How To Enable / Disable Virtualization-Based Security (VBS) in Windows

Virtualization-Based Security (VBS) is a Windows feature that uses hardware virtualization to isolate sensitive processes. While it enhances security, it can reduce performance in resource‑intensive applications. This guide explains how to check, disable, and re‑enable VBS.

Step 0: Check VBS Status

  • Press Start, type System Information, and open it.
  • In the System Summary, look for Virtualization-based Security.
  • If it says Running, VBS is enabled. If it says Not enabled, VBS is disabled.

Steps to Disable VBS

Step 1: Disable BitLocker (Optional)

  • Open Control Panel → System and Security → BitLocker Drive Encryption.
  • Turn it off if it is enabled.

Step 2: Turn Off Related Windows Features

  • Open Control Panel → Programs → Turn Windows features on or off.
  • Uncheck the following if enabled: Containers, Container Server, Hyper‑V, Virtual Machine Platform, Windows Hypervisor Platform, Windows Sandbox, Windows Subsystem for Linux (WSL).

Step 3: Disable Memory Integrity (Core Isolation)

  • Press Windows Key + I to open Settings.
  • Go to Privacy & Security → Windows Security → Device Security → Core Isolation.
  • Toggle Memory Integrity to Off.

Step 4: Prevent Hyper‑V Hypervisor & Virtual Secure Mode from Loading

  • Open Command Prompt as Administrator.
  • Run:
    bcdedit /set vsmlaunchtype off
    bcdedit /set hypervisorlaunchtype off

Step 5: Disable VBS via Group Policy

  • Press Windows Key + R, type gpedit.msc, and press Enter.
  • Navigate to Computer Configuration → Administrative Templates → System → Device Guard → Turn On Virtualization Based Security.
  • Set the policy to Disabled.

Step 6: Disable Device Guard via Registry

  • Press Windows Key + R, type regedit, and press Enter.
  • Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard and set:
    EnableVirtualizationBasedSecurity = 0
    RequirePlatformSecurityFeatures = 0 (if exists).
  • Then go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA and set:
    LsaCfgFlags = 0 (if exists).

Step 7: Disable Windows Hello

  • In Registry Editor, navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello
  • Set Enabled = 0.

Step 8: Restart Your PC

  • Restart your computer to apply changes.
  • If VBS still shows as running, disable Secure Boot in BIOS/UEFI settings.

Alternative Method

  • You can perform a clean installation of Windows using an autounattend.xml file. In setup options, select Disable Core Isolation / VBS and configure Windows Defender Application Control as Do not configure WDAC policy.

Steps to Re‑Enable VBS

  • Reverse the above steps.
  • To re‑enable Hyper‑V and Virtual Secure Mode, run:
    bcdedit /set vsmlaunchtype auto
    bcdedit /set hypervisorlaunchtype auto

Managing VBS allows you to balance system security with performance. Whether you disable it for resource‑heavy tasks or re‑enable it for protection, Windows gives you full control over this feature.

Tags

Post a Comment

Previous Post Next Post
Share to other apps
Copy Post Link

Contact Form