You obviously don't understand how to read forum or discussion posts, since there's always differences of opinion found in threads like those here or that I referenced at StackExchange.
Similar to how the "best" answer posts here can be marked by the original poster (you), those at StackExchange can be tagged by the (I assume original) poster with the green checkmark, that you'll notice only exists on the post I mentioned. Along with one other post (the second in my display) it has a much larger number of up-votes near the top left-hand corner as well, while the one you copied has a negative number, so many more other readers thought the post I copied was more accurate/better.
To say it more simply similar to Cyber's post above, Microsoft added this ability for a reason, so enabling both features is better then not doing it, assuming they don't interfere with any of your drivers or other applications, which is the only reason Microsoft doesn't enable them by default.
The other reason it isn't enabled by default is that on older systems upgraded to Windows 10, the likelihood that there will be problems is much higher, due to old outdated drivers and other software, so that's why you'll see all of the confusion surrounding this subject from so many different angles.
As all of the coherently (e.g. well) written posts everywhere about this subject indicate, it's very difficult for malware to gain the level of access to take over a system at the level of the hypervisor, since to do that would require a higher level of privilege in the first place.
However, since Core isolation and Memory integrity are specifically designed to make it more difficult for malware (of any type, not just rootkits) to successfully attack the kernel and other core portions of Windows, once Virtualization Technology (VT) is enabled along with these additional Microsoft security features, it's far less likely that anything else could take control.
Those discussing the possibility that malware might abuse the hypervisor when VT is enabled are all talking in hypothetical terms, in other words it's a theoretical possibility, but none have shown a single existing malware that actually does this, because they simply don't exist.
Quit letting people mess with your mind and listen to Microsoft, since they wouldn't provide a security option that actually reduced security. Turn then all on and if they work without apparent problem, leave them on and forget about them like I did years ago.
Rob
< EDIT > BTW, regarding your question to Cyber as to why your manufacturer left Virtualization Technology turned off, it has nothing to do with security.
The reason it's turned off in your BIOS by default is because it's only needed for things like running a system in hypervisor mode, so if you're not going to do that, it makes no sense to have it enabled.
Like any additional feature of a processor or software, there's always at least a slight penalty of some sort caused by enabling it, though in the case of VT, the performance penalty is almost unnoticeable as you've already mentioned.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 69%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)