Can't disable Virtualization-based security

[RayJW]

So basically my issue started some time back when I tried to get stuff done in my VM. I just ignored the issue because I didn't have the time to dive deeper into the topic but now it's messing with me everywhere.

I need to disable it for VMs, Ryzen Master, Nox and more, so I would love to get some help on that.

So far I've tried disabling it in the Group Policy Manager, in the registry, uninstalling Hyper-V and disabling my AMD TPM. Nothing so far has got it disabled so far. The weird thing is that it says that VBS is turned on in device security in the Windows Defender Application but when I go into the actual tab core isolation the switch for memory integrity is turned off and if I try to turn it on I get an error which says there might be an incompatibility issue on my device.

I have tried just about every guide I found so far and it just won't disable for the love of god.

I'm running a manually overclocker Ryzen 7 1700, MSI B350 Gaming Pro Carbon newest BIOS, Corsair Vengeance 32 GB clocked at 2933 MHz and the newest windows version 17763.437.

Any help would be gladly appreciated and don't be shy to ask anything you might need to help me solve it thanks :)

[Rainbow Sunbeam]

i'm having same issue - cant load vm's and or ryzen master because of it

ryzen 3 2200g 

x40 aorus gaming 5 wifi - newest bios

gskill ripgaws v 32gb ddr4 3200mhz 

asus 1050 ti 

Windows 10 pro x64 1903 build 18362.53

 

[Max Laing, D. MP]

Same here guys - I have tried everything I can think of - even added a Registry entry someone offered up as an "absolute fix" - which turned out to be not so.

 

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
DWord : EnableVirtualizationBasedSecurity : 0

 

Just uninstalled AMD Ryzen Master. Am about to reboot and re-install it to see if anything changed.

 

This is completely ridiculous since everything used to work prior to the "upgrade".

[TyBor]

For Ryzen Master to work, you have to disable virtualization in BIOS. It doesn't have anything with Hyper-V or settings in windows.

[tech.guru]

if you have virtualization based security with uefi lock you must turn off in bootloader.

see, https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage

 

Delete the following registry settings:

• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LsaCfgFlags
• HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlag
• HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity
• HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures

disable the virtualization-based security features by using bcdedit. From an elevated command prompt, type the following commands:

 

mountvol X: /s

copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y

bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader

bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"

bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}

bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS

bcdedit /set vsmlaunchtype off

bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:

mountvol X: /d

 

Disable Windows Defender Credential Guard for a virtual machine

From the host, you can disable Windows Defender Credential Guard for a virtual machine:

Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true

[Farid Yar Khan]

Just for the sake of reply solution is to use Script provided by Microsoft at https://www.microsoft.com/en-us/download/details.aspx?id=53337. This worked with me.

 

Reference from https://stackoverflow.com/questions/39858200/vmware-workstation-and-device-credential-guard-are-not-compatible/53442486#53442486?newreg=b72b97a625154822848e090aee832c70 thread.