I was having an issue where certain VMware Workstation Pro features don't run on 24H2 due to VBS -- and therefore Hyper-V -- being enabled. Namely I can't virtualize Intel VT-x to the VM. But on 24H2 you can't disable VBS completely. However on 23H2 you can. So I downgraded to Enterprise 23H2. To my surprise this older version of Win11 feels way more stable and responsive even with all VBS bells and whistles turned on. Why is that? Is it just because its an older more tested codebase?
Keep win10 , skip any update, disconnect any dns. if you need to go on web, fireup a virtualmachine with linux with firefox and all is fine. Putting update blindly is the best way to destroy a system .. or loose 1-2 hr to put back a backup..
Of course you can, and I do on all PCs that pass through my hands and my remote hands : Code: bcdedit /set {current} hypervisorlaunchtype off reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard /v EnableVirtualizationBasedSecurity /t reg_dword /d 0 /f reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v Enabled /t reg_dword /d 0 /f For some PCs (like HP ProBook) , BIOS UEFI override/enforce VBS , so entering BIOS UEFI to disable it is required.
and on some Asus based systems with AMD cpus (both laptops and desktop motherboards), VBS in the BIOS/UEFI is listed as "Secure Virtual Machine" or SVM. turning off SVM mode in bios/uefi disables VBS completely
edit: Wrong. SVM is the hardware virtualization at AMD called VMX at Intel. Required for virtualization.
I did all the below tweaks and it still show Virtualization Based Security is Enabled on my Windows 11 24H2 Spoiler: Disable Virtualization Based Security Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] "EnableVirtualizationBasedSecurity"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity] "Enabled"=dword:00000000 "ChangedInBootCycle"=hex(b):40,76,a1,c4,e6,10,db,01 Spoiler: Disable Windows Defender Credential Guard Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard] "LsaCfgFlags"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "LsaCfgFlags"=dword:00000000 Spoiler: Disable Virtualization Based Security from Group Policy Run gpedit. msc. Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard. Double click Turn on Virtualization Based Security. Select Disabled. Click OK. A reboot might be required. I also went in BIOS on my Alienware m16 laptop and set secure boot to off and disabled TPM based security but no luck
To disable VBS in 24H2, all you had to do was disable Windows Hello in Device Guard in the registry in this way: On the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello path, you need to change the value of the DWORD parameter "Enabled" to 0 After restarting your PC, VBS should be turned off At the same time, oddly enough, the ability to log in to an account via Windows Hello (in particular, using a PIN code) still remains