![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 3%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E6%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Other
Additional Microsoft Defender tools and services that provide security across various platforms and environments
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
AFAIK, on newer Surface devices running Windows 11 with modern Intel virtualization security features, the issue is often not Hyper-V itself, but Microsoft’s underlying hypervisor platform still being active even after Hyper-V, VBS, and Memory Integrity are disabled. VMware Workstation detects this and either falls back to WHP mode or loses direct VT-x/VT-d access required for nested virtualization workloads like EVE-NG.
First verify whether the Microsoft hypervisor is still loading at boot. Run msinfo32 and look near the bottom. If you see “A hypervisor has been detected,” then VMware does not have direct hardware access regardless of Hyper-V feature state. In that case, the usual GUI toggles are insufficient.
You need to disable every Windows virtualization component, not just Hyper-V. In “Turn Windows features on or off,” disable Hyper-V, Virtual Machine Platform, Windows Hypervisor Platform, Windows Sandbox, WSL, Containers, Microsoft Defender Application Guard, and anything related to virtualization. Then reboot.
After that, run these commands from an elevated command prompt:
bcdedit /set hypervisorlaunchtype off
bcdedit /set vsmlaunchtype off
Then reboot again. Sometimes vsmlaunchtype is the missing piece on modern secured-core devices.
On Surface devices, Secure Boot and Microsoft Pluton security integration can also interfere indirectly with low-level hypervisor access. Enter UEFI firmware settings and ensure Intel Virtualization Technology is enabled. Some Surface models expose VT-d separately while others do not. If virtualization is enabled but VMware still reports VT-x unavailable, the Microsoft hypervisor is almost certainly still loading.
Another common issue on Windows 11 24H2 and newer builds is Core Isolation re-enabling itself after updates or after Windows Security remediation. Even if the GUI shows Memory Integrity off, check these registry locations:
HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
If Device Guard policies remain active, Windows can still start the hypervisor silently. Corporate management policies can also force this behavior.
VMware Workstation 17 technically supports coexistence with Hyper-V through the Windows Hypervisor Platform backend, but EVE-NG nested virtualization performance is usually poor or unreliable in that mode. EVE-NG especially wants direct VT-x/EPT access because nested QEMU appliances are sensitive to virtualization overhead.
There is also a limitation specific to some Surface Pro 11 variants: certain configurations use Microsoft’s secured-core defaults very aggressively, and firmware options are intentionally limited compared to traditional laptops. On some systems, complete deactivation of the Microsoft hypervisor stack might not be possible without a clean Windows installation using a local image and minimal security features enabled afterward.
You should also verify whether VMware is complaining about VT-d versus VT-x. VT-d is IOMMU/device passthrough virtualization, while EVE-NG mainly depends on VT-x/EPT nested virtualization. VMware error wording is sometimes misleading. If the error mentions “Device/Credential Guard,” then the problem is definitely the Microsoft hypervisor layer still being active.
Finally, note that Surface devices are also not ideal platforms for heavy nested virtualization labs. Even when VMware works, EVE-NG on a Surface Pro often runs hotter and throttles faster than on a traditional workstation-class laptop because the thermal envelope is constrained.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin