VMware Workstation

 View Only
Back to discussions
Expand all | Collapse all

Windows 11 24h2 hsot - how to disable Virtual Based Security

  • 1.  Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Nov 14, 2024 09:33 AM

    Trying to switch from a Windows 2025 host to Windows 11 24h2 host.   AMD 8840U hardware.    Done registery changes.   Done Security Core setting change.   Done BCDEDIT changes.    Done GPO changes on Devguard.    Best case was to disable SVM in BIOS.   And that only turned out to be VBS enabled but not running.    What can I do to DISABLE VBS in Windows 11 24h2?



  • 2.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 04, 2024 04:55 PM

    Download this Powershell script and run as admin with the -disable option
    Download Device Guard and Credential Guard hardware readiness tool from Official Microsoft Download Center


    Original Message


  • 3.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jun 07, 2025 05:02 AM

    Muchas gracias, esto funciono para mi en Win 11 Pro 


    Original Message


  • 4.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Nov 20, 2025 02:29 AM

    Only solution that worked for me, really appreciated! :) .

    -------------------------------------------

    Original Message


  • 5.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 12, 2024 05:00 PM

    Hi guys, do it with me:

    1/ Disable Credential Guard with Registry settings
           Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
           Key name: LsaCfgFlags
           Type: REG_DWORD
           Value: 0


           Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
           Key name: LsaCfgFlags
           Type: REG_DWORD
           Value: 0

    2/ Disable Credential Guard with UEFI lock, run Windows Command Prompt as administrator
           mountvol X: /s
           copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
           bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
           bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
           mountvol X: /d

    3/ Disable VBS with Registry settings, Delete the following registry keys:
           Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
           Key name: EnableVirtualizationBasedSecurity

           Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
           Key name: RequirePlatformSecurityFeatures

    4/ Run Windows Command Prompt as administrator
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
           bcdedit /set vsmlaunchtype off

    5/ Open Group policies editor 

    Computer Configuration -> Admininistrative Templates -> System -> Device Guard -> select "Turn ON Virtualization Base Security "  and choose "Disable" option.

    6/ Turn off all options in Core isolation of windows 11 24h2
    Windows start -> core isolation -> Turn off all options

    7/ Windows Start -> In Feature windows 11, uncheck: Hyper-V, Virtual machine plafrorm, Windows subsystem for Linux

    8/ Restart PC
    Restart the device. Before the OS boots, a prompt appears notifying that UEFI was modified, and asking for confirmation. (Press F3 and press enter to continue).


    Original Message


  • 6.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 13, 2024 08:07 AM

    Hi Danh,

    You are really an angel; it works for me and Eve-ng is working perfectly.


    Original Message


  • 7.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Aug 19, 2025 12:27 PM

    how to make the change persistent?

    -------------------------------------------

    Original Message


  • 8.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 13, 2024 10:09 AM

    Excellent post.   Item 4 of particular interest.   Windows 11 24h2 boot partition does a check and enables VBS at boot time.    But the GUID in item 4 disables that.  If that does not happen for you, you can go the long route and use dgreadiness 1st, and then issue commands to alter the boot record.


    Original Message


  • 9.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jan 01, 2025 11:04 PM

    Sadly, none of this worked for me.  No matter what I try, Virtualization-based security refuses to disable.  Workstation in turn won't run certain VMs, and some others run rather poorly.  I'm running 24H2 on an HP Elitebook G9


    Original Message


  • 10.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jan 07, 2025 09:04 AM

    Hi,

    Disabling "Secure Boot" in my BIOS was necessary in my case (HP ZBook computer). Otherwise VBS was still running (loadoptions did'nt disable it)


    Original Message


  • 11.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Feb 01, 2025 10:21 AM

    Thank you so much, Only your post was able to help from all over the Internet


    Original Message


  • 12.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Feb 24, 2025 12:40 PM

    Thanks Danh, you're a life saver.


    Original Message


  • 13.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Mar 06, 2025 03:28 PM 
    Danh Nguyen thanks for your help. My laptop has an amd processor but the problem was that when I rebooted  my laptop, the Virtual Based Security was enabled again. The solution was to disable HV Host Service:

    

    Step 1: right-click "This PC", click "Manage", jump to the interface of "Computer Management" - "Service and Applications" - "Services", find "HV Host Service"
    




    




    Step 2: double click "HV Host Service", change the Startup type into "Manual" or "Disable", then click "OK".

    Original Message


  • 14.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jun 13, 2025 08:55 AM

    With a Secure Core computer running Pro or Enterprise versions of Windows - this only lasts to the next reboot.

    -Stickybit


    Original Message


  • 15.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Aug 01, 2025 09:44 AM
    Edited by Sunil Kumar J Aug 01, 2025 11:12 AM

    Define this script to execute in task scheduler to execute at startup will disable this virtualization security permanently.

    EX: 
    post download dgreadiness_v3.6 extract it and schedule it via task scheduler and select to execute at start up

    C:\Users\sunil\Downloads\dgreadiness_v3.6\dgreadiness_v3.6\DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot

    -------------------------------------------

    Original Message


  • 16.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jul 14, 2025 03:41 PM

    Post #4 worked for me, thank you Danh!

    I skipped step 1 because the first key path had a slightly different key name: "LsaCfgFlagsDefault", and the second key path Key Name was not there.

    1/ Disable Credential Guard with Registry settings
           Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
           Key name: LsaCfgFlags       << different name
           Type: REG_DWORD
           Value: 0


           Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
           Key name: LsaCfgFlags    << not present
           Type: REG_DWORD
           Value: 0

    Note I am using an HP Z book so I also disabled secure boot in the BIOS.  (restart PC, press ESC until menu comes up, go to advanced, boot options)


    Original Message


  • 17.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 15 days ago

    I did the same configuration but it didnt work on the lenovo X1 carbon but it works on a Lenovo Legion, I'm think its the 12th gen intel processor thats causing the issue

    -------------------------------------------

    Original Message


  • 18.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 15 days ago

    Not that it matters, but I don't think this is Intel's fault.

    The problem is with Windows 11 or functionally bad/sub-standard BIOS - this is what I would guess.

    It can always be about BIOS Setup that has been done, or hasn't been done - which isn't a real problem, perhaps only because of bad default settings of BIOS.


    Original Message


  • 19.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 15 days ago

    @Jason Dumlao Do you have the same release (24H2, 25H2 etc.) and version (Home, Pro etc.) on the two notebooks? There's another guide here you can try: https://community.broadcom.com/vmware-cloud-foundation/discussion/how-to-disable-hyper-v-in-windows-11-24h2

    -------------------------------------------

    Original Message


  • 20.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jul 28, 2025 02:11 PM

    Your instructions were the only helpful settings that really helped me after I tried infinite tutorials, videos and so on. I'm very thankful. 😎


    Original Message


  • 21.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jul 31, 2025 05:35 PM

    You sir, are a time saver! Cisco CML VM now boots in VMWare Workstation with no issues!

    Thank you! 

    -------------------------------------------

    Original Message


  • 22.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Aug 01, 2025 09:45 AM

    i do not know who you are or where you are . all i can say is that you are simply a genius . i have done a 4 days research online to go round this watch several YouTube videos . none of them proof to be successful . but your approach is technical and on point . 

    Thank you soo much !! i almost throw away my PC 

    -------------------------------------------

    Original Message


  • 23.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Aug 01, 2025 11:09 AM
    Thanks good to hear that issue resolved.

    Thanks and Regards
    Sunilkumar J


    Original Message


  • 24.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 07, 2025 05:23 PM

    Danh Nguyen You are the MAN! Thank you so much for your help with above steps to disable virtualization based security. I spent 2 weeks and ready and followed so many links with no success. Thank you , thank you , thank you. 

    -------------------------------------------

    Original Message


  • 25.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 22, 2025 10:07 AM

    OMG THANK YOU, YOU ARE A LIFESAVER!

    -------------------------------------------

    Original Message


  • 26.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Nov 30, 2025 10:45 AM

    Hi There,

    Can someone clarify what  X stands for in this  "mountvol X: /s" I am not able to create this.

    2/ Disable Credential Guard with UEFI lock, run Windows Command Prompt as administrator
           mountvol X: /s
           copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
           bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
           bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
           mountvol X: /d

    -------------------------------------------

    Original Message


  • 27.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Nov 30, 2025 10:57 AM

    I'm not an expert on this but...

    ... it seems that drive X: is used for something Disabling.

    Since it is SET afterwards, I supposed it can be any other drive.

    Now that you cannot use it, you must be using X: yourself ... for some X-files, or something. So, use another drive that is not in use in your system and SET something else later on in your clip ... and mount that another drive.

    -------------------------------------------

    Original Message


  • 28.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 15 days ago

    I'm using 23H2 on both Lenovo Legion and Lenovo X1 carbon, I did the same configs and I was able to make nested virtualization work on the Legion but not in the X1 carbon. Both devices virtualization option is turn on in the bios

    -------------------------------------------

    Original Message


  • 29.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 14 days ago

    Do they have the same BIOS? Are their BIOS versions that same?

    There are other things in BIOS than just the Virtualization support - like Secure Boot. 

    If they are the same, start with Factory Settings Reset and see what happens in each of them.

    I don't know exactly what you need to search for, but those things I would check against the instructions that you have read. On two machines which apparently have the same Windows OS never have the same Windows OS (in inner details) - not that you can easily do anything about it.


    Original Message


  • 30.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jan 07, 2025 04:08 PM

    Someone on the Windows 11 board posted this to disable VBS.   Have not tried it yet.   If it does work it is simple solution but do not know if there are any side effects.

    In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello    DWORD parameter "Enabled" to 0
    Resstart PC.    VBS should be turned off.
     


    Original Message


  • 31.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted May 26, 2025 10:23 AM
    Edited by byd2k May 26, 2025 10:24 AM

    Thanks!  This worked for me.  I just lost about 5 hours of my life on this.  

    Here's the summary for others...  

    Windows 11 is enabled to install the latest updates automatically. For my PC, this must have happened sometime in early May 2025.
    Running Workstation version pre-Broadcom 17.x
    Upgrade Workstation to the latest version (think I was a few numbers below the second octet)- did not help
    Ran the above items that I found elsewhere on the net (mostly for Win 10) - did not help
    Ran system restore, did not help - Maybe it would have if I had restore back to a pre May 2025 time period.
    Finally ran "In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello    DWORD parameter "Enabled" to 0"  - It worked!

    I'm not sure if this, in combination with all of the previous items, was required to resolve.  

    Broadcom - Please create an executable for this!  Thank you all for your posts above to resolve this issue.  


    Original Message


  • 32.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted May 29, 2025 05:26 PM

    Thank you byd2k, this single WindowsHello thing worked for me after a lot of time wasted. I would have never guessed it. Also, it might after rebooting I got a semi-scary log in experience because "something was wrong with my pin". This might happen if you use windows hello. Just login with your password, and I managed by disabling my pin entirely. 


    Original Message


  • 33.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jul 04, 2025 05:18 AM

    Did you perhaps create the key yourself?
    Sadly I couldn't find it in regedit so I created it myself and it didn't work.
    VBS is still running.


    Original Message


  • 34.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jul 19, 2025 10:14 AM

    Greetings to all. I've been trying several itineraries and have managed to figure it out. Some things aren't necessary, and others are important. Here's what I did, with some links for reference.

    I started by turning off BitLocker on the C: drive and changing the boot, disabling Secure Boot, restarting after this.


    Open "Turn Windows features on or off":

    • Container Server : disable
    • Containers : disable
    • Hyper-V : disable
    • Virtual Machine Platform : disable
    • Windows Hypervisor Platform : disable
    • Windows Sandbox : disable
    • Windows Subsystem for Linux : disable


    Using bcdedit tool:

    It has a Boot Manager bootstrap block and a Boot Loader block for loading Windows 11.

    Help
      https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/adding-boot-entries

    • Record the previous state
      bcdedit /v > bcdedit_antes_alter.txt
      bcdedit /export "bcdedit_export.bcd"
    • View current status
      bcdedit /enum
    • Copy the Boot Loader block to a new block, as a backup
      bcdedit /copy {current} /d "Windows 11 original"
    • Remove (if present) the isolated context from the Boot Manager
      bcdedit /deletevalue {bootmgr} isolatedcontext
    • Adjust the original Boot Loader entry
      bcdedit /set {default} isolatedcontext No
      bcdedit /set {default} vsmlaunchtype off
    • I didn't need to do this
      bcdedit /set {default} loadoptions DISABLE-LSA-ISO, DISABLE-VBS

    Once everything is working, we can delete the second entry and keep the original one that was changed

    If Windows stops booting with the above changes,

    See
        https://www.tenforums.com/tutorials/163900-backup-restore-boot-configuration-data-bcd-store-windows.html
    and
        https://www.digitalcitizen.life/command-prompt-fix-issues-your-boot-records/
    and
         https://woshub.com/how-to-rebuild-bcd-file-in-windows-10/

    Virtualization Based Security in group policies

    (gpedit.msc, at Computer Configuration -> Administrative Templates -> System -> Device Guard, "Turn On Virtualization Based Security")

    I didn't change it, leaving the default "Not configured." 

    regedit

    -Em Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
     LsaCfgFlags              Delete
     LsaCfgFlagsDefault  Keep, value 0

    -Em Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
     EnableVirtualizationBasedSecurity        Delete
     RequirePlatformSecurityFeatures          Delete
     HyperVVirtualizationBasedSecurityOptOut  Delete
     WasEnabledBy                             Delete

    -At each "key" (folder)
     Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\<name>\
     Enabled : if exists and is not zero, change to 0 
     (HypervisorEnforcedCodeIntegrity, WindowsHello, etc)

    In Services

    The "HV Host Service" service had a Startup Type of Manual.
    There was no need to change its configuration. It is only activated when Virtual Secure Mode (VSM) / Virtual-based Security (VBS) is enabled. If it is successfully disabled, the service's status remains blank (not running).

    In Windows settings:

    Menu -> Settings -> Privacy & Security -> Windows Security -> Device Security ->
    Core Isolation

    • Memory Integrity, needs to be set to "Off"
    • Kernel-mode Hardware-enforced Stack Protection was off and locked
      (it also requires Memory Integrity to be enabled)
    • Local Security Authority protection, can be set to "on" (no conflict)
    • Microsoft Vulnerable Driver Blocklist, can be set to "on"

    Reboot, choose the old boot entry

    To check that Virtualization-based security has been turned off:

        System Information

    • Open the System Information app
    • Select System Summary in the left pane
    • In the list on the right, see the "Virtualization-based security" value;
      it cannot be "Running."

        And on the VM logs, after starting a VM:

    • Open C:\<VM path>\<VM name>\vmware.log
    • Look for a line like 2025-(...) vmx Monitor Mode
    • It should indicate Monitor Mode: CPL0 (Current Privilege Level 0)


    Original Message


  • 35.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Aug 24, 2025 04:01 AM

    I have tried many methods. I previously used Windows 11, and I found it very difficult to disable virtualization-based security. Although I succeeded at the time, I eventually switched to Windows 10. Recently, for some reason, virtualization-based security in Windows 10 has been enabled again. I tried the methods that worked before, but they no longer worked. However, I discovered a solution by searching for the "雷电模拟器" Android emulator on Google, downloading and installing it. When you run it, it will prompt you that virtualization-based security is not disabled. You can fix this with a one-click solution, and a restart will also be effective.

    -------------------------------------------

    Original Message


  • 36.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 07, 2025 07:48 PM

    Keep in mind that jumping through all these changes may not be necessary.   Some are.  Some not.   It all depends on your hardware.   The dirty on the ditty is that Micrsosoft  will determine to what extent changes are necessary based on your hardware.   And that will determine the changes needed to  allow for nested virtualization.   And if you are running Windows 11 those changes will be greater as there are many 3rd party agreements.

    My take is Windows 11 24h2 makes a POOR host as Microsoft is trying among other things to reduce support calls by locking things down.

       

    -------------------------------------------

    Original Message


  • 37.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 08, 2025 08:39 AM

    That is a good observation by kasper. You may get the wrong impression, by reading these threads, what is really needed for VMware Workstation to work.

    You ONLY need this lengthy disabling process if you do Nested virtualization. With normal VMs, there is no benefit, no need. At least nobody has any test results that those things have any effect.

    However, Win 11 24H2 (or whatever, I think), IS very slow. It is slow as a Host but particularly slow as a VM. For instance Windows Server 2022 is much faster as a VM. I HAVE tested this and results are available at this Forum.

    Of course, Linux Host and VM combination is VERY fast compared to Win 11 in every respect. For performance and security, you should always use Linux, if possible. At least Linux Host is always possible. Installation on Linux has its own challenges, because the software vendor doesn't care to give instructions. There are Linux experts with instructions, though.


    Having said that about Windows, I have used virtualization on Windows 10 Pro for quite some time and have had zero problems with VMware (17.5.2 or earlier). VMs have been both demanding and sometimes a bit complicated "VM farms". Of course Windows 11 is not that good, but you should be happy. Of course the current Windows version is worse than the previous one, but it is better than the next version. So, you should be happy what you have got. (sarcasm alert)


    Original Message


  • 38.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 14, 2025 11:52 AM

    So what is a long term solution for this issue.
    following links seem to be the source of Danh's solution 
    https://learn.microsoft.com/en-us/troubleshoot/windows-client/application-management/virtualization-apps-not-work-with-hyper-v
    https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/configure?tabs=reg

    But if they are not permanent and they potentially break security of the system then it might not be worth it.

    Is this the reason why Broadcom made WS-Pro free :-) 
    timing is so perfect

    This will force people to use Hyper-V instead of VirtualBox or VMWare since Hyper-V support is seamless.


    -------------------------------------------

    Original Message


  • 39.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 14, 2025 01:19 PM

    Naan:
    A long term situation, eh ? The same as with applied systems, mobile systems, high-end servers and supercomputers - stop using Windows - that has happened already 10+ years ago.

    Use Linux - build a separate workstation/laptop for virtualization. Works much better than on some low-end, corporate laptop where you cannot control anything, which is very bad in sophisticated technical use.

    If you think that this is expensive - no, it is not, hardware is relatively cheap nowadays. If you think it is burdensome - no, it is not, the installation of a major Linux system is NOT like the hullabaloo of getting Windows to run - Linux only takes 1-2 hours (depending on your Internet speed) with EVERYTHING installed. If you think it is more to learn - it is already just about the time to learn Linux if you are in IT business.

    On the other hand, this is only necessary if you use Nested Virtualization - you didn't say that you need that. If not, there is nothing extra to do with Windows so-called security.


    Original Message


  • 40.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 14, 2025 03:35 PM

    lol. One can wish though.. :-)

    I have no need for nested virtualization. Since I have a need for windows VMs and am not comfortable running VMWare over WHP for performance reasons, I was looking for a way to install WS-17.

    Not sure why you say nothing is needed for windows security, On my laptop while installing WS-17, I get the following dialog box:

    And was wondering how to turn off Hyper-V role as it suggests, Broadcom could have provided some steps (it could vary of course depending upon system configuration).

    So I guess the question is for someone who doesn't need nested virtualization, what is the best way to proceed installing VMWare without using WHP.
    i might as well use Hyper-V and convert my WS VMs to Hyper-V to not have a drop in performance.

    -------------------------------------------

    Original Message


  • 41.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 15, 2025 04:17 AM

    I don't know what performance issue RaSystemLord talks about (he did some test Linux vs Windows host, but on different hardware for the two platforms, so in my book invalid), I use VMWare on Windows 11 with VBS enabled, and see no problems. The window says that you need to install WHP for VMWare to work properly, because VBS is active, which uses the Hyper-V hypervisor layer, thus Hyper-V is active, even though the Hyper-V Windows feature is not installed and you can't create Hyper-V VMs. Hyper-V is inferior to both VMWare and VirtualBox. When I realized VBS prevents nested virtualization I installed Hyper-V to see whether that allows it, but it does not and has less features than VMWare or VirtualBox. VMWare VM performance is affected by side channel mitigation, about which VMWare warns you when you power on a VM which does not have that disabled (disabled, because in a Hyper-V environment it's not necessary to have it on in VMWare). So check the checkbox, install VMWare and use it.  Since you have a recent notebook there will be no problem with performance, unless you run CPU intensive tasks in the VM where every clock cycle matters.

    -------------------------------------------

    Original Message


  • 42.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 15, 2025 09:43 AM

    Morc001:
    I didn't say there is a performance issue, just how it is.

    I did NOT ONLY compare different hardware, but I ran it on SEVERAL hardware platforms and compared within the same hardware. I had - for instance on the workstation - Win 11 boot and Kubuntu boot.

    I DID indeed compare different hardware - given that their Host performance was the same - but VM performance was NOT the same. 

    Comparing is a VERY burdensome thing, if you compare everything. However, running basically the same thing with the same software: IF in Windows 11 it takes 3.5 times the time than on Linux, I would say that we have a difference there.

    For some reason, my previous post has not been appearing here when I write this: about file creation taking a LONG time at first and script interrupting in the middle of the run, constantly, those ARE ISSUES with Win 11 Pro, and not corrected within the last months, but they are NOT VMware related.

    As for running VMware on Win 11, just like Morc001 says, is not an issue using the normal Win 11 Pro defaults. Basically, the answer by Morc001 should be a sticky post so that people don't get confused when using VMware.


    Original Message


  • 43.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 15, 2025 09:43 AM

    Naan:

    As a more direct answer to your question. I'm running the same VMware, with Intel Core Ultra 9, a new Asus ROG Strix Scar machine. Windows 11 Pro 24H2 + updates to this date.

    If I remember correctly, I did check the box, because it asks to do that. VMware works just alright. It is slow in certain cases, especially as a VM with loads of software installed but doing nothing, but that is Win 11 Pro for you.

    So, I have done nothing for VBS or Hyper-V and VMware works. These Forum threads are sometimes confusing, because the standard case - I believe it is no Nested virtualization - is not mentioned when asking and answering about VBS thingies.

    To make it clearer: I'm running as VMs several Win 11's, several WIN S 2022's, Kubuntu versions and perhaps I have tried Kali or those others which I have on the disk from Win 10 times. I don't think it matters what I have run, but just as a clarification.

    Win 11 Pro does have some problems, but those have nothing to do with VMware (like the first creation of a file taking ages, script running robocopy interrupts after some time - very irritating bugs). None of those existed with Win 10 and should never exist in an OS. But I should be happy now - probably Win 12 is even worse, so it is OK for now. (sarcasm alert)

    I was sponsoring Linux in the above, but still, I'm running Windows. The reasons are some business applications that I need to run - those were originally creating in 90s and Linux was not something that american software companies understood. Also Teams is actually very good and cannot be substituted easily. Later, some progressive European companies, create business applications which work in Windows, Linux and Apple, just the same.


    Original Message


  • 44.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 15, 2025 01:09 PM

    FWIW, I'm running Win11 25H2 as a guest on VMware Workstation 17.6.4 on a host running Linux 6.16 and I'm not seeing performance issues.  Functionality gripes, yes -- probably related to VMware WS being a legacy gtk3 app on the perpetually unfinished Wayland.  But performance is fine.  In fact it outperforms KVM/QEMU in most tests I've tried.  This wasn't the case two years ago but something has changed and no amount of libvirt knob-twiddling restored KVM outperformance.

    What benchmarks might I run in this guest that would demonstrate low performance?

    -------------------------------------------

    Original Message


  • 45.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 02:38 AM

    Windows 11 25H2 is only available as preview - and the issue only exists when running Windows 11 24H2 as host OS. So .. not relevant at all. :-)

    -------------------------------------------

    Original Message


  • 46.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 09:36 AM

    About performance:

    As mentioned before, with a real application Linux/Linux turned out to be 3.5 faster than Win11 Pro/Win11 Pro. That is a real result. Win 11 Pro itself wasn't that much slower than Kubuntu 22.04, but in VM is was. Win 2022 Server Development, was much faster as a VM.

    To measure performance in exact terms, as such is not possible, because it is dependent on where do you need the performance. Benchmarks are always subject to what you are measuring. However, there is one thing that always affects everything, that is CPU performance. I mean, for certain things less, for certain things more.

    My test was with Handbrake, a video conversion tool. There the CPU means sometimes a lot, because run times vary from 15 minutes to 2 hours, depending on CPU and what you are doing. With more jobs in the row, you can multiply those times. Handbrake uses all the cores and threads that it can find - perhaps leaving something to OS, too.

    Handbrake is available for Linux and Windows. There is no guarantee that the implementation is equal, but the test as such is for real, because I personally use that tool.

    As for ISSUES with Win 11 Pro VM and using a complicated database based, OpenGL, software - I don't see any issues. It does what it does. It is not really better than Win 10 ROG Strix with entry level RTX graphics adapter and Ryzen 9 (dating back to 3.5 years). I mean Win 11 ROG Strix Scar with Intel Core Ultra 9 275 HX, is no better. That is NOT a good achievement as such, but it is not an *issue* in usage.

    I also found out that a Win 11 Pro computer, with complicated software (with lots of entries in registry) and SQL Server 2022 Enterprise doing nothing - is very slow. We are back to XP performance when installing lots of software makes the Windows slow or very slow.

    Given all those variables, it is not possible to reliably measure the performance of Win 11, so that it would directly reflect to a specific user case - except in a very simple isolated case. With Linux (Kubuntu), you CAN measure the performance because it is not a flaky OS.


    Original Message


  • 47.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 01:39 PM

    Oh, we're discussing Windows on Windows?  Hyper-V, full stop.  The premier desktop virtualization platform for Windows is Windows.

    I don't love Hyper-V but it is what it is...

    -------------------------------------------

    Original Message


  • 48.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 02:32 PM

    Richard:
    "Oh, we're discussing Windows on Windows?  Hyper-V, full stop.  The premier desktop virtualization platform for Windows is Windows.

    I don't love Hyper-V but it is what it is..."

    Based on some other threads, I understand what you mean. However, I would like to have some concrete evidence that this is so. Like running Handbrake as a comparison.

    As for full stop. Nothing could be farther away from truth.

    The Premier Virtualization for Windows is VMware Horizon and Citrix - has been for a very long time. Workstation-class virtualization is just peanuts in comparison. Those systems run on Linux or their modified versions of some *UX.

    If we think about Windows as being a workstation-class platform for virtualization compared to Linux, Windows is a flaky platform, unsecure, difficult to maintain and according to my measurements, tends to get slower in time. Windows is like an old car - gets worse when you use it. So, with Hyper-V running on Windows 11 - not a very good platform for anything serious. For a corporate PC running Word, some trivial Excel and for Teams - it is almost alright - except uncontrolled updates may be show-stopper at times if you are not very good with computers. Did I say it is a flaky OS?


    Original Message


  • 49.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 09:36 AM

    RaSystemlord - Did you install WHP for WS-Pro to work as asked in the dialog box I posted earlier?

    Have a few VMs and a VM that is a Gateway VM connecting to internet via VPN, Other VM clients connect via Gateway VM. Issue is when WS works over WHP, it is breaking VPN intermittently.

    Seriously thinking of working with Hyper-V, Just will need to convert VMWare VMs to Hyper-V. Seems Broadcom doesn't care and hence it seems that it might be a very long wait, if at all, before a proper fix comes out. 

    -------------------------------------------

    Original Message


  • 50.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 01:39 PM
    Naan:

    About WHP - I guess you talk about checking the dialogue box during
    install. I think I did check that. There was also an answer by Moorc001
    saying that you should check that.

    I don't have VPN on my Win 11 VMs, but I have NAT. Also, I have 24H2 and
    17.5.2 VMware with Win 11 Pro - not the same as you have.

    On the other hand, I have VPN on my Kubuntu VMs (22.04 and 24.04). Those
    VMs are in NAT. VPN works just fine, Express VPN.

    I cannot speculate why you have the problem with VPN - it is beyond my
    expertise.


    On Tue, Sep 16, 2025 at 4:35 PM Naan Kaufman via Broadcom <mail@broadcom.com>
    wrote:

    > RaSystemlord - Did you install WHP for WS-Pro to work as asked in the
    > dialog box I posted earlier? Have a few VMs and a VM that is a Gateway
    > VM... -posted to the "VMware Workstation" community
    > [image: Broadcom] <https: community.broadcom.com>
    > VMware Workstation
    > <https: community.broadcom.com vmware-cloud-foundation communities community-home digestviewer?communitykey=fb707ac3-9412-4fad-b7af-018f5da56d9f>
    > Post New Message <broadcom-vmwareworkstation@connectedcommunity.org>
    > Re: Windows 11 24h2 hsot - how to disable Virtual Based Security
    > <https: community.broadcom.com vmware-cloud-foundation discussion windows-11-24h2-hsot-how-to-disable-virtual-based-security#bmf037e27b-c794-40be-a928-01994fe4d9f1>
    > Reply to Group
    > <broadcom_vmwareworkstation_f037e27b-c794-40be-a928-01994fe4d9f1@connectedcommunity.org?subject=re:+windows+11+24h2+hsot+-+how+to+disable+virtual+based+security> Reply
    > to Sender
    > <https: community.broadcom.com vmware-cloud-foundation communities all-discussions postreply?messagekey=f037e27b-c794-40be-a928-01994fe4d9f1&ListKey=1b0a16ce-2127-4fae-a840-018f5da56726&SenderKey=5a717e41-ccb5-496c-871e-0195da45dced>
    > [image: Naan Kaufman]
    > <https: community.broadcom.com network members profile?userkey=5a717e41-ccb5-496c-871e-0195da45dced>
    > Sep 16, 2025 9:36 AM
    > Naan Kaufman
    > <https: community.broadcom.com network members profile?userkey=5a717e41-ccb5-496c-871e-0195da45dced>
    >
    > RaSystemlord
    > <https: community.broadcom.com vmware-cloud-foundation network members profile?userkey=f0b68461-99c9-42dd-b21f-b2d0005c73c8>
    > - Did you install WHP for WS-Pro to work as asked in the dialog box I
    > posted earlier?
    >
    > Have a few VMs and a VM that is a Gateway VM connecting to internet via
    > VPN, Other VM clients connect via Gateway VM. Issue is when WS works over
    > WHP, it is breaking VPN intermittently.
    >
    > Seriously thinking of working with Hyper-V, Just will need to convert
    > VMWare VMs to Hyper-V. Seems Broadcom doesn't care and hence it seems that
    > it might be a very long wait, if at all, before a proper fix comes out.
    >
    > -------------------------------------------
    > *Reply to Group Online
    > <https: community.broadcom.com vmware-cloud-foundation communities all-discussions postreply?messagekey=f037e27b-c794-40be-a928-01994fe4d9f1&ListKey=1b0a16ce-2127-4fae-a840-018f5da56726>*
    > *Reply to Group via Email
    > <broadcom_vmwareworkstation_f037e27b-c794-40be-a928-01994fe4d9f1@connectedcommunity.org?subject=re:+windows+11+24h2+hsot+-+how+to+disable+virtual+based+security>*
    > *View Thread
    > <https: community.broadcom.com vmware-cloud-foundation discussion windows-11-24h2-hsot-how-to-disable-virtual-based-security#bmf037e27b-c794-40be-a928-01994fe4d9f1>*
    > *Recommend
    > <https: community.broadcom.com:443 vmware-cloud-foundation discussion windows-11-24h2-hsot-how-to-disable-virtual-based-security?messagekey=f037e27b-c794-40be-a928-01994fe4d9f1&cmd=rate&cmdarg=add#bmf037e27b-c794-40be-a928-01994fe4d9f1>*
    > *Forward
    > <https: community.broadcom.com vmware-cloud-foundation communities all-discussions forwardmessages?messagekey=f037e27b-c794-40be-a928-01994fe4d9f1&ListKey=1b0a16ce-2127-4fae-a840-018f5da56726>*
    > *Flag as Inappropriate
    > <https: community.broadcom.com vmware-cloud-foundation discussion windows-11-24h2-hsot-how-to-disable-virtual-based-security?markappropriate=f037e27b-c794-40be-a928-01994fe4d9f1#bmf037e27b-c794-40be-a928-01994fe4d9f1>*
    >
    > -------------------------------------------
    > Original Message:
    > Sent: Sep 14, 2025 05:51 PM
    > From: RaSystemlord
    > Subject: Windows 11 24h2 hsot - how to disable Virtual Based Security
    >
    > Naan:
    >
    > As a more direct answer to your question. I'm running the same VMware,
    > with Intel Core Ultra 9, a new Asus ROG Strix Scar machine. Windows 11 Pro
    > 24H2 + updates to this date.
    >
    > If I remember correctly, I did check the box, because it asks to do that.
    > VMware works just alright. It is slow in certain cases, especially as a VM
    > with loads of software installed but doing nothing, but that is Win 11 Pro
    > for you.
    >
    > So, I have done nothing for VBS or Hyper-V and VMware works. These Forum
    > threads are sometimes confusing, because the standard case - I believe it
    > is no Nested virtualization - is not mentioned when asking and answering
    > about VBS thingies.
    >
    > To make it clearer: I'm running as VMs several Win 11's, several WIN S
    > 2022's, Kubuntu versions and perhaps I have tried Kali or those others
    > which I have on the disk from Win 10 times. I don't think it matters what I
    > have run, but just as a clarification.
    >
    > Win 11 Pro does have some problems, but those have nothing to do with
    > VMware (like the first creation of a file taking ages, script running
    > robocopy interrupts after some time - very irritating bugs). None of those
    > existed with Win 10 and should never exist in an OS. But I should be happy
    > now - probably Win 12 is even worse, so it is OK for now. (sarcasm alert)
    >
    > I was sponsoring Linux in the above, but still, I'm running Windows. The
    > reasons are some business applications that I need to run - those were
    > originally creating in 90s and Linux was not something that american
    > software companies understood. Also Teams is actually very good and cannot
    > be substituted easily. Later, some progressive European companies, create
    > business applications which work in Windows, Linux and Apple, just the same.
    >
    > Original Message:
    > Sent: Sep 14, 2025 02:50 PM
    > From: Naan Kaufman
    > Subject: Windows 11 24h2 hsot - how to disable Virtual Based Security
    >
    > lol. One can wish though.. :-)
    >
    > I have no need for nested virtualization. Since I have a need for windows
    > VMs and am not comfortable running VMWare over WHP for performance reasons,
    > I was looking for a way to install WS-17.
    >
    > Not sure why you say nothing is needed for windows security, On my laptop
    > while installing WS-17, I get the following dialog box:
    >
    > And was wondering how to turn off Hyper-V role as it suggests, Broadcom
    > could have provided some steps (it could vary of course depending upon
    > system configuration).
    >
    > So I guess the question is for someone who doesn't need nested
    > virtualization, what is the best way to proceed installing VMWare without
    > using WHP.
    > i might as well use Hyper-V and convert my WS VMs to Hyper-V to not have a
    > drop in performance.
    >
    >
    > Original Message:
    > Sent: Sep 14, 2025 12:22 PM
    > From: RaSystemlord
    > Subject: Windows 11 24h2 hsot - how to disable Virtual Based Security
    >
    > Naan:
    > A long term situation, eh ? The same as with applied systems, mobile
    > systems, high-end servers and supercomputers - stop using Windows - that
    > has happened already 10+ years ago.
    >
    > Use Linux - build a separate workstation/laptop for virtualization. Works
    > much better than on some low-end, corporate laptop where you cannot control
    > anything, which is very bad in sophisticated technical use.
    >
    > If you think that this is expensive - no, it is not, hardware is
    > relatively cheap nowadays. If you think it is burdensome - no, it is not,
    > the installation of a major Linux system is NOT like the hullabaloo of
    > getting Windows to run - Linux only takes 1-2 hours (depending on your
    > Internet speed) with EVERYTHING installed. If you think it is more to learn
    > - it is already just about the time to learn Linux if you are in IT
    > business.
    >
    > On the other hand, this is only necessary if you use Nested Virtualization
    > - you didn't say that you need that. If not, there is nothing extra to do
    > with Windows so-called security.
    >
    > Original Message:
    > Sent: Sep 14, 2025 09:24 AM
    > From: Naan Kaufman
    > Subject: Windows 11 24h2 hsot - how to disable Virtual Based Security
    >
    > So what is a long term solution for this issue.
    > following links seem to be the source of Danh's solution
    > learn.microsoft.com/en-us/troubleshoot/windows-client/...
    > <https: learn.microsoft.com en-us troubleshoot windows-client application-management virtualization-apps-not-work-with-hyper-v>
    > learn.microsoft.com/en-us/windows/security/...
    > <https: learn.microsoft.com en-us windows security identity-protection credential-guard configure?tabs=reg>
    >
    > But if they are not permanent and they potentially break security of the
    > system then it might not be worth it.
    >
    > Is this the reason why Broadcom made WS-Pro free :-)
    > timing is so perfect
    >
    > This will force people to use Hyper-V instead of VirtualBox or VMWare
    > since Hyper-V support is seamless.
    >
    >
    >
    > Original Message:
    > Sent: Sep 08, 2025 03:40 AM
    > From: RaSystemlord
    > Subject: Windows 11 24h2 hsot - how to disable Virtual Based Security
    >
    > That is a good observation by kasper. You may get the wrong impression, by
    > reading these threads, what is really needed for VMware Workstation to work.
    >
    > You ONLY need this lengthy disabling process if you do Nested
    > virtualization. With normal VMs, there is no benefit, no need. At least
    > nobody has any test results that those things have any effect.
    >
    > However, Win 11 24H2 (or whatever, I think), IS very slow. It is slow as a
    > Host but particularly slow as a VM. For instance Windows Server 2022 is
    > much faster as a VM. I HAVE tested this and results are available at this
    > Forum.
    >
    > Of course, Linux Host and VM combination is VERY fast compared to Win 11
    > in every respect. For performance and security, you should always use
    > Linux, if possible. At least Linux Host is always possible. Installation on
    > Linux has its own challenges, because the software vendor doesn't care to
    > give instructions. There are Linux experts with instructions, though.
    >
    >
    > Having said that about Windows, I have used virtualization on Windows 10
    > Pro for quite some time and have had zero problems with VMware (17.5.2 or
    > earlier). VMs have been both demanding and sometimes a bit complicated "VM
    > farms". Of course Windows 11 is not that good, but you should be happy. Of
    > course the current Windows version is worse than the previous one, but it
    > is better than the next version. So, you should be happy what you have got.
    > (sarcasm alert)
    >
    > Original Message:
    > Sent: Sep 07, 2025 05:55 PM
    > From: STAN KASPER
    > Subject: Windows 11 24h2 hsot - how to disable Virtual Based Security
    >
    > Keep in mind that jumping through all these changes may not be necessary.
    > Some are. Some not. It all depends on your hardware. The dirty on the
    > ditty is that Micrsosoft will determine to what extent changes are
    > necessary based on your hardware. And that will determine the changes
    > needed to allow for nested virtualization. And if you are running
    > Windows 11 those changes will be greater as there are many 3rd party
    > agreements.
    >
    > My take is Windows 11 24h2 makes a POOR host as Microsoft is trying among
    > other things to reduce support calls by locking things down.
    >
    >
    >
    > Original Message:
    > Sent: Nov 13, 2024 09:18 PM
    > From: kasper
    > Subject: Windows 11 24h2 hsot - how to disable Virtual Based Security
    >
    > Trying to switch from a Windows 2025 host to Windows 11 24h2 host. AMD
    > 8840U hardware. Done registery changes. Done Security Core setting
    > change. Done BCDEDIT changes. Done GPO changes on Devguard. Best
    > case was to disable SVM in BIOS. And that only turned out to be VBS
    > enabled but not running. What can I do to DISABLE VBS in Windows 11 24h2?
    >
    >
    >
    >
    > You are subscribed to "VMware Workstation" as ra.systemlords@gmail.com.
    > To change your subscriptions, go to My Subscriptions
    > <http: community.broadcom.com preferences?section=Subscriptions>. To
    > unsubscribe from this community discussion, go to Unsubscribe
    > <https: community.broadcom.com higherlogic egroups unsubscribe.aspx?userkey=f0b68461-99c9-42dd-b21f-b2d0005c73c8&sKey=KeyRemoved&GroupKey=1b0a16ce-2127-4fae-a840-018f5da56726>.
    >
    >
    > Copyright © 2005-2023 Broadcom. All Rights Reserved. The term "Broadcom"
    > refers to Broadcom Inc. and/or its subsidiaries.
    >
    > Hosted by Higher Logic, LLC on the behalf of Broadcom - Privacy Policy
    > <https: www.broadcom.com company legal privacy-policy> | Cookie Policy
    > <https: www.higherlogic.com legal privacy> | Supply Chain Transparency
    > <https: www.broadcom.com company citizenship governance-and-ethics#supply>
    > | Terms of Use <http: termsandconditions>
    >


    Original Message


  • 51.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 03:53 PM

    Running VMware with WHP enabled means you are essentially running a Type 2 hypervisor (Workstation) on top of a Type 1 hypervisor (Hyper-V). This nested virtualization adds a performance hit that is completely eliminated when using Hyper-V directly, as it runs closer to the hardware.

    So unless one is bound by whatever reason/need to run VMWare WS, there is no need to do that. My case is the latter. I can certainly move to Hyper-V instead of all the gymnastics that are needed to disable CredentialGuard etc or run type-2 over type-1. 

    With WHP it seems VMWare has given up on trying to find a better fix with Microsoft. Of course this applies to all other VM software vendors for windows e.g. VirtualBox etc.

    -------------------------------------------

    Original Message


  • 52.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 04:18 PM

    Running VMware with WHP enabled means you are essentially running a Type 2 hypervisor (Workstation) on top of a Type 1 hypervisor (Hyper-V).

    That's an interesteng comment. Can you provide references or documents that explain this? 



    ------------------------------
    - Paul (technogeezer)
    vExpert 2025
    ------------------------------

    Original Message


  • 53.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 07:23 PM

    @Technogeezerhttps://learn.microsoft.com/en-us/answers/questions/431362/confusion-related-to-type-1-or-type-2-for-hyper-v

    and based on this article by VMWare, the fact that WHP Is REQUIRED and is the method that VMWare has come up with, So this is IT, this is the fix that VMWare has. 

    I guess it is adios VM as far as I'm concerned. Had been on Win-10Pro so far and WS 15 and didn't have the need to look into this topic earlier.

    -------------------------------------------

    Original Message


  • 54.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 07:25 PM

    Naan:

    "

    Running VMware with WHP enabled means you are essentially running a Type 2 hypervisor (Workstation) on top of a Type 1 hypervisor (Hyper-V). This nested virtualization adds a performance hit that is completely eliminated when using Hyper-V directly, as it runs closer to the hardware.

    So unless one is bound by whatever reason/need to run VMWare WS, there is no need to do that. My case is the latter. I can certainly move to Hyper-V instead of all the gymnastics that are needed to disable CredentialGuard etc or run type-2 over type-1. 

    With WHP it seems VMWare has given up on trying to find a better fix with Microsoft. Of course this applies to all other VM software vendors for windows e.g. VirtualBox etc."

    You have the right to do whatever you want.

    However, there is no evidence "to this theory" and there is no evidence presented "that Hyper-V is faster". I mean, this is a technical Forum, not a marketing page.

    As for repetition: Linux is always better as a Host. I HAVE measured it. That throws Hyper-V out of the window. Whether you can have a technical workstation/laptop running Linux or not - that is up to you.


    Original Message


  • 55.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 16, 2025 09:26 PM

    Of course I do.
    In the same manner that you have to right to "claim" there is no evidence when all one needs to do is basic search and see how many people are experiencing performance issues with the win-11 setup.

    You keep pushing Linux without trying to understand that not everyone's needs are served by it, not sure if repeating that incessantly is helpful when question is about windows platform.

    -------------------------------------------

    Original Message


  • 56.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Sep 17, 2025 06:00 PM

    @RaSystemlord

    This is direct from VMWare

    https://blogs.vmware.com/cloud-foundation/2020/05/28/vmware-workstation-now-supports-hyper-v-mode/

    The snippet that is relevant is as follows:
    "

    How does VMware Workstation work before version 15.5.5? 

    VMware Workstation traditionally has used a Virtual Machine Monitor (VMM) which operates in privileged mode requiring direct access to the CPU as well as access to the CPU's built in virtualization support (Intel's VT-x and AMD's AMD-V).  When a Windows host enables Virtualization Based Security ("VBS") features, Windows adds a hypervisor layer based on Hyper-V between the hardware and Windows.  Any attempt to run VMware's traditional VMM fails because being inside Hyper-V the VMM no longer has access to the hardware's virtualization support.

    Introducing User Level Monitor

    To fix this Hyper-V/Host VBS compatibility issue, VMware's platform team re-architected VMware's Hypervisor to use Microsoft's WHP APIs. This means changing our VMM to run at user level instead of in privileged mode, as well modifying it to use the WHP APIs to manage the execution of a guest instead of using the underlying hardware directly.

    What does this mean to you?

    VMware Workstation/Player can now run when Hyper-V is enabled. You no longer have to choose between running VMware Workstation and Windows features like WSL, Device Guard and Credential Guard. When Hyper-V is enabled, ULM mode will automatically be used so you can run VMware Workstation normally. If you don't use Hyper-V at all, VMware Workstation is smart enough to detect this and the VMM will be used."

    Am interested to know what your thoughts are and if this is good enough evidence. 
    I know you mean well and are just trying to help but for a lot of people here Linux is not an option.
    Though my Gateway VPN VM does run on Ubuntu but all the client VMs run on Windows and that is due to need and not choice.

    -------------------------------------------

    Original Message