Introduction
If you’re encountering errors like “This host does not support AMD-V” or “Intel VT-x is unavailable” when using VMware Workstation, VirtualBox, or other virtualization software, you likely need to disable Windows 11’s VBS (Virtualization-Based Security).
Critical Update: Starting with Windows 11 24H2, disabling VBS has become more complex. Traditional methods are no longer sufficient - you must also disable the VBS dependency for Windows Hello.
What is VBS and Why Does It Interfere with Virtual Machines?
VBS (Virtualization-Based Security) is a Windows 11 security feature that creates an isolated security environment using the Hyper-V virtualization layer. While this sounds beneficial, there’s a problem:
- VBS monopolizes CPU hardware virtualization features (AMD-V or Intel VT-x)
- Third-party virtualization software like VMware needs direct access to these hardware features
- When VBS is running, VMware cannot gain control of hardware virtualization, causing errors
In simple terms: VBS and VMware cannot simultaneously use the same virtualization hardware.
The 24H2 Change: Windows Hello Now Requires VBS
Starting with Windows 11 24H2, Microsoft made a significant change: Windows Hello security mechanisms now depend on VBS.
This means that even if you disable VBS using traditional methods, as long as Windows Hello-related functionality remains enabled in the registry, VBS will automatically restart.
This is why many users found that:
- Turned off Memory Integrity ✅
- Ran
bcdedit
commands ✅ - Modified registry settings ✅
- After reboot, VBS still shows “Running” ❌
Complete Disabling Steps (For 24H2)
Prerequisites
- Windows 11 (any edition: Home/Pro/Enterprise)
- Administrator privileges
- Virtualization enabled in BIOS (AMD-V or Intel VT-x)
Step 1: Check Current VBS Status
- Press
Win + R
, typemsinfo32
, press Enter - In the System Information window, scroll down
- Find the “Virtualization-based security” row
- If it shows “Running” → needs to be disabled
- If it shows “Not enabled” → no action needed
Step 2: Disable Tamper Protection
- Open Settings (Win + I)
- Go to Privacy & security → Windows Security
- Click Virus & threat protection
- Click Manage settings
- Toggle Tamper Protection to Off
Step 3: Disable Memory Integrity
- Open Settings (Win + I)
- Go to Privacy & security → Windows Security
- Click Device security
- Click Core isolation details
- Toggle Memory integrity to Off
Step 4: Disable Hyper-V Related Features
Open Command Prompt as administrator (search for cmd
, right-click and select Run as administrator), then run these commands sequentially:
1 | bcdedit /set hypervisorlaunchtype off |
Step 5: Modify Registry (Critical!)
⚠️ This is the most crucial step for 24H2
5.1 Disable VBS Main Switch
- Press
Win + R
, typeregedit
, press Enter - Navigate to:
1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
- Find or create EnableVirtualizationBasedSecurity (DWORD 32-bit value)
- Double-click and set the value to 0
5.2 Disable Credential Guard (if exists)
Continue in the registry and navigate to:
1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard |
If an Enabled key exists, set its value to 0
5.3 🔥 Disable Windows Hello VBS Dependency (24H2 Required!)
This is the critical step that most tutorials miss!
Navigate to:
1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello |
Find Enabled (DWORD 32-bit value) and set its value to 0
Important Notes:
- After disabling this, you can still use Windows Hello normally (including PIN login)
- Windows Hello simply no longer uses VBS as its security backend
- This does not affect your daily usage experience
Step 6: Restart Your Computer
Close Registry Editor and restart your computer.
Step 7: Verify Results
After reboot:
- Press
Win + R
, typemsinfo32
, press Enter - Check if “Virtualization-based security” shows “Not enabled”
- Open VMware Workstation and try starting a virtual machine
- The “AMD-V/VT-x not supported” error should no longer appear
FAQ
Q1: Why does VBS automatically re-enable after reboot?
A: Most likely because you didn’t disable the Windows Hello VBS dependency. This is a hidden mechanism added in 24H2 that must be manually disabled in the registry:
1 | HKEY_LOCAL_MACHINE\...\DeviceGuard\Scenarios\WindowsHello\Enabled = 0 |
Q2: Can I still use Windows Hello and PIN login after disabling?
A: Yes! Disabling the Windows Hello VBS dependency doesn’t affect Windows Hello functionality itself - it just prevents it from using VBS as a security layer.
Q3: Do I need to disable virtualization in BIOS?
A: No! Absolutely not! Disabling virtualization in BIOS will make VMware completely unable to run. The correct approach is:
- ✅ Enable virtualization in BIOS (AMD-V or Intel VT-x)
- ❌ Disable VBS and Hyper-V in Windows
Q4: What are the security risks of disabling VBS?
A: VBS provides an additional security protection layer. After disabling:
- Some advanced security features will be disabled (like Credential Guard)
- Malware protection capabilities will be slightly reduced
- But for ordinary users with good security habits, the impact is minimal
If your computer is primarily used for development, virtualization testing, etc., the performance gains from disabling VBS usually outweigh the security loss.
Q5: What about games (like VALORANT) that require VBS?
A: Some games’ anti-cheat systems (like Riot Vanguard) do rely on VBS. You need to choose between:
- Enable VBS → Can play these games, but VMware won’t work
- Disable VBS → VMware works, but these games won’t run
There’s no perfect solution unless you use dual-boot.
Q6: I have Windows 11 Home, which doesn’t have Group Policy Editor. What should I do?
A: No problem. This tutorial’s methods are entirely based on command line and registry - no Group Policy Editor needed. Home edition works fine.
Registry Modification Summary (Quick Reference)
If you want to directly see the registry locations that need modification, here’s the complete list:
Registry Path | Key Name | Value | Description |
---|---|---|---|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard |
EnableVirtualizationBasedSecurity |
0 |
Disable VBS main switch |
HKEY_LOCAL_MACHINE\...\DeviceGuard\Scenarios\CredentialGuard |
Enabled |
0 |
Disable Credential Guard |
HKEY_LOCAL_MACHINE\...\DeviceGuard\Scenarios\WindowsHello |
Enabled |
0 |
Disable Windows Hello VBS dependency (24H2 critical) |
All value types are DWORD (32-bit) Value.
Understanding the 24H2 Documentation Gap
The Windows Hello VBS dependency introduced in 24H2 represents a significant architectural change. This specific registry setting (DeviceGuard\Scenarios\WindowsHello
) is not prominently mentioned in the mainstream documentation, which has led to confusion among users following traditional VBS disabling methods.
Community forums and discussions (such as on Reddit and Microsoft Q&A) have been instrumental in identifying this requirement. This tutorial consolidates those findings to provide a complete solution.
Conclusion
The VBS disabling process in Windows 11 24H2 is more complex than before, but with the correct steps, it can be completely disabled.
Key Points Summary:
- BIOS virtualization must remain enabled ✅
- Windows VBS must be completely disabled ❌
- Must disable Windows Hello VBS dependency (new in 24H2) ❌
- Verify results after reboot
If you have any questions, feel free to discuss in the comments. Happy virtualizing!
References: