall driver checkbox. Just to be safe, I copied the driver file to another folder in case I run into problems. Once I uninstalled the device and it’s drivers I was able to enable the memory integrity. Hope this helps.

BTW, I also have a support ticket in to Western Digital and am waiting for their reply.

Dear annoyed,

Sheer genius, lucidly explained. Thank you.

Should you ever find yourself in the middle of Brooklyn, name your favorite beverage. Meanwhile, cheers.

P.S. - the “/connected” business in Step 4 didn’t fly for me under Win 11 build 22000. But none of my zombie devices appeared in Device Mangler, so I just went ahead and uninstalled them.

The SES driver can also be removed as follows. These steps are for Windows 10 and might be slightly different on Windows 11.

1. Get the driver published name. The format of this name is oemXX.inf where XX is a number. You can find it in device manager info or you can run this Windows command:
   dism /image:c:\ /get-drivers
   and note the ‘published name’.

2. Restart Windows to command prompt by going to Settings - Update&Security - Recovery - Restart now - troubleshoot - advanced options - command prompt
   The PC will restart and provide a command prompt. Then run the following command:
   dism /image:c:\ /remove-driver /driver:oemxx.inf
   where xx is the driver number found in step 1.

Note that after removing the driver, Windows will still offer to re-install it in Windows Update - View additional updates.

Using the WD SES driver increases the vulnerability of Windows PCs to malware infections since it blocks the Core Isolation feature of Windows Device Security to be enabled.
Core Isolation has been implemented in Windows 10 since April 2018. So almost four years ago. So why is the driver not updated yet?

WD considers security of the PCs of it’s users as a high priority. So you would expect the SES driver to have been updated already long ago.

Thank you, annoyed_user!
Worked like a charm to uninstall and remove two incompatible drivers flagged by Memory Integrity.

PS: in steps 3 and 4, I copied the results returned by pnpnutil in each step to the clipboard, pasted into a text document, and searched for the driver name.

Thanks again.