Share via

Virtual Based Security (VBS) Won't Turn Off On Windows 11

Alex G 0 Reputation points
2025-10-08T20:48:16.52+00:00

I've recently upgraded my computer from Windows 10 to Windows 11 24H2. I need to keep Virtualization ON in the BIOS so that I can use Virtual Machines but I need to turn Virtual Based Security (VBS) OFF for another piece of software to work without error.

Unfortunately, after I turn Virtual Based Security off and restart my computer, Virtual Based Security turns itself back on.

I've tried other solutions posted on Microsoft QA as well as other instructions that I’ve found online. Unfortunately, none of these solutions have worked. Virtualization Based Security keeps turning itself back on.

This is the list of posts that I’ve followed so far:

  1. https://learn.microsoft.com/en-us/answers/questions/4039945/i-cant-disable-virtualizationbasedsecurity-%28vbs%29-w?page=3#answers
  2. https://learn.microsoft.com/en-us/answers/questions/2128791/cant-find-the-option-to-turn-off-virtualization-ba
  3. https://metisit.com/nieuws/virtualization-issues-with-vmware-workstation-pro-on-windows-11-version-24h2/

I also tried running the Device Guard and Credential Guard hardware readiness tool provided at https://www.microsoft.com/en-us/download/details.aspx?id=53337.

Are there additional steps that I should be going through to make sure that Virtual Based Security turns off and stays off? Appreciate the help!

Windows for business | Windows Client for IT Pros | Devices and deployment | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex G 0 Reputation points
    2025-10-09T14:49:22.9333333+00:00

    I decided to check Windows Event Viewer > Windows Logs > System and did a search for "VBS" and "Virtualization-based security". I found the following events:

    1. 10/8/2025 11:19:43 AM: Virtualization-based security (policies: 0) is disabled due to opt-out UEFI variable.
    2. 10/8/2025 11:36:54 AM: Virtualization-based security (policies: VBS Enabled,VSM Required,Boot Chain Signer Soft Enforced) is enabled due to VBS registry configuration.
    3. 10/8/2025 11:37:03 AM: VBS Key Isolation was started and will protect VSM-isolated keys.

    The first event indicates that my UEFI variables are correct to have VBS off and the second event indicates VBS was turned back later on due to my registry settings. I'm not sure what the 3rd event means.

    So I went back through the DeviceGuard registry and found the following settings:

    1. "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard"
      1. "RequireMicrosoftSignedBootChain" was set to 1, I did not change this.
      2. "Scenarios\CredentialGuard\Enabled" was set to 1, so I changed the value of this to 0.

    After doing this "Virtualization-based Security" showed up as "Not Enabled". I restarted my computer 5-6 times and VBS remained off. I've definitely changed the CredentialGuard to 0 several times in the past, so I'm not sure why changing this setting is working now.

    With all the different settings that need to be changed to turn Virtualization-based Security off, I have concerns that future Windows updates and releases will inevitably turn this VBS back on.

    Does anyone know of a simple 1 setting change we can make to turn VBS off?

    0 comments
  2. Domic Vo 17,825 Reputation points Independent Advisor
    2025-10-09T00:08:49.7933333+00:00

    Dear Alex,

    Based on your description, it appears that VBS is re-enabling itself after restart, despite your attempts to disable it. This behavior can occur due to policy enforcement or system configuration settings that automatically restore VBS features.

    To help resolve this, please review the following steps:

    Step 1: Disable VBS via Group Policy

    1. Open Group Policy Editor (gpedit.msc)
    2. Navigate to: Computer Configuration > Administrative Templates > System > Device Guard
    3. Set Turn On Virtualization Based Security to Disabled
    4. Restart your computer

    Step 2: Check Core Isolation Settings

    1. Go to Settings > Privacy & Security > Windows Security > Device Security
    2. Select Core Isolation Details
    3. Turn Memory Integrity off
    4. Restart your computer

    Step 3: Review Registry Settings

    1. Open Registry Editor (regedit)
    2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
    3. Set or create the following DWORD values:
      • EnableVirtualizationBasedSecurity = 0
        • RequirePlatformSecurityFeatures = 0
        1. Restart your computer

    Step 4: Confirm with System Info

    After restart, run msinfo32 and check the Device Guard section to confirm that VBS is disabled.

    If this guidance proves helpful, feel free to click “Accept Answer” so we know we’re heading in the right direction 😊. And of course, I’m here if you need further clarification or support. T&B, Domic

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.