A security setting that's on by default in Windows 11 and at least some installs of Windows 10 could be slowing performance in some by as much as 15 percent. Virtualization-based security, aka VBS, allows Windows to create a secure memory enclave that's isolated from unsafe code. Another built-in feature called Hypervisor-Enforced Code Integrity (HVCI) uses the capabilities of VBS to prevent unsigned or questionable drivers and software from getting into memory. Together VBS and HVCI add a layer of protection that limits how much damage malware can do, even if it gets past your antivirus software.
Unfortunately, VBS and HVCI have a significant performance cost, particularly when it comes to gaming. In our tests, we found that games ran as much as 15 percent slower with these settings on as with them off. This is true whether you're using an old graphics card or even a speedy RTX 4090. It used to be the case that simply upgrading from Windows 10 to 11 would not enable VBS, but lately we've seen it get turned on after updates so you should not assume that it's disabled on your system, even if you had it turned off before.
For most users and applications, the performance deltas with VBS on and off are 5 percent or less and likely not noticeable in everyday tasks such as web browsing or editing documents. However, if you want the best possible performance and are willing to sacrifice an added layer of security, here's how you disable VBS in Windows 11 or 10.
How to Check if VBS is Enabled in Windows 11 or 10
Before you start thinking about turning off VBS, you need to find out if it's on in the first place.
1. Open system information. The easiest way to do that is by searching for "system information" in Windows search and clicking the top result.
2. Scroll down to find the "Virtualization-based security" row. If it says "running," VBS is enabled. But if it says "not enabled," then you're done.
How to Disable VBS / HVCI in Windows 11 or 10
1. Search for Core Isolation in Windows search and click the top result.
2. Toggle Memory Integrity to off, if it was on. If it is not on, skip ahead to step 6.
3. Reboot your PC as prompted.
4. Check system info again to see if virtualization-based security is listed as "not enabled." If so, you are done. If not, go to step 6 where you'll disable VBS in the registry.
5. Open regedit. The easiest way is by hitting Windows + R, entering regedit in the text box and click Ok.
6. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard.
7. Open EnableVirtualizationBasedSecurity and set it to 0.
8. Close regedit and reboot your PC.
9. Check system information again to see if Virtualization Based Security is listed as "not enabled."
If VBS is still enabled try the method of disabling it below.
How to Disable Windows VBS By Uninstalling Virtual Machine
If you still see that VBS is running, you can get rid of it by uninstalling the "Virtual Machine" feature in Windows. Note, however, that if this is the feature that's enabling VBS for you, losing it may cost you the ability to run Windows Subsystem for Linux. Here's how you do it.
1. Open Turn Windows Features on or Off by searching for it.
2. Uncheck Virtual machine and click Ok.
3. Reboot your PC.
4. Check system information again to make sure virtualization based security is listed as "not enabled."
PS: If registry settings wont help, there might be an UEFI lock active. Delete secure boot keys, restart Windows and turn off the settings, then set secure boot keys.
Thank you for this. The options in the article did nothing, as core isolation was disabled and there was no such entry in the registry. Microsoft forced Virtualization on when I tried the Amazon App Store beta and didn't turn it off when the app was removed.
After this step, you gave Windows the hint to know where and how should focus data collection. (y)
you can disable virtualisation in bios or disable hyper-v in BCD, that will disable VBS just fine
you can also disable it through group policies
Computer Configuration\Administrative Templates\System\Device Guard\Turn On Virtualization Based Security , set it to disabled there
Instantly got my average CPU usage on idle drop from like 25% to 5%.