Solved Virtualization Based Security


kellymac35

kellymac35

Well-known member
Member
VIP
Local time
12:46 AM
Posts
52
OS
Windows 11 Pro
Hello,

I noticed my Hypervisor-protected code integrity (HVCI) is disabled. I found these settings in the Local Group Policy Editor and was ready to go for it when
I thought I'd better ask. Does anyone else have this enabled on their system? I checked the tutorials and could not find any reference on these settings.


Screenshot 2022-02-28 194853.pngScreenshot 2022-02-28 194808.png
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 ProAMD Ryzen 9 5950X (Zen 3) 16-CoreG.SKILL Trident Z Neo (For AMD Ryzen) 32G DDR...EVGA GeForce RTX 3070 XC3 ULTRA PCI Express 4...
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    AMD Ryzen 9 5950X (Zen 3) 16-Core
    Motherboard
    EVGA X570 FTW WIFI
    Memory
    G.SKILL Trident Z Neo (For AMD Ryzen) 32G DDR4-3600
    Graphics Card(s)
    EVGA GeForce RTX 3070 XC3 ULTRA PCI Express 4.0, Resizable BAR : Yes
    Screen Resolution
    3840 x 2160
    Hard Drives
    SB-ROCKET-NVMe4-500 M.2
    970 EVO Plus 1TB - M.2
    2TB 7200 RPM Hard Drive
    4TB WD My Passport
    PSU
    Super Flower Leadex V Gold PRO 1000W 130mm
    Case
    HYTE Y60 Modern Aesthetic Dual Chamber Panoramic Tempered Glass
    Cooling
    EK AIO 360mm Liquid CPU Cooler
    Keyboard
    NPET K11 Wireless Gaming Keyboard, Rechargeable Backlit
    Mouse
    Logitech
    Internet Speed
    T Mobile Home Internet 5G. $50.00 A month with autopay
    Antivirus
    Windows Defender / Malwarebytes Premium

  • At a glance

    Windows 11 ProAMD Ryzen 7 5800X 8-coreGeIL EVO X II AMD Edition 32 GBEVGA GeForce RTX 2060 KO ULTRA
    Operating System
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    AMD Ryzen 7 5800X 8-core
    Motherboard
    MSI MPG X570 GAMING PLUS
    Memory
    GeIL EVO X II AMD Edition 32 GB
    Graphics card(s)
    EVGA GeForce RTX 2060 KO ULTRA
    Screen Resolution
    1920 x 1080
    Hard Drives
    PNY CS1030 250GB M.2 NVMe Windows
    PNY CS1030 250GB M.2 NVMe Xbox
    Sandisk 500GB SSD Steam / Origin
    Sandisk 120GB SSD Storage
    PSU
    Corsair CX 750M
    Case
    EVGA DG-76 Matte Black Mid-Tower
    Cooling
    AMD Wraith Prism
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    T Mobile Home Internet 5G. $50.00 A month with autopay
    Antivirus
    Windows Defender / Malwarebytes
kellymac35 said:
Does anyone else have this enabled on their system? I checked the tutorials and could not find any reference on these settings.
Click to expand...
I do on two out of my three Windows 11 machines. It works the same in Windows 10, so this tutorial is relevant.

www.tenforums.com

Turn On or Off Core Isolation Memory Integrity in Windows 10

How to Turn On or Off Core Isolation Virtualization-based Security for Memory Integrity in Windows 10
www.tenforums.com www.tenforums.com

EDIT: This tutorial has now been updated for Windows 11.

www.elevenforum.com

Enable or Disable Core Isolation Memory Integrity in Windows 11

This tutorial will show you how to turn on or off core isolation memory integrity in Windows 11. Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core...
www.elevenforum.com www.elevenforum.com

Virtualisation Based Security should be enabled by default - providing all installed drivers are compatible with VBS. But if your system uses an incompatible driver you cannot enable it. See my post #34 here for more details, and why my 3rd machine can never run VBS.

Microsoft's reasoning on CPU compatibility.

Hello to all, I have a question on the reasons why Microsoft has chosen the CPU cutoff's for compatibility on the Windows 11 installation. I understand the TMP and Secure Boot reasons (I have them both on my i5 CORE 7200U Kaby Lake-U/Y 14mm Technology) but I do not understand their reasons for...
www.elevenforum.com www.elevenforum.com
 
Last edited:

My Computers My Computers

System One System Two Other systems

  • At a glance

    Windows 11 HomeAMD Athlon Silver 3050U8GBRadeon Graphics
    OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23-R9VY
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD (from April 2026: 250GB EVO 850)
    Internet Speed
    150 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2, and 25H2 on 30th September 2025 through Windows Update by setting the Target Release Version for 25H2.

    UPDATE - 11 April 2026: due to mechanical deterioration this PC has been retired from active duty. The OS with all software and files has been migrated to my System Seven in 'Other systems' to carry on as my general purpose 'main machine'.

  • At a glance

    Windows 11 ProIntel® Core™ i5-520M8GB(integrated graphics) Intel HD Graphics
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.

    In-place upgrade to 22H2 using ISO and a workaround.
    Feature Update to 23H2 by manually installing the Enablement Package.
    In-place upgrade to 24H2 using hybrid 23H2/24H2 install media.
    Upgraded to 25H2 by Enablement Package.

    Also running Insider Dev, and Canary builds and Windows 10 as native boot .vhdx.
  • My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 1TB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine. Updated to 25H2 on 30th September 2025.

    My SYSTEM SEVEN is a Lenovo Thinkpad T580, Intel Core i7-8650U, 16GB RAM, 512GB NVMe SSD + 2nd 512GB NVMe SSD, a supported device for Windows 11. This is my current general purpose 'main machine'. The installed Windows 11 Home from my System One has been migrated to this machine.
Bree said:
Virtualisation Based Security should be enabled by default
Click to expand...

Yes it is enabled by default when Virtualization is enabled in the BIOS. Maybe the OP does not have Virtualization enabled their BIOS?
 

My Computer My Computer

At a glance

Windows 11 - Release Preview channelIntel 13900KCorsair Dominator Platinum RGB 32GB DDR5 6000MHzGigabyte 4090 Gaming OC
OS
Windows 11 - Release Preview channel
Computer type
PC/Desktop
Manufacturer/Model
Kol's custom ROG
CPU
Intel 13900K
Motherboard
Asus ROG Maximus Hero Z790
Memory
Corsair Dominator Platinum RGB 32GB DDR5 6000MHz
Graphics Card(s)
Gigabyte 4090 Gaming OC
Sound Card
SoundBlaster X-AE5
Monitor(s) Displays
Dell Alienware AW3821DW
Screen Resolution
3840x1600 144hz
Hard Drives
Samsung 980 Pro 500GB
860 EVO's
Samsung 990 Pro 2TB
External RAID enclosure - 2x Seagate 3TB HDD
PSU
Seasonic Prime Ultra 1300W Platinum
Case
Phanteks Eclipse P600S
Cooling
Custom water cooling. EK Velocity (CPU), EK Quantum Vector2 (GPU), EK Quantum D5 Pump, 360mm radiator in case + 560mm external radiator
Keyboard
Corsair K100
Mouse
Logitech G502X
Antivirus
Windows Defender, VBS
Hi folks

For ordinary home users a lot of this stuff is WAY OTT. Who as a typical home user using a Virtual Machine has anything to fear about a hacker getting in to some weird CPU trick to gain access to a machine --- to do what with I ask. The typical user is far more susceptible to scams etc which don't need any serious hacking at all. Why would people bother to spend a lot of time and hard work in gaining access to a small users machine -- to gain what -- 50 USD !! -- there's infinitely easier and larger pickings to be had by these "miscreants".

At a corporate level it's more important -- attacking infrastructure such as transport, energy and health sectors , media sites, dos attacks etc is these days where the problems will be at.

Just install the basic Windows WD software - and simply surf safely and take sensible precautions with emails etc. Even Torrent sites are relatively safe these days --they make money by advertising and people won't come back if their computers get loaded with malware. Don't though download .rar or other compressed files --if you want multi-media download the mp3/mp4/flac/m4a/mkv/avi files directly as it's almost impossible to include a nasty payload with those.

Most domestic Anti Virus products were designed for a different bygone era when the OS was as leaky as a sieve and scamming of the order we have today was in its infancy -- then hacking was a more serious problem on domestic machines. -- WD is fine now.

If you want to add 3rd party or other convoluted security measures then if it gives you peace of mind then OK - can't argue with that - but from a technical point of view it's 100% unnecessary these days provided you keep WD up to date. It's updated several times a week anyway.

For prevention against SCams only the Human Brain is successful currently. This type of prevention would take really sophisticated Machine learning and Artificial Intelligence and we are a long way off getting to that level of sophistication yet.

Cheers
jimbo
 

My Computer My Computer

At a glance

Windows XP,11 Linux Fedora Rawhide pre-releas...2 X Intel i7
OS
Windows XP,11 Linux Fedora Rawhide pre-release 45
Computer type
PC/Desktop
CPU
2 X Intel i7
Screen Resolution
4KUHD X 2
I personally feel VBS is worth the extra security even on my home PC. :) Scams on home users can lead to system takeovers.
 

My Computer My Computer

At a glance

Windows 11 - Release Preview channelIntel 13900KCorsair Dominator Platinum RGB 32GB DDR5 6000MHzGigabyte 4090 Gaming OC
OS
Windows 11 - Release Preview channel
Computer type
PC/Desktop
Manufacturer/Model
Kol's custom ROG
CPU
Intel 13900K
Motherboard
Asus ROG Maximus Hero Z790
Memory
Corsair Dominator Platinum RGB 32GB DDR5 6000MHz
Graphics Card(s)
Gigabyte 4090 Gaming OC
Sound Card
SoundBlaster X-AE5
Monitor(s) Displays
Dell Alienware AW3821DW
Screen Resolution
3840x1600 144hz
Hard Drives
Samsung 980 Pro 500GB
860 EVO's
Samsung 990 Pro 2TB
External RAID enclosure - 2x Seagate 3TB HDD
PSU
Seasonic Prime Ultra 1300W Platinum
Case
Phanteks Eclipse P600S
Cooling
Custom water cooling. EK Velocity (CPU), EK Quantum Vector2 (GPU), EK Quantum D5 Pump, 360mm radiator in case + 560mm external radiator
Keyboard
Corsair K100
Mouse
Logitech G502X
Antivirus
Windows Defender, VBS
I did a repair install of Windows 11 with an in-place upgrade a few weeks ago and I believe this is how my setting must have been changed. I went ahead and reenabled my setting in group policy now (HVCI) shows enabled. Thank you to all who responded.



Screenshot 2022-03-01 033255.png
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 ProAMD Ryzen 9 5950X (Zen 3) 16-CoreG.SKILL Trident Z Neo (For AMD Ryzen) 32G DDR...EVGA GeForce RTX 3070 XC3 ULTRA PCI Express 4...
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    AMD Ryzen 9 5950X (Zen 3) 16-Core
    Motherboard
    EVGA X570 FTW WIFI
    Memory
    G.SKILL Trident Z Neo (For AMD Ryzen) 32G DDR4-3600
    Graphics Card(s)
    EVGA GeForce RTX 3070 XC3 ULTRA PCI Express 4.0, Resizable BAR : Yes
    Screen Resolution
    3840 x 2160
    Hard Drives
    SB-ROCKET-NVMe4-500 M.2
    970 EVO Plus 1TB - M.2
    2TB 7200 RPM Hard Drive
    4TB WD My Passport
    PSU
    Super Flower Leadex V Gold PRO 1000W 130mm
    Case
    HYTE Y60 Modern Aesthetic Dual Chamber Panoramic Tempered Glass
    Cooling
    EK AIO 360mm Liquid CPU Cooler
    Keyboard
    NPET K11 Wireless Gaming Keyboard, Rechargeable Backlit
    Mouse
    Logitech
    Internet Speed
    T Mobile Home Internet 5G. $50.00 A month with autopay
    Antivirus
    Windows Defender / Malwarebytes Premium

  • At a glance

    Windows 11 ProAMD Ryzen 7 5800X 8-coreGeIL EVO X II AMD Edition 32 GBEVGA GeForce RTX 2060 KO ULTRA
    Operating System
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    AMD Ryzen 7 5800X 8-core
    Motherboard
    MSI MPG X570 GAMING PLUS
    Memory
    GeIL EVO X II AMD Edition 32 GB
    Graphics card(s)
    EVGA GeForce RTX 2060 KO ULTRA
    Screen Resolution
    1920 x 1080
    Hard Drives
    PNY CS1030 250GB M.2 NVMe Windows
    PNY CS1030 250GB M.2 NVMe Xbox
    Sandisk 500GB SSD Steam / Origin
    Sandisk 120GB SSD Storage
    PSU
    Corsair CX 750M
    Case
    EVGA DG-76 Matte Black Mid-Tower
    Cooling
    AMD Wraith Prism
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    T Mobile Home Internet 5G. $50.00 A month with autopay
    Antivirus
    Windows Defender / Malwarebytes
jimbo45 said:
Who as a typical home user using a Virtual Machine has anything to fear about a hacker getting in to some weird CPU trick to gain access to a machine...
...Just install the basic Windows WD software - and simply surf safely...
Click to expand...
We are not talking about using a Virtual Machine here. We are talking about enabling one of the functions in your 'basic Windows WD software' - Core Isolation (a function that is normally on by default).

1646144548212.png
 

My Computers My Computers

System One System Two Other systems

  • At a glance

    Windows 11 HomeAMD Athlon Silver 3050U8GBRadeon Graphics
    OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23-R9VY
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD (from April 2026: 250GB EVO 850)
    Internet Speed
    150 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2, and 25H2 on 30th September 2025 through Windows Update by setting the Target Release Version for 25H2.

    UPDATE - 11 April 2026: due to mechanical deterioration this PC has been retired from active duty. The OS with all software and files has been migrated to my System Seven in 'Other systems' to carry on as my general purpose 'main machine'.

  • At a glance

    Windows 11 ProIntel® Core™ i5-520M8GB(integrated graphics) Intel HD Graphics
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.

    In-place upgrade to 22H2 using ISO and a workaround.
    Feature Update to 23H2 by manually installing the Enablement Package.
    In-place upgrade to 24H2 using hybrid 23H2/24H2 install media.
    Upgraded to 25H2 by Enablement Package.

    Also running Insider Dev, and Canary builds and Windows 10 as native boot .vhdx.
  • My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 1TB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine. Updated to 25H2 on 30th September 2025.

    My SYSTEM SEVEN is a Lenovo Thinkpad T580, Intel Core i7-8650U, 16GB RAM, 512GB NVMe SSD + 2nd 512GB NVMe SSD, a supported device for Windows 11. This is my current general purpose 'main machine'. The installed Windows 11 Home from my System One has been migrated to this machine.
How to complete disable windows Virtualization-Based Security.
Windows 11 24H2 build 4770
 

My Computer My Computer

At a glance

Windows 11 ProIntel i9 13900KSG.Skill DDR5 32gb 6400mhzMSI RTX4090 Suprim Liquid
OS
Windows 11 Pro
Computer type
PC/Desktop
CPU
Intel i9 13900KS
Motherboard
Asus Maximus Z790 Hero
Memory
G.Skill DDR5 32gb 6400mhz
Graphics Card(s)
MSI RTX4090 Suprim Liquid
Sound Card
Sound Blaster ZxR
Monitor(s) Displays
MSI mpg321ur-qd
Screen Resolution
4K 144 hz
Hard Drives
Samsung 980 Pro 1TB and 2TB and Samsung 860 Pro 4TB
PSU
Corsair RMx Shift 1200watt
Case
Cooler Master COSMOS C700P
Cooling
Asus Ryujin II
Keyboard
Logitech G413
Mouse
Asus ROG Strix Impact II
Internet Speed
100Mbps
Browser
Egde Chromium
Antivirus
Kaspersky
You must log in or register to reply here.

Similar threads

How to disable virtualization based security (VBS) on 24H2
2
Replies
21
Views
10K
Diceman2037
D
Why does Windows 11 Pro get stuck on logo if Intel Virtualization technology is enabled?
Replies
5
Views
1K
usualjuptier
usualjuptier
Solved Script for disabling Virtual Based Security on 24H2
Replies
8
Views
7K
maur0
M
Virtualization Based Security cannot be disabled in 23H2
Replies
10
Views
26K
rezpower
rezpower
  • Article Article
KB5042562 Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates
2
Replies
29
Views
14K
garlin
G

Latest Support Threads

Latest Tutorials

Back
Top Bottom