Search results
Jan 7, 2023 · Fix McAfee Security Scan Plus is not compatible when Windows 11/10 HVCI mode is enabled. The error message will pop up on your screen when you want to run McAfee and HVCI is enabled on...
Nov 19, 2022 · TR. traininglady (2) Created on November 19, 2022. Why does McAfee Security say that my Win 11 is actually Win 10 with HVCI enabled and therefore can't work? When I opened my HP laptop with Windows 11 on it, this error message appeared from McAfee. "McAfee Security Scan Plus is not compatible when Windows 10 HVCI mode is enabled.
People also ask
Is McAfee Security Scan Plus compatible with Windows 11/10 hvci mode?
Does McAfee update hvci?
What is Windows 10 hvci mode?
How to detect hvci incompatible drivers?
Document ID: 000002391. You're unable to scan your Windows PC using McAfee Security Scan Plus, and you see the following error: Program not compatible!McAfee Security Scan Plus is not compatible when Windows 10 HVCI mode is enabled. This error is shown even when the HVCI mode is turned off.
May 20, 2023 · Step 1. Download the Memory integrity scan tool from this updated_link and. Step 2. copy this hvciscan_amd64.exe file to C:\Temp\ Step 3. To find the drivers incompatible with HVCI. Open Command Prompt application with administrator rights. type below line. Cd /d C:\Temp\ hvciscan_amd64.exe.
- Overview
- Application compatibility
- How to build compatible drivers
- How to verify driver compatibility with memory integrity
- Driver Verifier compatibility checks
- Test the driver with memory integrity enabled
- HLK testing (Desktop and Server)
- FAQs
Memory integrity is a virtualization-based security (VBS) feature available in Windows 10, Windows 11, and Windows Server 2016 and later. Memory integrity and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows kernel. VBS uses the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. Memory integrity is a critical component that protects and hardens Windows by running kernel mode code integrity within the isolated virtual environment of VBS. Memory integrity also restricts kernel memory allocations that could be used to compromise the system, ensuring that kernel memory pages are only made executable after passing code integrity checks inside the secure runtime environment, and executable pages themselves are never writable.
Memory integrity is turned on by default on clean installs of Windows 10 in S mode and Windows 11 on compatible hardware as described in memory integrity enablement. On other systems that don't meet the memory integrity auto-enablement requirements, customers can opt in using any of the methods described in how to enable memory integrity.
Although compatibility with memory integrity has been a requirement for all drivers since the Windows 10 Anniversary Update (1607), some applications and hardware device drivers may still be incompatible. This incompatibility can cause devices or software to malfunction and in rare cases may result in a boot failure (blue screen). Such issues may occur after memory integrity protection has been turned on or during the enablement process itself. If you're an application developer and want to validate that your drivers and software packages are compatible with memory integrity, follow these steps.
Some examples where we have observed incompatibilities with memory integrity include:
•Anti-cheat solutions with gaming
•3rd party input methods
•3rd party banking password protection
We worked hard to mitigate impacted experiences, so if an incompatibility exists for a boot-critical driver, memory integrity protection will be silently turned off if it had been auto-enabled. If you encounter incompatibilities with other apps, we advise that you check for updates for the specific app and version encountering the issue before turning off memory integrity protection.
Since memory pages and sections can never be writable and executable, the first step is to ensure a clear separation of data and code and not to attempt to directly modify code pages.
•Opt-in to NX by default
•Use NX APIs/flags for memory allocation - NonPagedPoolNx
•Don't use sections that are both writable and executable
•Don't attempt to directly modify executable system memory
•Don't use dynamic code in kernel
There are three steps to verify driver compatibility:
1.Use Driver Verifier (see section below) with the Code Integrity compatibility checks enabled.
2.Test the driver on a system with memory integrity enabled.
3.Run the HyperVisor Code Integrity Readiness Test in the Windows HLK.
Driver Verifier has a Code Integrity option flag (0x02000000) to enable extra checks that validate compliance with memory integrity. To enable this from the command line, use the following command:
To choose this option if using the verifier GUI, choose Create custom settings (for code developers), choose Next , and then choose Code integrity checks.
Although Windows will turn memory integrity on by default for most systems, there are several reasons that may prevent that from happening. To turn on memory integrity, see How to turn on memory integrity. Then, test the functionality of your driver. Be sure to exercise all code paths in your driver to ensure your driver doesn't perform operations ...
The HLK test HyperVisor Code Integrity Readiness Test must pass for drivers to be approved for Microsoft signing. Memory integrity-compatible drivers are required for both Desktop and Server Editions. The HLK test is a basic test written to make sure that memory integrity-compatible drivers are correctly loaded and run by the OS.
Although simply passing the HLK test is sufficient for a Microsoft signature for the driver, we strongly recommend thorough functional testing with memory integrity enabled. For example, there might be incorrectly-coded memory allocations violating NX protections that cause failures that wouldn't be caught by the test. The driver author should thoroughly test the driver while keeping memory integrity enabled.
During driver development and during HLK testing, memory integrity may need to be disabled, as it can prevent the driver from loading.
The HLK Hypervisor Code Integrity Readiness Test is required as part of the Windows Server Assurance AQ and the flags to enable Code Integrity checks are also set while enabling driver verifier during other HLK tests.
What about existing drivers? Do I need to re-build these drivers to get them to work with Windows 10?
It depends. Many drivers will already be compatible. If using standard settings with the old versions of the WDK and Visual Studio, a known issue is that the INIT section is marked as RWX. In Windows 10, however, the W will automatically be stripped, so if this is the only issue then the driver will be compatible.
How do I verify that memory integrity is enabled?
The simplest method is to run the System Information app (msinfo32). Look for the following line: "Virtualization-based security Services Running". It should report: "Hypervisor enforced Code Integrity". There is also a WMI interface for checking using management tools, see Validate enabled VBS and memory integrity features.
Memory integrity can also be checked in the Windows Security app at Settings > Update & Security > Windows Security > Device security > Core isolation details > Memory integrity. For more information, see KB4096339.
Can I verify that memory integrity is enabled programmatically from kernel in order to alter driver behavior?
Jan 11, 2023 · New member had the same problem i.e program Not Compatible Macafee security scan plus not compatible when WINDOS 10 HVCI mode is enabled please clos application sorry to say I am 75 years old and thus have little knowledge of PC's but my new one is Windows 11 fro HP envy. didnt realise...
Mar 26, 2024 · Memory integrity is sometimes referred to as hypervisor-protected code integrity (HVCI) or hypervisor enforced code integrity, and was originally released as part of Device Guard. Device Guard is no longer used except to locate memory integrity and VBS settings in Group Policy or the Windows registry.
