Share via

VBS(Virtualization based security) status in msinfo32 is showing as enabled but not running after enabling device guard.

Verma, Vikram 10 Reputation points
2023-06-27T12:20:13.5766667+00:00

We have enabled all required settings (Secure Boot, VT-x and VT-d, UEFI). By default, Virtualization based security is in running state in windows 11, after enabling the device guard status is changed to enabled but not running which is incorrect. It is happened after enabling the device guard.

Below are the value of VirtualizationBasedSecurityStatus

VirtualizationBasedSecurityStatus

This field indicates whether VBS is enabled and running.

Value Description

  1. VBS isn't enabled.
  2. VBS is enabled but not running.
  3. VBS is enabled and running.

Current Value : 1. VBS is enabled but not running.

Expected Value : 2. VBS is enabled and running.

When we enable Device Guard , in Event Viewer below lines are getting logged.

"Virtualization-based security (policies: VBS Enabled,VSM Required,Secure Boot,Iommu Protection,Mmio Nx,Strong MSR Filtering,Hvci,Boot Chain Signer Soft Enforced) is disabled due to VBS initialization failure with status: The request is not supported."

"The virtualization-based security enablement policy check at phase 0 failed with status: The request is not supported."

Referred Microsoft Article:

https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity

Please please help us in enabling virtualization based security as running after enabling device guard.

Machine info: Windows 11 Enterprise

Version: 21H2

OS build : 22000.1455

Regards,

Vikram

Windows for business Windows Client for IT Pros User experience Other
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,746 Reputation points
    2023-06-28T12:19:51.1166667+00:00

    Hello Vikram,

    Thank you for your question and for reaching out with your question today.

    It seems like you're experiencing an issue with enabling Virtualization Based Security (VBS) and running it after enabling Device Guard on Windows 11 Enterprise. The error message you provided indicates that VBS initialization is failing with the status "The request is not supported." This can be challenging to diagnose without further information, but I can offer some general suggestions to troubleshoot and resolve the issue:

    1. Verify hardware compatibility: Ensure that your hardware meets the requirements for VBS and Device Guard. Check if your processor supports virtualization features like Intel VT-x or AMD-V and that they are enabled in the BIOS settings. Also, verify that your hardware supports the necessary security features like Secure Boot.
    2. Check BIOS/UEFI settings: Make sure that all the required settings for VBS and Device Guard are correctly configured in the BIOS/UEFI. These settings can include Secure Boot, VT-x and VT-d (Intel virtualization technologies), and others. Refer to your hardware manufacturer's documentation for the specific BIOS/UEFI settings related to virtualization and security.
    3. Update firmware and drivers: Ensure that your system's firmware (BIOS/UEFI) is up to date. Check the manufacturer's website for any available firmware updates that might address compatibility or stability issues. Additionally, update all drivers, especially those related to virtualization and security.
    4. Check for Windows updates: Ensure that your Windows 11 Enterprise system is up to date with the latest cumulative updates and security patches. Microsoft frequently releases updates that address compatibility issues and improve the stability of features like VBS and Device Guard.
    5. Review group policies and security settings: Double-check the group policies and security settings related to VBS and Device Guard on your Windows 11 Enterprise system. Ensure that the policies are correctly configured and aligned with the recommended settings mentioned in the Microsoft article you referenced. Make sure that there are no conflicting or misconfigured policies.
    6. Check for conflicting software: Sometimes, certain software or drivers can interfere with VBS and Device Guard functionality. Review the installed software and drivers on your system and check for any known compatibility issues. Consider temporarily disabling or uninstalling any third-party security software or drivers to see if they are causing the problem.

    Remember to perform these steps with caution and always have backups and system restore points in place before making changes to critical system settings or configurations.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

  2. Daniel Lizardo 0 Reputation points
    2023-10-12T22:59:09.8233333+00:00

    I have the same issue with a VMware Win Server 2022 standard, I've enabled credential guard (as recommended on M365 Defender Sec Recom) but it doesn't seem to be working. can anyone help me with this.

    0 comments
  3. Anatoliy Mel 0 Reputation points
    2024-02-14T08:51:13.1033333+00:00

    I get the same error when activating device guard on Windows Server 2022 on VM(. Device Guard failed to process the Group Policy to enable Virtualization Based Security (Status = 0x80070032): The request is not supported. But I have Windows 10 and Windows Server 2019 VMs on the same hypervisor and everything works fine, problem is only with Windows Server 2022.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.