Home Source Code Downloads Documentation Donate Forums

Documentation Security Requirements and Precautions VeraCrypt Memory Protection

VeraCrypt Memory Protection Mechanism

Introduction
VeraCrypt always strives to enhance user experience while maintaining the highest level of security. The
memory protection mechanism is one such security feature. However, understanding the need for accessibility,
we have also provided an option to disable this mechanism for certain users. This page provides in-depth
information on both.

Memory Protection Mechanism: An Overview

The memory protection mechanism ensures that non-administrator processes are prohibited from accessing the
VeraCrypt process memory. This serves two primary purposes:

Security Against Malicious Activities: The mechanism prevents non-admin processes from injecting
harmful data or code inside the VeraCrypt process.
Protection of Sensitive Data: Although VeraCrypt is designed to not leave sensitive data in memory, this
feature offers an extra layer of assurance by ensuring other non-admin processes cannot access or extract
potentially sensitive information.

Why Introduce An Option To Disable Memory Protection?

Some accessibility tools, like screen readers, require access to a software's process memory to effectively
interpret and interact with its user interface (UI). VeraCrypt's memory protection unintentionally hindered the
functioning of such tools. To ensure that users relying on accessibility tools can still use VeraCrypt without
impediments, we introduced this option.

How to Enable/Disable the Memory Protection Mechanism?

By default, the memory protection mechanism is enabled. However, you can disable through VeraCrypt main UI
or during installation.

1. During installation:
In the setup wizard, you'll encounter the "Disable memory protection for Accessibility tools
compatibility" checkbox.
Check the box if you want to disable the memory protection. Leave it unchecked to keep using
memory protection.
Proceed with the rest of the installation.
 2. Post-Installation:
Open VeraCrypt main UI and navigate to the menu Settings -> "Performance/Driver Configuration".
Locate and check/uncheck the "Disable memory protection for Accessibility tools compatibility"
option as per your needs. You will be notified that an OS reboot is required for the change to take
effect.
Click OK.
3. During Upgrade or Repair/Reinstall
In the setup wizard, you'll encounter the "Disable memory protection for Accessibility tools
compatibility" checkbox.
Check/uncheck the "Disable memory protection for Accessibility tools compatibility" option as
per your needs.
Proceed with the rest of the upgrade or repair/reinstall.
You will be notified that an OS reboot is required if you have changed the memory protection
setting.

Risks and Considerations

While disabling the memory protection mechanism can be essential for some users, it's crucial to understand the
risks:

Potential Exposure: Disabling the mechanism could expose the VeraCrypt process memory to malicious
processes.
Best Practice: If you don't require accessibility tools to use VeraCrypt, it's recommended to leave the
memory protection enabled.

FAQ
Q: What is the default setting for the memory protection mechanism?
A: The memory protection mechanism is enabled by default.

Q: How do I know if the memory protection mechanism is enabled or disabled?

A: You can check the status of the memory protection mechanism in the VeraCrypt main UI. Navigate to the
menu Settings -> "Performance/Driver Configuration". If the "Disable memory protection for Accessibility
tools compatibility" option is checked, the memory protection mechanism is disabled. If the option is
unchecked, the memory protection mechanism is enabled.

Q: Will disabling memory protection reduce the encryption strength of VeraCrypt?

A: No, the encryption algorithms and their strength remain the same. Only the protection against potential
memory snooping and injection by non-admin processes is affected.

Q: I don't use accessibility tools. Should I disable this feature?

A: No, it's best to keep the memory protection mechanism enabled for added security.