In Windows 11, Microsoft expects all consumer personal computers to have the same enterprise-level security as commercial devices. If you have just purchased a machine or have installed a new operating system, you may have enabled the new feature of VBS by default, which may affect performance a little. However, you can turn it off at any time and eventually get the same security as Windows 10, the performance is better.
Windows 11 is not perfect, critics are rightMicrosoftThe new operating system received mixed reviews. If you have upgraded or plan to do so, you should note that Windows 11 comes with better security features, but at the expense of performance, as well as relatively new hardware.
The culprit is Virtualization Based Security (VBS), which was first introduced in Windows 10 as an optional security layer for corporate PCs. VBS’s role is to allow Windows 11 to use the hardware virtualization features of modern CPUs to isolate memory and host security features such as hypervisor-enforced code integrity (HVCI).
VBS and HVCI can prevent malicious code from running on malicious code on your system’s trusted applications and drivers, as it may fail the code integrity test.AMDIn some processor usage situations, the performance discount can be as high as 28%.
Use first generation Ryzen CPU or tenth generationIntelUsers with CPUs and above will experience this performance regression. For people with newer hardware, the overall performance impact is close to 5%. Microsoft recommends that OEMs enable VBS and HVCI by default on newer PCs, but allow them to be disabled by default on gaming PCs.
If you upgrade from Windows 10 to Windows 11, VBS will be turned off by default if you do not enable it before you start the upgrade process. However, it will be enabled after reinstalling on a new computer or existing device, so it is important to check whether it is turned on and how to disable it for additional performance.
First, you need to open the system information. Under “System Summary”, check if there is a line that says “Virtualization based security”. If you say “not enabled”, you do not need to do anything else. If you say “running”, continue reading.
In Windows 11, there are two ways to disable VBS. First open “Settings” and click “Privacy and Security” in the left pane. You will see a list of security features, Windows permissions, and application permissions. Click “Windows Security” above, and then click Device Security from the list that appears. Then click on “Core Isolation Details” and it should be colored. This gives you a “memory integrity” switch, which you need to shut down and restart the computer to take effect.
The same result can be obtained by searching for “Core Isolation” from the taskbar or from the search box of the “Settings” application, which will take you to the same place mentioned above.
Another way to disable VBS is to use the Registry Editor. You can open it by searching for its name in the taskbar, or click Windows + R, enter regedit in the pop-up text box, click OK, and then proceed:
In the window that appears, there is an address bar that you can use to navigate directly to “HKEY_LOCAL_MACHINE / System CurrentControlSet Control DeviceGuard”. In the right pane, you will see a DWORD value named “EnableVirtualizationBasedSecurity”. Open it and set it to “0”. As with the first method, you will need to restart your computer for the changes to take effect.
Problem solver. Incurable bacon specialist. Falls down a lot. Coffee maven. Communicator.