How to enable VBS from UEFI in Windows step by step

Virtualization-based security (VBS) enhances system protection.
Enabling VBS requires UEFI and TPM 2.0 compatible hardware.
It can be enabled from the BIOS, Windows Registry, and Group Policy.
There are methods to verify if VBS is activated correctly.

La virtualization-based security (VBS) in Windows is a feature that enhances system protection by creating a secure and isolated environment. But for Enable VBS from UEFI and to take advantage of this feature, it is necessary to meet certain hardware and configuration requirements in the operating system.

In this article we explore in detail how to activate Virtualization-Based Security from UEFI, what steps to follow to check its status and how to resolve possible issues during configuration.

What is Virtualization-Based Security (VBS)?

Virtualization-Based Security (VBS) is a Windows security technology which uses the system's hypervisor to create a secure environment within memory. This helps protect critical system data from potential threats. This featurestrengthens kernel security and limits access to unauthorized processes.

One of the key components of VBS is the Integrity of Memory, which prevents the execution of malicious code by checking the validity of drivers and system files before allowing them to run.

Exclusive content - Click Here How can I create a reminder in Google Keep?

Requirements to activate VBS

Before enabling VBS from UEFI, make sure your computer meets the following requirements:

UEFI Firmware: : It is necessary that the BIOS is set to UEFI mode instead of Legacy.
TPM 2.0: The Trusted Platform Module must be enabled in the BIOS.
Secure Boot: This BIOS option must be enabled.
DMA Protection: Improves security by limiting access to external devices.

Aside from this, to check if your system is compatible with VBS, you need to follow these steps:

Use the keyboard shortcut Win + R, writes msinfo32 and press Enter.
Look for the section «Virtualization-based security«. If it shows as «Running», then it is already activated.

If you want to learn more about how to enable virtualization on your system, you can check out our guide on Enable hardware virtualization in Windows 11.

types of bios

How to enable VBS from the BIOS (UEFI)

To enable VBS from UEFI (from BIOS), follow these steps:

Restart your computer and access the BIOS by pressing F2, F10, Del or Esc, depending on the manufacturer.
In the settings menu, look for the option “Start Mode» and changes to UEFI if you are still in Legacy mode.
Locate the option "TPM 2.0» and activate it if it is not enabled.
Enable the option «Secure Boot«.
Save the changes and restart the computer.

Exclusive content - Click Here How to convert a sentence to uppercase with Minuum?

Enable VBS from the Windows Registry

If you prefer to enable VBS using the Windows' register, perform the following steps:

Press Win + R, writes regedit and press Enter.
Navigate to the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
Find or create a DWORD value named "EnableVirtualizationBasedSecurity» and assigns the value 1.
In the same location, adjust "RequirePlatformSecurityFeatures" at 3 (for secure boot and DMA protection).
Save the changes and restart your computer.

Configuring VBS Using Group Policy

System administrators can also enable VBS using Group Policy:

Open the Group Policy Editor typing gpedit.msc in the start menu.
then go to Team setup.
There we select Administrative Templates > System > Device Guard.
Open the option «Enable virtualization-based security»And select«Able«.
From the drop-down list, choose “Enabled with UEFI lock«.
Save the changes and restart the computer.

How to check if VBS is active

There are several methods to confirm whether VBS has been activated correctly:

Using msinfo32, looking for the "Virtualization-Based Security" section. If it's in "Running" mode, then it's active.
Using PowerShell, running the following command in PowerShell with administrator permissions: (Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).SecurityServicesRunning.If the output shows "2«, means that VBS is running.
With the Event ViewerOpen eventvwr.msc and go to "Windows Logs > System." Filter by "WinInit" to see if VBS has been successfully enabled.

Exclusive content - Click Here How to display recent emojis on symbol keyboard with Fleksy?

Enable VBS from UEFI — How to enable VBS from UEFI in Windows

Troubleshooting VBS Activation

If you encounter problems when trying to activate VBS from UEFI, try the following solutions:

TPM 2.0 disabled: Enter the BIOS and make sure it is enabled.
Legacy Mode in BIOS: Change the settings to UEFI.
The system does not load after activation: Disable VBS from Registry or Group Policy and reboot.
incompatible drivers: Update drivers from Device Manager.

By following these steps correctly, you should be able to enable VBS from UEFI, i.e. enable the virtualization-based security seamless. This technology is a crucial tool for enhancing your system's protection against advanced threats.

Daniel Terrasa

Editor specialized in technology and internet issues with more than ten years of experience in different digital media. I have worked as an editor and content creator for e-commerce, communication, online marketing and advertising companies. I have also written on economics, finance and other sectors websites. My work is also my passion. Now, through my articles in Tecnobits, I try to explore all the news and new opportunities that the world of technology offers us every day to improve our lives.