Virtualization Based Security cannot be disabled in 23H2

patriciocuaron · May 17, 2024

Hello. I'm on build 22631. Win11 just updated to 23H2. In the process, a key app for me ceased working, due to VBS being enabled. It worked under Win11 22H2, with the Memory Integrity setting disabled. (Long story short: I undervolt and achieve a 77% overclock on my i7-8750h, cannot upgrade to a newer laptop due to reasons. ThrottleStop ceased working, Intel XTU doesn't work either and blames VBS. I do a very CPU-demanding work for a living and this is the only PC I'll have access to in the short to medium term.)

I've tried the following:

Core Isolation / Memory Integrity is off. (It "stayed" off between 22H2 and 23H2)
Disabled Credential Guard

Following this guide Configure Credential Guard - Windows Security, I disabled Credential Guard both with the Group Policy Editor and with the registry,

I also disabled Credential Guard with UEFI lock, which asked me to press F3 before loading Windows twice, once for Credential Guard and then for VBS
Disabled VBS with the bcdedit commands as instructed here (the Group Policy option is the same as in the Credential Guard subsection!)

Configure Credential Guard

Learn how to configure Credential Guard using MDM, Group Policy, or the registry.

learn.microsoft.com
I've turned off Virtual Machine Platform (VMP) using these instructions Options to optimize gaming performance in Windows 11 - Microsoft Support
I see no relevant BIOS options (other than outright disabling all virtualization)

Despite all of these steps and rebooting countless times, VBS is still enabled. This is what msinfo32 shows:

I'm out of ideas. Any help would be greatly appreciated. I use this PC for working on CPU-heavy apps, and truly halving the performance of an already old processor is killing me.

hdmi · May 18, 2024

4 Methods Enable Or Disable Virtualization Based Security VBS On Windows 11 HTMD Blog

Learn how to Enable or Disable Virtualization Based Security (VBS) on Windows 11. The implementation of VBS uses hardware virtualization features to create

www.anoopcnair.com

patriciocuaron · May 18, 2024

hdmi said:
4 Methods Enable Or Disable Virtualization Based Security VBS On Windows 11 HTMD Blog

Learn how to Enable or Disable Virtualization Based Security (VBS) on Windows 11. The implementation of VBS uses hardware virtualization features to create

www.anoopcnair.com

I did ALL of them except the InTune solution, as I describe in the first post. 23H2 seems to disregard these settings.

Bizarre · May 18, 2024

Have you tried the DG Readiness Tool?

Download Device Guard and Credential Guard hardware readiness tool from Official Microsoft Download Center

Use this tool to see if your hardware is ready for Device Guard and Credential Guard. You can also use this to enable Device Guard or Credential Guard.

www.microsoft.com

Run PowerShell as Administrator, then execute the command:

Code:

DG_Readiness_Tool_v3.6.ps1 -Disable

hdmi · May 19, 2024

Do you run a 3rd party AV?

hdmi · May 19, 2024

patriciocuaron said:
I did ALL of them except the InTune solution, as I describe in the first post.

From what I can read, you didn't describe that in your 1st post at all. The link I gave says to also turn off 2 more Windows features (i.e., Microsoft Defender Application Guard and Windows Hypervisor Platform) in addition to turning off VMP.

apfsx · May 19, 2024

What version of Windows are you on? Home, Pro, Enterprise, etc?

I had this same issue on 2 different computers running Win11 Education (which is basically just Enterprise edition rebranded). After you disable everything regarding VBS and Credential Guard in group policy, reboot, then come back in and in an elevated shell run this command.

bcdedit /set hypervisorlaunchtype off

After rebooting it should be off.

erns · Aug 13, 2024

Hi,

I was used different options and the only thing that work for me was DG Readiness Tool.

Thanks @Bizarre

rezpower · Aug 13, 2024

I am on latest build of 23h2 right now (got latest update tonight) and I am using throttlestop right now and it's working with no problem!
The only thing I have disabled is Core isolation and even have vmware workstation running! So I think that the problem is not from windows 23h2! Are you sure you didn't get a bios update? New bios updates are blocking undervolting and on my laptop also the latest bios disables undervolting. So I have to stick with an older version to keep this working.

hdmi · Aug 14, 2024

rezpower said:
I am on latest build of 23h2 right now (got latest update tonight) and I am using throttlestop right now and it's working with no problem!
The only thing I have disabled is Core isolation and even have vmware workstation running! So I think that the problem is not from windows 23h2! Are you sure you didn't get a bios update? New bios updates are blocking undervolting and on my laptop also the latest bios disables undervolting. So I have to stick with an older version to keep this working.

Your laptop's CPU does not let you undervolt it. The older BIOS just gives you the fake impression that it does, but it still doesn't. See this reddit post from unclewebb, the author of ThrottleStop:

https://www.reddit.com/r/overclocking/comments/1ao175f/comment/kq1q5fp

rezpower · Aug 14, 2024

Hello hdmi :)
I am sorry for the confusion I created because of not updating my PC info. My CPU is a 12800HX. But for those with CPU's that do not undervolt , ThrottleStop should not show that the offset is applied. It will show the offset as 0. One should also check with other monitoring software.

Virtualization Based Security cannot be disabled in 23H2

Member

My Computer

Jack of all trades – master of none

My Computers

Member

My Computer

Well-known member

My Computer

Jack of all trades – master of none

My Computers

Jack of all trades – master of none

My Computers

New member

My Computer

New member

My Computer

Well-known member

Attachments

My Computer

Jack of all trades – master of none

My Computers

Well-known member

My Computer

Similar threads