Безопасность на основе виртуализации, Virtualization based security или VBS — функция Windows 11 и Windows 10, предотвращающая выполнение потенциально опасного кода в памяти компьютера, изолируя его. Функция полезная, но по некоторым отзывам её отключение может повысить производительность в играх, а некоторые программы могут не запускаться, если она включена.
В этой инструкции описаны способы отключить безопасность на основе виртуализации. Далее рассмотрено отключение Virtualization Based Security в редакторе локальной и групповой политики, а также альтернативные методы, если отключение этими способами не помогло.
Как отключить безопасность на основе виртуализации в редакторе локальной групповой политики или редакторе реестра
Основной способ отключения Virtualization Based Security — настройка соответствующей политики в Windows. Если у вас установлена Pro или Enterprise версия системы, можно использовать редактор локальной групповой политики:
- Нажмите правой кнопкой мыши по кнопке «Пуск», выберите пункт «Выполнить», введите gpedit.msc и нажмите Enter.
- В редакторе локальной групповой политики перейдите к разделу «Конфигурация компьютера» — «Административные шаблоны» — «Система» — «Device Guard». Дважды кликните по пункту «Включить средство обеспечение безопасности на основе виртуализации» в правой панели.
- Установите значение «Отключено» и примените настройки.
- Перезагрузите компьютер.
В случае, если на вашем компьютере установлена домашняя редакция Windows, можно использовать редактор реестра:
- Нажмите клавиши Win+R на клавиатуре, введите regedit и нажмите Enter.
- Перейдите к разделу реестра
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard
- Нажмите правой кнопкой мыши в пустом месте правой панели редактора реестра и создайте новый параметр DWORD с именем EnableVirtualizationBasedSecurity и установите значение 0 для него.
- При наличии такого параметра, дважды нажмите по нему и измените значение на 0.
- Перезагрузите компьютер.
В результате функция VBS будет отключена. Если несмотря на это какая-то программа требует отключить Virtualization Based Security для своей работы, используйте далее описанные методы.
Дополнительные методы отключения Virtualization Based Security
Если предыдущий вариант не помог, и какая-то программа при запуске требует отключить VBS, можно использовать дополнительные подходы. Учитывайте, что при их использовании также будут отключены другие встроенные функции виртуализации Windows 11 и Windows 10 (на базе Hyper-V):
- Запустите командную строку от имени администратора, введите команду
bcdedit /set hypervisorlaunchtype off
и нажмите Enter. После этого перезагрузите компьютер.
- Откройте окно «Программы и компоненты» в панели управления или с помощью Win+R — appwiz.cpl, нажмите «Включение или отключение компонентов Windows» слева, отключите компоненты «Application Guard в Microsoft Defender», «Hyper-V», «Платформа виртуальной машины», нажмите «Ок» и перезагрузите компьютер после удаления компонентов.
Обычно один из этих способов помогает решить проблемы, связанные с включенной функцией безопасности на основе виртуализации. Если вам требуется узнать текущий статус функции, вы можете нажать клавиши Win+R, ввести команду msinfo32 и нажать Enter.
В разделе «Сведения о системе» внизу списка вы найдете пункт «Безопасность на основе виртуализации» с нужной информацией.
Безопасность на основе виртуализации, также известная как VBS, позволяет Windows 11 создавать защищенный анклав памяти, изолированный от небезопасного кода. Другая встроенная функция, называемая целостностью кода с применением гипервизора (HVCI), использует возможности VBS для предотвращения попадания неподписанных или сомнительных драйверов и программного обеспечения в память. Вместе VBS и HVCI добавляют уровень защиты, который ограничивает ущерб, который вредоносное ПО может нанести, даже если оно пройдет мимо вашего антивирусного ПО.
К сожалению, VBS и HVCI требуют значительных затрат на производительность, особенно когда дело касается игр. В тестах обнаружили, что игры работали на 5 процентов медленнее с этими настройками, чем с выключенными. Другие тестировщики увидели еще большое снижение производительности; на сайте PC Gamer отметили падение производительности на 25 процентов, хотя они тестировали процессоры Intel 10-го поколения, когда Microsoft рекомендует не менее 11-го поколения.
Простое обновление до Windows 11 не включит VBS, если вы не включили его в Windows 10, где он не использовался по умолчанию в течение нескольких лет. Так что на данный момент это проблема, с которой сталкиваются немногие.
Однако, если вы выполняете чистую установку Windows 11 или покупаете новый ноутбук или настольный компьютер с Windows 11, по умолчанию у вас может быть включен VBS / HVCI. Microsoft рекомендует включить его в OEMS по умолчанию, но отмечает, что «некоторые устройства, которые особенно чувствительны к производительности (например, игровые ПК), могут поставляться с отключенным HVCI». И уже известно, по крайней мере, об одном OEM, который утверждает, что они будут поставлять свои системы с отключенным VBS.
Если вы используете Windows 11, и производительность, особенно в играх, имеет для вас наибольшее значение, ниже будет показано, как проверить, включен ли VBS / HVCI и как его отключить. Однако, если вы не играете, вы можете оставить защиту на месте.
Как проверить, включен ли VBS в Windows 11
Прежде чем вы начнете думать об отключении VBS, вам нужно выяснить, включен ли он вообще.
1. Откройте системную информацию. Самый простой способ сделать это — выполнить поиск «системной информации» в поиске Windows и щелкнуть верхний результат.
2. Прокрутите вниз и найдите строку «Безопасность на основе виртуализации». Если написано «работает», значит VBS включен. Но если написано «не включено», значит ничего больше делать не надо.
Как отключить VBS / HVCI в Windows 11
1. Найдите Core Isolation в поиске Windows и щелкните верхний результат .
2. Нажмите «Безопасность Windows» и «ОК», если вас спросят, какое приложение использовать. Откроется подменю.
3. Выключите целостность памяти, если она была включена. Если уже выключена, переходите к шагу 6.
4. Перезагрузите компьютер, как будет предложено.
5. Еще раз проверьте информацию о системе, чтобы убедиться, что безопасность на основе виртуализации выключена. Если да, то все готово. Если нет, перейдите к шагу 6, где вы отключите VBS в реестре.
6. Откройте regedit. Самый простой способ — нажать Windows + R, ввести regedit в текстовое поле и нажать ОК.
7. Перейдите к HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard.
8. Откройте EnableVirtualizationBasedSecurity и установите для него значение 0.
9. Закройте regedit и перезагрузите компьютер .
На этом этапе вы должны увидеть, что VBS отключен в приложении с системной информацией.
Telegram-канал @overclockers_news — теперь в новом формате. Подписывайся, чтобы быть в курсе всех новостей!
A security setting that’s on by default in Windows 11 and at least some installs of Windows 10 could be slowing performance in some by as much as 15 percent. Virtualization-based security, aka VBS, allows Windows to create a secure memory enclave that’s isolated from unsafe code. Another built-in feature called Hypervisor-Enforced Code Integrity (HVCI) uses the capabilities of VBS to prevent unsigned or questionable drivers and software from getting into memory. Together VBS and HVCI add a layer of protection that limits how much damage malware can do, even if it gets past your antivirus software.
Unfortunately, VBS and HVCI have a significant performance cost, particularly when it comes to gaming. In our tests, we found that games ran as much as 15 percent slower with these settings on as with them off. This is true whether you’re using an old graphics card or even a speedy RTX 4090. It used to be the case that simply upgrading from Windows 10 to 11 would not enable VBS, but lately we’ve seen it get turned on after updates so you should not assume that it’s disabled on your system, even if you had it turned off before.
For most users and applications, the performance deltas with VBS on and off are 5 percent or less and likely not noticeable in everyday tasks such as web browsing or editing documents. However, if you want the best possible performance and are willing to sacrifice an added layer of security, here’s how you disable VBS in Windows 11 or 10.
How to Check if VBS is Enabled in Windows 11 or 10
Before you start thinking about turning off VBS, you need to find out if it’s on in the first place.
1. Open system information. The easiest way to do that is by searching for «system information» in Windows search and clicking the top result.
2. Scroll down to find the «Virtualization-based security» row. If it says «running,» VBS is enabled. But if it says «not enabled,» then you’re done.
How to Disable VBS / HVCI in Windows 11 or 10
1. Search for Core Isolation in Windows search and click the top result.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
2. Toggle Memory Integrity to off, if it was on. If it is not on, skip ahead to step 6.
3. Reboot your PC as prompted.
4. Check system info again to see if virtualization-based security is listed as «not enabled.» If so, you are done. If not, go to step 6 where you’ll disable VBS in the registry.
5. Open regedit. The easiest way is by hitting Windows + R, entering regedit in the text box and click Ok.
6. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard.
7. Open EnableVirtualizationBasedSecurity and set it to 0.
8. Close regedit and reboot your PC.
9. Check system information again to see if Virtualization Based Security is listed as «not enabled.»
If VBS is still enabled try the method of disabling it below.
How to Disable Windows VBS By Uninstalling Virtual Machine
If you still see that VBS is running, you can get rid of it by uninstalling the «Virtual Machine» feature in Windows. Note, however, that if this is the feature that’s enabling VBS for you, losing it may cost you the ability to run Windows Subsystem for Linux. Here’s how you do it.
1. Open Turn Windows Features on or Off by searching for it.
2. Uncheck Virtual machine and click Ok.
3. Reboot your PC.
4. Check system information again to make sure virtualization based security is listed as «not enabled.»
The Virtualization-Based Security (VBS) feature came into the spotlight with Windows 11 and comes enabled by default on newer systems. This feature existed in Windows 10 too, but it hogged quite a lot of system resources.
If you experience a drop in gaming performance after upgrading to Windows 11, don’t fret. If you’ve tried everything already and nothing seems to work, VBS may be the culprit behind your low frame rates. As such, let’s explore how to disable VBS and squeeze the maximum amount of performance from your system.
Does VBS Really Reduce Performance?
PC Gamer and Tom’s Hardware dove in deep to learn about the drop in performance after enabling VBS. Both findings revealed performance drops ranging from 5-25 percent. Popular titles like Horizon: Zero Dawn and Shadow of the Tomb Raider suffered massive FPS drops.
Surprisingly, the CPU and GPU frequency remained unchanged. But these components were drawing less power. There haven’t been any detailed findings about what is actually causing it. But if you want to get maximum performance in games and applications, VBS is likely standing in your way.
What Are the Repercussions of Disabling VBS on Your System?
Virtualization-Based Security (VBS) works with Windows Hypervisor to create an isolated memory region. This isolated region securely stores login credentials, crucial Windows security code, and more. HVCI is a feature that uses VBS to conduct integrity checks on programs.
In simple words, attackers have a tough time when VBS is active. So, turning it off leaves you exposed to kernel-level attacks. If you are someone who uses their system for confidential official work, it is best to keep VBS enabled. If you are a gamer or use resource-intensive apps, disabling VBS will minimize the performance drop.
How to Check If VBS is Active on Your System
You can use the System Information app to check if VBS is active on your system. Here’s how to do it:
- Press Win + R to launch the Run dialog box. Type msinfo32 in the text box and press the Enter key.
- System Information utility will launch.
- Navigate to the right pane. Scroll down and locate the Virtualization-based security entry in the list. Alternatively, you can use the Find What box present at the bottom and search for the feature.
-
If you see «Running» mentioned next to it, it means that VBS is up and running on your system.
- Close the System Information utility.
How to Disable VBS to Increase Performance in Windows 11
If you want to disable VBS, here are a few tricks you can try.
1. How to Disable VBS From the Windows Settings
Perform the following steps to disable VBS from the Settings app.
- Press Win + I to launch the Settings app. Navigate to the left-hand side menu and click on the Privacy and Security option.
- Click on Windows Security and then click the Open Windows Security button.
- Windows Security app will launch. Go to the left-hand side menu and select Device Security.
- Find the Core isolation section and click on the Core isolation details option.
-
Now, check whether the Memory Integrity toggle is active or not. If it is active, click on it to disable the feature.
- Restart your system. Test some apps and games to check their performance.
2. How to Disable VBS With the Command Prompt
You can also disable VBS using the command prompt. Keep in mind that you must grant administrator access before executing the commands.
To turn off VBS using the command prompt, repeat the following steps:
- Press Win + R to launch the Run command box. Now type cmd and press Ctrl + Shift + Enter to launch the command prompt with elevated permissions.
-
Type bcdedit /set hypervisorlaunchtype off in the text area.
- Press the enter key to execute the command. Wait for the execution to complete.
- Restart your system. VBS won’t bother you anymore.
3. How to Turn Off Windows’ Virtualization Features
VBS can run on your system only if virtualization is active. If you shut off all the Virtualization features of Windows, VBS won’t work. So, you have to uninstall a few Windows features.
To turn off Virtualization features in Windows 11, do as follows:
- Press the Win key, type Control Panel and open the first result.
- Find the Program and Features option and then click on Uninstall a Program option.
- Navigate to the top left-hand side and click on the Turn Windows Features on or off option.
-
Windows Features will launch. Find Microsoft Defender Application Guard, Virtual Machine Platform, and Windows Hypervisor Platform in the list.
- Uncheck all these features and then click on the OK button. Wait for the setup to disable these features on your device. Click on the Restart Now button to apply changes.
- Revisit the Windows Features to check whether all Virtualization features are inactive or not.
4. How to Disable VBS From the Local Group Policy Editor
You can use the Group Policy Editor to turn off VBS permanently. Keep in mind that GPE is not available for Windows 11 Home users. You need to run a batch script to enable GPE. Check out our complete Group Policy Editor guide for more information on this.
To disable VBS using the Group Policy Editor, do as follows:
-
Press Win + R to launch the Run command box. Type gpedit.msc and hit the enter key to launch the Group Policy Editor.
- Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard.
- Under Device Guard, find the Turn On Virtualization Based Security policy and double-click on it.
- Click on the Disabled radio button in the policy window. Then, click on the Apply button.
- Click on the OK button and exit the Group Policy Editor. Restart your system to apply changes.
- To re-enable VBS, click on the Enabled radio button in the Turn On Virtualization Based Security policy.
5. How to Disable Virtualization via the BIOS
The last option is to disable virtualization technology from the system BIOS. As mentioned before, VBS won’t work if you disable virtualization features. So, by doing this, you can ensure that VBS doesn’t turn on ever again.
To turn off virtualization technology from BIOS, repeat the following steps:
- Restart your system. Press the corresponding F-key to access the BIOS setup (usually it is the F2 or F12 key).
- Once you are inside the BIOS, go to the advanced settings page. Remember that each OEM has a different BIOS appearance and settings layout.
-
Find the Virtualization Technology option under advanced settings. Click on it to disable the feature on your system.
- Now, press the F10 key to save the changes. Exit the BIOS setup and continue the OS boot process.
- Check the Memory Integrity option in Windows Security. It will appear grayed out.
6. How to Disable VBS Using Registry Editor
If you don’t have Group Policy Editor on your Windows 11 Home version, you can use the Registry Editor to change the status of VBS on your PC. Instead of manually navigating to the registry key, you can use Command Prompt to modify the EnableVirtualizationBasedSecurity DWORD value.
But before doing that, create a manual backup of the Windows Registry and save it to an external USB drive as a backup option. After doing that, repeat the following steps to disable VBS by tweaking the registry:
- Press Win + R to launch the Run dialog box. Type cmd and press the Ctrl + Shift + Enter keys simultaneously to open the Command Prompt with administrator privileges.
-
Now, type the following command and press the Enter key to execute it:
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard" /v EnableVirtualizationBasedSecurity/t REG_DWORD /d 00000000 /f -
If everything went fine, you will see a «The operation completed successfully.» message.
- Type exit and press Enter to close the Command Prompt window.
- Restart your PC to apply the changes.
VBS Won’t Throttle Your System Performance Anymore
VBS is a pretty cool feature that is available in both Windows 10 and 11. However, the drastic performance drops surely make it less enticing for gamers. Firstly, start by disabling the Memory Integrity feature in Windows Security. Then turn off VBS using the Group Policy Editor.
After that, move to other steps to disable virtualization features such as MDAG, and Virtual Machine Platform. Lastly, disable the virtualization technology from the BIOS. Features like VBS won’t work without it.
Windows 11 is one of the most significant updates as it is more efficient and powerful in all aspects. But, according to some Windows 11 users, it has some critical performance issues. Many PC gamers said their gaming experience became choppy and laggy after updating the system to Windows 11. And one of the expected causes behind the problem is said to be Virtualization-Based Security (VBS). Microsoft has recently started enabling VBS in many systems through the new Windows 11 update.
There is a high chance that VBS is the main factor behind your system’s degraded performance. Many Windows 11 users reported that disabling VBS helped them to regain the same power-packed gaming experience as earlier. If you’re going through the same, we will suggest disabling VBS and checking whether it is the main culprit. Here in this article, we have explained several methods to disable Virtualization-Based Security and restore your system’s performance.
What is Virtualization-Based Security in Windows 11?
Virtualization-Based Security is a Windows program that uses virtualization features to host more security features and strengthen your system’s security. It creates a Virtual Secure Mode using virtualization features to host several security features.
Read More: What is Virtualization-Based Security (VBS) in Windows 11
Disable Virtualization-Based Security (VBS) in Windows 11
In order to disable VBS, you need to disable Hypervisor-Enforced Code Integrity (HVCI). There are several ways to disable HVCI. This section mentions all possible ways to disable HVCI in Windows 11.
1. From Settings
Microsoft lets you disable Virtualization-Based Security from your Windows Settings. You can follow the below-mentioned steps to disable VBS from your Windows 11 PC settings.
1. Press the Windows key.
2. Type Core Isolation in the Search Bar.
3. Then, click on Open.
4. Toggle off the Memory Integrity option in the Core Isolation settings.
5. Windows will then ask you to Restart your PC. So, choose Restart from the options given on the popup.
We have observed that Microsoft prevents some users from disabling HVCI from the System Settings. If this is the same with you, the next method will indeed work for you.
2. Using Command Prompt
One of the ways to disable Virtualization-Based Security is using the Command Prompt app. You can do the same by following the below-mentioned steps.
1. Press Win + R to open the Run program and type cmd.
2. Now, press Ctrl + Shift + Enter to open CMD with administrative privileges.
3. Copy and paste the mentioned command in CMD and press Enter.
bcdedit /set hypervisorlaunchtype off 
4. Wait until the process completes and you see a process completion message.
5. Lastly, Restart your PC.
3. By Disabling Windows Features
You can also disable VBS by turning off two Windows Virtualization features: Virtual Machine Platform and Windows Hypervisor Platform. Turning off these two features will stop all VBS-related processes automatically. You can start the process by following the below-mentioned steps.
1. Press the Windows key and type Control Panel in the Search Bar.
2. Click on Programs.
3. Then, click on Turn Windows Features on or off from the left pane.
4. Search these two features and uncheck them: Virtual Machine Platform and Windows Hypervisor Platform.
5. Once done, click OK.
6. In the end, click Restart now to reboot your system.
4. From Registry Editor
Registry Editor is an important Windows program that stores all your operating system’s settings. It also allows you to modify those system settings. You can also use the Registry Editor to change VBS settings. You can follow the below-mentioned steps that easily demonstrates the same.
1. Press the Windows key and type Registry Editor in the Search Bar.
2. Then, click Open.
3. Navigate to the mentioned path by simply copying and pasting the path in the Location bar.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard4. Double-click on EnableVirtualizationBasedSecurity.
5. Set the Data Value to 0 to disable VBS.
6. Click on OK and Reboot your PC.
5. From Group Policy Editor
Group Policy Editor is another way to enable and disable any function of your Windows PC. It also allows you to disable the Virtualization-based Security from the Group Policy Editor. You can follow the mentioned steps to disable VBS using Group Policy Editor.
1. Press Win + R to open the Run window.
2. Type gpedit.msc and click OK.
3. Navigate to the mentioned path.
Local Computer Policy\Computer Configuration\Administrative Templates\System\Device Guard
4. Double-click on Turn On Virtualization Based Security.
5. Once the Virtualization Based Security dialog box pops up, choose Disabled from the given options.
6. Lastly, click OK and Restart your system.
6. Via BIOS Settings
The last method to disable VBS is from the BIOS settings. We recommend following this method as it disables VBS and other virtualization features from the roots. So, they won’t turn on automatically unless you do them. You can follow the below steps to disable the VBS from BIOS Utility.
1. Restart the PC.
2. Press F1 or F2 key correspondingly.
3. Head to the Advanced Settings section.
4. Search Virtualization Technology in the Advanced Settings.
5. Then, disable it.
6. After that, press the F10 key and Exit the BIOS utility.
7. Head to the Core Isolation Setting and ensure that the Memory Integrity feature is disabled.
Frequently Asked Questions
How Do I Know if Virtualization Is Enabled in Windows 11?
First, press the Windows key and type MSInfo32 in the Search Bar. Once the System Information tab opens, search for Virtualization-Based Security in the list. You can now check whether VBS is enabled or disabled in the Value column.
How Do I Enable Virtualization Based Security in Windows 11?
Press the Win + R key combination to open the Run program. Type gpedit.msc in the Search Bar and press Enter key. Now, head to the mentioned location and double-click on Turn on Virtualization Based Security: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard. Then, choose Enabled from the given options to enable VBS in Windows 11.
How Do I Get Into BIOS on Windows 11?
You need to start the process by restarting the system. Once you see the reboot screen, immediately press the F1 or F2 key on your keyboard. Now, head to the Advanced Settings section to open the BIOS Utility window.
Final Words
Disabling Virtualization-Based Security can enhance your system’s performance. You won’t experience the same choppy and laggy experience again. But, you need to sacrifice your system security a bit, which we won’t recommend.
We will suggest first trying other ways to improve your system’s performance. If that doesn’t work, then you can try disabling VBS by following one of the above-mentioned ways. Which way you find easier to disable VBS in Windows 11.