We can use registry method too, right? I found this method on tomshardware - Spoiler Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard. Open EnableVirtualizationBasedSecurity and set it to 0. I turned core isolation off and then did this. It says 'not enabled' in front of vbs now. If I'm missing something, do let me know.
But the problem is that none of the Windows versions I have ever installed on my systems have ever been tied to UEFI. Only 24H2 and 26120 behave this way. And it was unexpected and strange that I couldn't disable VBS using any of the methods I usually used... I tried many things to disable VBS... And only one method helped. So you need to follow the instructions on the Microsoft website and use the script to disable Credential Guard, and possibly along with UEFI lock. Perhaps it doesn't allow you to disable VBS... And it turns out that 24H2 can enable UEFI lock even on systems that never had it.
try it this way Restart your computer: As it starts up, press the key to enter the BIOS/UEFI settings. This is usually F2, Delete, Esc, or a specific key depending on your manufacturer. Navigate to the Secure Boot settings: Once in the BIOS/UEFI menu, use the arrow keys to navigate to the Security or Boot tab. Disable Secure Boot: Look for an option labeled Secure Boot, Secure Boot Control, or similar. Change the setting to Disabled. Save and Exit: Press the key to save changes and exit the BIOS/UEFI settings. This is usually F10, but it can vary. Your system will restart. Secure Boot should now be disabled, allowing you to manage VBS settings without restrictions. can enable secure boot again not sure if credential guard with uefi lock can be done the same way
Thanks for the tip, but if I enable Secure Boot again, it may automatically enable VBS and Credential Guard... And without Secure Boot, Windows 11 will not meet the minimum requirements for installation - (Secure Boot, TPM 2.0) It's not that I'm too worried about the performance drop (I've seen benchmarks that show a noticeable 1% and 0.1% low fps drop in games from enabling virtualization based security, even though the average performance remains almost the same), I'm just curious. There is a way to disable virtualization based security without disabling secure boot and without disabling virtualization in BIOS, only now it is more complicated and confusing with 24H2. At least the script from GitHub helped me, which is identical to the one on the Microsoft website, but the script from GitHub not only disables credential guard, but also disables VBS (it seems that now, starting with version 24H2, virtualization based security and credential guard are linked together and also linked to UEFI lock).
But it says "not enabled" in front of vbs after I completed those two steps. does it mean it's still enabled somewhere or was I able to disable it successfully?
What Windows version do you have? .2152 seems to be affected by it. Either way, even Windows can not make up it's mind, msinfo32 says disabled, task manager says enabled.
virtualization is not VBS you need virtualization to run VMs do not disable virtualization in BIOS / EFI, you need it
Same .2152 Turns out I'm having the same results as you. Windows is not able to make up its mind. And for some reason my installation is hell bent on installing KB5044384 again and not able to do so due to 0x800f081f error. I think I'd roll back.