Unable to disable virtual based security in Windows 11 24h2

Question

Setup Windows 11 24h2 AMD 8840U chipset. Unable to disable virtual based security. Did the registry changes. Did the GPO. Did the settinngs / security / core settings. Did the BCDEDIT. Disabled HyperV. And yet it still runs. The best I could do was a BIOS change and turn of SVM. And even after that MSINFO32 still says ENABLED but not running. FM.

It seems VBS is embedded in the kernel. How do I disable or remove it?

Answer 1

None of these solutions were helpful for me - I tried all listed on this thread as well as others. Here's how I permanently solved disabling Hypervisor and VBS. The catch is that in 24H2, Microsoft linked Hello to security but didn't document it. I just built and rebuilt and rebuilt my laptop due to 24H2 crashing it (BSOD). Got Microsoft help to get link to 23H2 software only for Microsoft to automatically run updates on the 23H2 build taking it straight to 24H2 again. Thanks Microsoft!!!!

In setting up each of my laptop rebuilds, I was never given option to setup a password and Win 11 installation steps conveniently steered me to use Hello PIN. I was fine with that and figured I would go back and set password later. This article on Reddit was hugely instrumental. I didn't need to run the Device Guard and Client Guard check. All the different registry edits and hacks were not helpful - HyperV remained.

Here is what I have done to completely disable VBS in Windows 11 24H2 referencing this article (https://www.reddit.com/r/Amd/comments/1fums7b/psa_disabling_memory_integrity_in_windows_11_24h2/?rdt=62400):

• Removed my Hello PIN, setting real password for laptop
• Turn off Trusted Execution Tech in BIOS if enabled
• Disabled "Memory Integrity" in Windows Defender
• Download and run Device Guard and Credential Guard readiness tool script (Download Device Guard and Credential Guard hardware readiness tool from Official Microsoft Download Center) (I skipped this step however I'm including it for others)
• Modify registry (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello\Enable) to 0. (This is the one missing step from search results from internet)
• Reboot and press F3 twice to confirm.
• Go into System Information to confirm that VBS is now showing as "Not Enabled".

This fix is permanent and survives reboots!

Answer 2

Hello

Thank you for posting in Q&A forum.

Here are some steps you can try to disable VBS:

Steps to Disable VBS

1. Registry Editor:

Press Windows + R, type regedit, and press Enter.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard.

Look for the DWORD value named EnableVirtualizationBasedSecurity.

Double-click on it and set its value to 0.

Restart your computer.

2. Group Policy Editor:

Press Windows + R, type gpedit.msc, and press Enter.

Navigate to Computer Configuration > Administrative Templates > System > Device Guard.

Double-click on Turn on Virtualization Based Security.

Set it to Disabled and click Apply.

Restart your computer.

3. Windows Features:

Press Windows + R, type optionalfeatures, and press Enter.

Uncheck Hyper-V and Windows Hypervisor Platform.

Click OK and restart your computer.

4. BIOS Settings:

Since you've already made BIOS changes, ensure that SVM (Secure Virtual Machine) is disabled.

Reboot your computer and check if VBS is still enabled in msinfo32

Best regards

Yanhong

=====================================

If the answer is helpful, please click "Accept answer" and upvote it