VMware Communities
kethantx
Contributor
Contributor
‎11-15-2021 09:45 AM
Jump to solution

Windows 11 guest - cannot enable Memory Integrity

There appears to be an issue with VMWare Tools for Windows. If you try to enable Memory Integrity in Windows 11 (I haven't tried it in Windows 10), in both Workstation and Fusion it refuses to enable because of a single driver. The driver is an Intel Pro/1000 network driver E1G6032E.sys. The reason I believe it relates to VMWare Tools is because, if you remove the driver, you lose networking in the guest. No matter how you change your VM settings, networking on the guest will not work until you replace the Intel driver. This isn't critical; Windows 11 will work without Memory Integrity being enabled. However, it would be nice if it were fixed. I discovered this because I was reading about how when you upgrade from Windows 10 to Windows 11 VBS is automatically disabled, and I wanted to see what would happen if I enabled it. Turns out I couldn't.

0 Kudos
1 Solution

Accepted Solutions
bluefirestorm
Champion
Champion
‎11-15-2021 05:28 PM
Jump to solution

The drivers of the virtual Intel NICs of VMware VMs are not from VMware Tools. They would use the standard drivers that come from the guest OS.

Since you are seeing E1G6032E.sys that means the virtual adapter is set as "e1000". You can see this in the corresponding entry(ies) in the vmx file (e.g. ethernet0.virtualDev)

You can change it to either "e1000e" or "vmxnet3". The driver for vmxnet3 comes up VMware Tools but of late VMware driver updates can also come from Windows Update.

View solution in original post

6 Replies
bluefirestorm
Champion
Champion
‎11-15-2021 05:28 PM
Jump to solution

The drivers of the virtual Intel NICs of VMware VMs are not from VMware Tools. They would use the standard drivers that come from the guest OS.

Since you are seeing E1G6032E.sys that means the virtual adapter is set as "e1000". You can see this in the corresponding entry(ies) in the vmx file (e.g. ethernet0.virtualDev)

You can change it to either "e1000e" or "vmxnet3". The driver for vmxnet3 comes up VMware Tools but of late VMware driver updates can also come from Windows Update.

kethantx
Contributor
Contributor
‎11-16-2021 02:34 PM
Jump to solution

Thanks! That worked, although I had to remove the TPM and decrypt the machine before I could edit the .vmx file. Then encrypt and add the TPM again. Then I still had to rename the E1G6032E.sys driver to .bak even though I wasn't using it any longer; Windows still complained about it if I didn't. But I got there in the end.

ender_
Expert
Expert
‎11-16-2021 02:38 PM
Jump to solution

You don't need to have the VM encrypted any more if you're running 16.2.0 or newer to use TPM. First make sure you upgrade the virtual HW version to 16.2.x, then add the following line to the .vmx file:

managedvm.autoAddVTPM = "software"

0 Kudos
bluefirestorm
Champion
Champion
‎11-16-2021 07:28 PM
Jump to solution

If you "Show hidden devices" in Device Manager in the VM, the Intel PRO 1000 adapter will likely be one of them. That could be the reason why Windows still complained about its driver. You can uninstall the hidden device and also have its associated drivers removed. I don't know for sure if Windows still loads drivers into memory of hidden devices.

As for the managedVM.autoAddvTPM option to avoid encrypting the virtual disks, keep it mind it is an experimental feature. Furthermore, 16.2.0 and its 16.2.1 seems rather buggy and problematic judging by the posts in this communities forum. So you have to make that judgment call whether it is worth the tradeoff/potential problems and headaches for your use case.

 

0 Kudos
bld
Contributor
Contributor
‎11-30-2022 02:39 AM
Jump to solution

Following this thread allowed me to turn on Memory integrity in my Win 11 VM, and Windows required a restart. But after that restart, the setting was disabled again. No incompatible drivers are listed.

Thoughts?

0 Kudos
kvmt
Contributor
Contributor
‎10-30-2023 05:43 AM
Jump to solution

I had an issue with Windows 11 guest running on VMware Fusion. After enabling Memory Integrity, the entire system became extremely laggy.

Fortunately, I found a solution by running the following command to disable Memory Integrity.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f

Due to laggy system, I was only able to run the command in Safe Mode with Command Prompt. In case someone may wonder, here's a useful guide on how to start Windows 11 in Safe Mode with Command Prompt (cmd).

 

0 Kudos