Thank you for your reply.
Let me first explain to you that testing VBS in a virtual machine is indeed a wise practice as it helps users to understand and experience the effect of the configuration first. However, there are some key differences between a virtual machine environment and a physical machine that result in VBS that may not be fully functional.
Because virtual machines lack access to physical hardware, so when it comes to security features such as Secure Boot, DMA protection, and hardware encryption. Virtualized environments can only emulate a portion of the hardware functionality, so features like System Guard and Secure Launch may not be fully functional in a virtual machine.
Here are the answers to your questions.
- Should I apply it on my physical computer?
Yes, if you make sure the hardware supports it. On a physical machine, VBS can take advantage of hardware features such as Secure Boot and DMA protection provided by the BIOS or UEFI to ensure a higher level of security. So enabling VBS results in a more comprehensive and reliable configuration that enhances system integrity and provides advanced defenses against kernel-level malware.
And practically speaking, assuming that your physical machine has high hardware performance, the load on the system after enabling VBS is relatively low and will not affect daily use too much.
It should be noted, however, that some applications and drivers may not be fully compatible with VBS. It is wise to investigate known compatibility issues with specific applications or drivers.
- In the VM system guard doesn't work, does it relate to the fact it's a VM?
System guard relies on specific hardware features, such as secure boot and certain memory protections, that a virtual machine typically cannot fully emulate. Some VBS features, such as safe boot or system guards, cannot be fully enabled because the VM does not have direct access to the underlying physical hardware. This is the reason why system protectors do not work in virtual machines, which is normal behavior in virtualized environments.
- when I tried disabling vbs even with group policy disabled in defender it said managed by administrator - is this ok?
If you see “Managed by Administrator” when trying to disable VBS via Group Policy or Defender, this could mean that a higher level policy is managing these settings. This can sometimes happen if an organization's policy (via AD Domain Control or Group Policy) is enforcing security settings, or if certain security settings are applied at the BIOS level.
This is considered normal.
- Also does enabling vbs impact the use of bitlocker or fingerprint sensor (windows hello)?
Enabling VBS usually complements BitLocker. In fact, VBS adds additional protection for encryption keys in memory, thus strengthening the security of BitLocker without affecting its core functionality.
The fingerprint sensor should work fine, but in some cases you may experience a slight delay in the authentication process.Windows Hello is designed to be compatible with VBS, but if you experience a specific problem, it may be a hardware compatibility issue.
However, there have been known issues in some recent releases related to the fingerprint sensor, which may sometimes be affected by the version resulting in a situation where it does not work properly.
Overall, make sure that your device hardware supports VBS-related features and that you back up your important data.
Turn it on according to your actual situation.
I personally recommend making sure you backup all important data or create a restore point before enabling it to avoid possible compatibility issues or other problems that we can quickly restore the system.
As a Support Specialist, I understand the expectations of the users and the concerns behind every issue. It is my honor to help you and I hope that my efforts will be helpful to you.
If you find my support helpful in some way, I kindly ask you to log in to the account where you posted the topic and select “Yes” under the post that offers a solution or “Mark as answer” my reply via “Advanced Tools”. This small gesture will not only provide better access to information for other users who have the same problem as you, but will also allow us to work together to build a more friendly and supportive community.
Thank you for your understanding and cooperation! We look forward to your feedback.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
