In Windows 11, Microsoft hopes that all consumer personal computers can have the same enterprise-level security as commercial devices. If you have just bought a machine, or have just installed a new operating system, you may have enabled the new feature of VBS by default, and the performance will be affected. However, you can turn it off at any time, and finally get the same level of security as Windows 10, and the performance is better.
Windows 11 is not perfect, and critics have mixed opinions on Microsoft’s new operating system. If you have upgraded or are planning to do so, it is worth noting that Windows 11 comes with enhanced security features, but at the cost of performance, even on relatively new hardware.
The culprit is a feature called Virtualization-Based Security (VBS), which was first introduced in Windows 10 as an optional security layer for enterprise PCs. The role of VBS is to allow Windows 11 to use the hardware virtualization features in modern CPUs to isolate the security areas of memory and host security features, such as Hypervisor-Enforced Code Integrity (HVCI).
VBS and HVCI can prevent hackers from running malicious code with trusted applications and drivers on your system, because it will fail the code integrity check. All of this sounds good on paper, but early tests have shown that it affects performance in some cases, the most obvious of which is gaming. In some AMD processor usage scenarios, performance is discounted by as much as 28%.
Users who use the first-generation Ryzen CPU or the tenth-generation Intel CPU and above will experience this performance regression. For people with newer hardware, the overall performance impact is close to 5%. Microsoft recommends that OEMs enable VBS and HVCI by default on new PCs, but they allow them to be disabled by default on gaming PCs.
If you upgrade from Windows 10 to Windows 11, VBS will be turned off by default, unless it is enabled before you start the upgrade process. However, it will be enabled after reinstalling on a new computer or on an existing device, so it is worth exploring how to check if it is turned on and how to disable it for additional performance.
First, you need to open the system information. Under “System Summary”, check if there is a line that says “Virtualization-based security”. If it says “Not Enabled”, you don’t need to do anything else. If it says “Running”, please continue reading.
In Windows 11, there are two ways to disable VBS. The first is to open “Settings” and click on “Privacy and Security” in the left pane. You will see a list of security features, Windows permissions, and application permissions. Click “Windows Security” above, and then click Device Security from the list that appears afterwards. Then click “Core Isolation Details”, it should be colored. This leaves you with a “memory integrity” switch, you need to turn it off and restart your computer for it to take effect.
The same effect can be achieved by searching for “core isolation” from the taskbar or the search box of the “Settings” application, which will bring you to the same place as above.
Another way to disable VBS is to use the registry editor. You can open it by searching for its name on the taskbar, or click Windows+R, enter regedit in the pop-up text box–click OK, and then continue:
In the window that appears, there is an address bar that you can use to navigate directly to “HKEY_LOCAL_MACHINE/SystemCurrentControlSetControlDeviceGuard”. In the right pane, you should see a DWORD value named “EnableVirtualizationBasedSecurity”. Open it and set it to “0”. As with the first method, you need to restart your computer for the changes to take effect.
.