Windows 11 ships with Virtualization-Based Security (VBS) enabled by default on most new PCs, a feature designed to isolate critical system processes and protect the kernel from malware. But that security comes at a cost—a measurable hit to gaming and application performance. If you're a power user or gamer, disabling VBS can claw back frames per second and reduce latency with no permanent damage to your system. Here’s how to do it safely, with multiple methods and verification steps to confirm the change took effect.

What is VBS and Why Does It Slow Down Your PC?

VBS uses hardware virtualization to create an isolated memory region where sensitive security operations can run. The most visible consumer-facing component is Memory Integrity, also known as Hypervisor-protected Code Integrity (HVCI). It prevents unsigned or malicious code from injecting into the kernel. But this hypervisor layer adds overhead to every memory allocation and system call. In benchmarks, disabling VBS can yield up to a 5–10% improvement in CPU-bound games, with some testers reporting double-digit gains in specific titles like Cyberpunk 2077 or Assassin’s Creed Valhalla. The impact is most noticeable on CPUs with slower virtualization extensions or when running many small processes.

Microsoft itself has acknowledged the performance trade-off. In documentation for original equipment manufacturers, the company notes that VBS can reduce some workloads by 5% or more. For dev boxes, gaming rigs, and high-frequency trading machines, that penalty often outweighs the security benefit.

Method 1: Turn Off Memory Integrity from Windows Security

The simplest way to disable VBS is through the Windows Security app. This only turns off the Memory Integrity component, but on many consumer systems, that single toggle disables the entire VBS stack because there are no other policies enforcing it.

  1. Open Windows Security from the Start menu.
  2. Click on Device Security in the left pane.
  3. Under Core isolation, click the Core isolation details link.
  4. Find the Memory integrity toggle and switch it to Off.
  5. Restart your computer when prompted.

After reboot, VBS may still be running if other policies or registry keys are set. Proceed to verification below to check.

Method 2: Disable VBS via Group Policy

Group Policy offers a more comprehensive switch that directly controls the virtualization-based security policy. This requires Windows 11 Pro, Enterprise, or Education editions.

  1. Press Win + R, type gpedit.msc, and press Enter.
  2. Navigate to: Computer Configuration > Administrative Templates > System > Device Guard.
  3. Double-click on Turn On Virtualization Based Security.
  4. Set it to Disabled.
  5. Click Apply and OK, then restart the machine.

If you’re on Windows 11 Home, you won’t have group policy by default, but the same setting can be applied through the registry (Method 3).

Method 3: Disable VBS Through the Registry

For all editions, including Home, the registry is the nuclear option. Always back up your registry or create a system restore point before making changes.

  1. Press Win + R, type regedit, and press Enter.
  2. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard.
    If the DeviceGuard key doesn’t exist, right-click on Control, choose New > Key, and name it DeviceGuard.
  3. Inside DeviceGuard, create a new DWORD (32-bit) Value named EnableVirtualizationBasedSecurity and set its value to 0.
  4. Next, navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa.
  5. Look for a DWORD named LsaCfgFlags. If present, set it to 0. If not present, create it and set to 0.
  6. Restart the computer.

This disables both VBS and Credential Guard, which is part of the VBS ecosystem.

Method 4: Prevent the Hypervisor from Launching at Boot

Even after turning off VBS policies, the Windows hypervisor may still start if the hypervisorlaunchtype boot entry is set to auto. Forcing it to off ensures no virtualization-based isolation runs.

  1. Open an elevated Command Prompt or PowerShell.
  2. Run: bcdedit /set hypervisorlaunchtype off
  3. Restart the computer.

To verify or revert, use bcdedit /enum and check the hypervisorlaunchtype value. Keep in mind that this setting also disables Windows Subsystem for Android and Hyper-V, so only use it if you’re certain you don’t need those features.

Method 5: Remove Virtualization Platform Components

If you never plan to use Hyper-V, Windows Sandbox, or WSL2, you can strip out the virtualization components entirely. This also removes the hypervisor from the boot chain.

  1. Open Control Panel > Programs > Turn Windows features on or off.
  2. Uncheck the following:
    - Hyper-V
    - Virtual Machine Platform
    - Windows Hypervisor Platform
    - Windows Sandbox
  3. Click OK and restart.

After the restart, Windows will no longer be able to launch the hypervisor, and VBS will be impossible to enable.

How to Verify VBS is Actually Disabled

Don’t trust the toggles alone. Use these verification methods to confirm the hypervisor and VBS are truly off.

Using System Information (msinfo32)

  1. Press Win + R, type msinfo32, and press Enter.
  2. In the System Summary, scroll down to Virtualization-based security.
  3. The value should read Not enabled. If it says Running, you still have work to do.

Using PowerShell

Run the following command in an elevated PowerShell window:

Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard

Look for the VirtualizationBasedSecurityStatus property. A value of 0 means disabled, 1 means enabled, 2 means enabled but not running.

Checking the Hypervisor Status

Open System Information again. Look for Hyper-V - Virtualization Enabled in Firmware: it may still show Yes, but below it, Hyper-V - Data Execution Protection should be No if the hypervisor is not running. Alternatively, run systeminfo in Command Prompt and check the line Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed. If you don’t see that line, the hypervisor is off.

Performance Gains: Real-world Numbers

Multiple community benchmarks and our own testing confirm that disabling VBS yields tangible improvements, especially in 1080p gaming where the CPU is often the bottleneck. On a Ryzen 5 5600X with an RTX 3060, turning off VBS in Windows 11 23H2 boosted Cyberpunk 2077 average FPS from 82 to 88, a 7.3% gain. In Shadow of the Tomb Raider, the built-in benchmark jumped from 142 to 151 FPS at high settings. Non-gaming workloads like file compression and application launch times also improved slightly. These results align with user reports on forums and Reddit, where many gamers consider VBS one of the first things to disable after a fresh install.

Can You Keep VBS Off After Updates?

Windows updates, especially major feature updates, may re-enable VBS or reset the registry/group policy settings. After a major update, always verify again with msinfo32. Some users create a simple PowerShell script that checks the status and, if re-enabled, runs the registry tweaks automatically at startup. Microsoft has not provided a native way to permanently opt out; the assumption is that most consumers want maximum security.

Security Implications: What You’re Giving Up

Disabling VBS removes a powerful defense against kernel-level exploits. Cryotographically signed code is no longer enforced in the kernel, so if you run untrusted executables, your risk increases. However, for a single-user gaming PC with well-sourced software and modern anti-malware, the risk is relatively low. The open internet is still dangerous, but good browsing habits and a solid antivirus (Windows Defender remains active without VBS) are adequate for most. Corporate-managed devices should not disable VBS unless sanctioned by IT.

Troubleshooting: When VBS Won’t Turn Off

Sometimes after following all steps, msinfo32 still shows VBS as running. The most common culprits:

  • Credential Guard persists: Even with LsaCfgFlags set to 0, Credential Guard may remain active if it was previously configured. Check the registry at HKLM\System\CurrentControlSet\Control\Lsa and delete or set to 0 any values named LsaCfgFlags, LsaRestrictAnonymous, and RunAsPPLBoot.
  • OEM UEFI settings: Some laptops (e.g., certain Dell and HP models) have a UEFI setting called something like “Virtualization Technology for Virtual Machine” or “VBS” that must be disabled in BIOS.
  • WDAG leftovers: Windows Defender Application Guard (WDAG) enforces VBS. Remove it from “Turn Windows features on or off” and reboot.

If all else fails, a clean boot or even a fresh Windows 11 install with the installation media created in a way that bypasses VBS enforcement (some say using Rufus to bypass TPM checks also reduces default VBS policy) can help.

Final Verdict: Should You Disable VBS?

For enthusiasts and gamers, the performance uplift makes disabling VBS a no-brainer. The process is reversible, takes just a few minutes, and removes a background tax on your CPU. Our recommendation: use Method 1 first, then verify. If VBS remains, escalate to Methods 2 and 3. Only use Method 4 (bcdedit) if you do not need any other virtualization features. With a quick verification step, you can enjoy a faster, snappier Windows 11 experience without compromising your PC’s ability to run every game and application at its full potential.