VMware Workstation

 View Only
Back to discussions
Expand all | Collapse all

Windows 11 24h2 hsot - how to disable Virtual Based Security

  • 1.  Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Nov 14, 2024 09:33 AM

    Trying to switch from a Windows 2025 host to Windows 11 24h2 host.   AMD 8840U hardware.    Done registery changes.   Done Security Core setting change.   Done BCDEDIT changes.    Done GPO changes on Devguard.    Best case was to disable SVM in BIOS.   And that only turned out to be VBS enabled but not running.    What can I do to DISABLE VBS in Windows 11 24h2?



  • 2.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 04, 2024 04:55 PM

    Download this Powershell script and run as admin with the -disable option
    Download Device Guard and Credential Guard hardware readiness tool from Official Microsoft Download Center


    Original Message


  • 3.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 9 days ago

    Muchas gracias, esto funciono para mi en Win 11 Pro 


    Original Message


  • 4.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 12, 2024 05:00 PM

    Hi guys, do it with me:

    1/ Disable Credential Guard with Registry settings
           Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
           Key name: LsaCfgFlags
           Type: REG_DWORD
           Value: 0


           Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
           Key name: LsaCfgFlags
           Type: REG_DWORD
           Value: 0

    2/ Disable Credential Guard with UEFI lock, run Windows Command Prompt as administrator
           mountvol X: /s
           copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
           bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
           bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
           mountvol X: /d

    3/ Disable VBS with Registry settings, Delete the following registry keys:
           Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
           Key name: EnableVirtualizationBasedSecurity

           Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
           Key name: RequirePlatformSecurityFeatures

    4/ Run Windows Command Prompt as administrator
           bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
           bcdedit /set vsmlaunchtype off

    5/ Open Group policies editor 

    Computer Configuration -> Admininistrative Templates -> System -> Device Guard -> select "Turn ON Virtualization Base Security "  and choose "Disable" option.

    6/ Turn off all options in Core isolation of windows 11 24h2
    Windows start -> core isolation -> Turn off all options

    7/ Windows Start -> In Feature windows 11, uncheck: Hyper-V, Virtual machine plafrorm, Windows subsystem for Linux

    8/ Restart PC
    Restart the device. Before the OS boots, a prompt appears notifying that UEFI was modified, and asking for confirmation. (Press F3 and press enter to continue).


    Original Message


  • 5.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 13, 2024 08:07 AM

    Hi Danh,

    You are really an angel; it works for me and Eve-ng is working perfectly.


    Original Message


  • 6.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Dec 13, 2024 10:09 AM

    Excellent post.   Item 4 of particular interest.   Windows 11 24h2 boot partition does a check and enables VBS at boot time.    But the GUID in item 4 disables that.  If that does not happen for you, you can go the long route and use dgreadiness 1st, and then issue commands to alter the boot record.


    Original Message


  • 7.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jan 01, 2025 11:04 PM

    Sadly, none of this worked for me.  No matter what I try, Virtualization-based security refuses to disable.  Workstation in turn won't run certain VMs, and some others run rather poorly.  I'm running 24H2 on an HP Elitebook G9


    Original Message


  • 8.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jan 07, 2025 09:04 AM

    Hi,

    Disabling "Secure Boot" in my BIOS was necessary in my case (HP ZBook computer). Otherwise VBS was still running (loadoptions did'nt disable it)


    Original Message


  • 9.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Feb 01, 2025 10:21 AM

    Thank you so much, Only your post was able to help from all over the Internet


    Original Message


  • 10.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Feb 24, 2025 12:40 PM

    Thanks Danh, you're a life saver.


    Original Message


  • 11.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Mar 06, 2025 03:28 PM 
    Danh Nguyen thanks for your help. My laptop has an amd processor but the problem was that when I rebooted  my laptop, the Virtual Based Security was enabled again. The solution was to disable HV Host Service:

    

    Step 1: right-click "This PC", click "Manage", jump to the interface of "Computer Management" - "Service and Applications" - "Services", find "HV Host Service"
    




    




    Step 2: double click "HV Host Service", change the Startup type into "Manual" or "Disable", then click "OK".

    Original Message


  • 12.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 3 days ago

    With a Secure Core computer running Pro or Enterprise versions of Windows - this only lasts to the next reboot.

    -Stickybit


    Original Message


  • 13.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted Jan 07, 2025 04:08 PM

    Someone on the Windows 11 board posted this to disable VBS.   Have not tried it yet.   If it does work it is simple solution but do not know if there are any side effects.

    In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello    DWORD parameter "Enabled" to 0
    Resstart PC.    VBS should be turned off.
     


    Original Message


  • 14.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 21 days ago
    Edited by byd2k 21 days ago

    Thanks!  This worked for me.  I just lost about 5 hours of my life on this.  

    Here's the summary for others...  

    Windows 11 is enabled to install the latest updates automatically. For my PC, this must have happened sometime in early May 2025.
    Running Workstation version pre-Broadcom 17.x
    Upgrade Workstation to the latest version (think I was a few numbers below the second octet)- did not help
    Ran the above items that I found elsewhere on the net (mostly for Win 10) - did not help
    Ran system restore, did not help - Maybe it would have if I had restore back to a pre May 2025 time period.
    Finally ran "In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello    DWORD parameter "Enabled" to 0"  - It worked!

    I'm not sure if this, in combination with all of the previous items, was required to resolve.  

    Broadcom - Please create an executable for this!  Thank you all for your posts above to resolve this issue.  


    Original Message


  • 15.  RE: Windows 11 24h2 hsot - how to disable Virtual Based Security

    Posted 18 days ago

    Thank you byd2k, this single WindowsHello thing worked for me after a lot of time wasted. I would have never guessed it. Also, it might after rebooting I got a semi-scary log in experience because "something was wrong with my pin". This might happen if you use windows hello. Just login with your password, and I managed by disabling my pin entirely. 


    Original Message