VeraCrypt

Documentation >> Security Requirements and Precautions >> VeraCrypt Memory Protection

VeraCrypt Memory Protection Mechanism

Introduction

VeraCrypt always strives to enhance user experience while maintaining the highest level of security. The memory protection mechanism is one such security feature. However, understanding the need for accessibility, we have also provided an option to disable this mechanism for certain users. This page provides in-depth information on both.

Memory Protection Mechanism: An Overview

The memory protection mechanism ensures that non-administrator processes are prohibited from accessing the VeraCrypt process memory. This serves two primary purposes:

Why Introduce An Option To Disable Memory Protection?

Some accessibility tools, like screen readers, require access to a software's process memory to effectively interpret and interact with its user interface (UI). VeraCrypt's memory protection unintentionally hindered the functioning of such tools. To ensure that users relying on accessibility tools can still use VeraCrypt without impediments, we introduced this option.

How to Enable/Disable the Memory Protection Mechanism?

By default, the memory protection mechanism is enabled. However, you can disable through VeraCrypt main UI or during installation.

  1. During installation:
    • In the setup wizard, you'll encounter the "Disable memory protection for Accessibility tools compatibility" checkbox.
    • Check the box if you want to disable the memory protection. Leave it unchecked to keep using memory protection.
    • Proceed with the rest of the installation.
  2. Post-Installation:
    • Open VeraCrypt main UI and navigate to the menu Settings -> "Performance/Driver Configuration".
    • Locate and check/uncheck the "Disable memory protection for Accessibility tools compatibility" option as per your needs. You will be notified that an OS reboot is required for the change to take effect.
    • Click OK.

Risks and Considerations

While disabling the memory protection mechanism can be essential for some users, it's crucial to understand the risks:

FAQ

Q: What is the default setting for the memory protection mechanism?
A: The memory protection mechanism is enabled by default.

Q: How do I know if the memory protection mechanism is enabled or disabled?
A: You can check the status of the memory protection mechanism in the VeraCrypt main UI. Navigate to the menu Settings -> "Performance/Driver Configuration". If the "Disable memory protection for Accessibility tools compatibility" option is checked, the memory protection mechanism is disabled. If the option is unchecked, the memory protection mechanism is enabled.

Q: Will disabling memory protection reduce the encryption strength of VeraCrypt?
A: No, the encryption algorithms and their strength remain the same. Only the protection against potential memory snooping and injection by non-admin processes is affected.

Q: I don't use accessibility tools. Should I disable this feature?
A: No, it's best to keep the memory protection mechanism enabled for added security.