How to disable Windows VBS to gain CPU performance

disable Windows VBS to gain CPU performance

The arrival of Windows 11 to our computers has brought several interesting news. Among these is the use of hardware virtualization in the most advanced CPUs to provide an additional layer of security, but its use involves a reduction in performance. With this tutorial you can deactivate VBS and win what you lost on your PC, especially in Windows 11.

One of Microsoft’s obsessions with its new version of Windows has to do with security and the goal of achieving a reliable computing environment, which is important in corporate and business environments where a large amount of sensitive and private data is handled. Specifically, they recommend that manufacturers and assemblers of new computers sell them with VBS enabled by default, which prevents malicious code from being executed that fails the code integration checks due to the fact that they pose as reliable applications and drivers. .

Windows 11 Intel AMD performance

Any extra security is always good, the problem comes when that extra security turns into a considerable loss of performance in the CPUs, especially if you use a first generation AMD Ryzen, the 1000 series, or an Intel Core 10 or earlier. If we have the case of using relatively modern hardware you can lose 5% of performance, but as we go further into the past we can see performance cuts by 28%.

Microsoft currently allows gaming PCs that ship with Windows 11 to be sold with VBS and HVCI disabled, but we may have purchased a pre-built computer not originally designed for gaming and converted for gaming or simply upgraded. from Windows 10.

What are VBS and HVCI?

VBS Windows Architecture

In its simplest definition, what VBS does is use hardware virtualization capabilities to create a region within memory that is completely isolated from the rest of the system. In other words, it makes use of the capabilities that allow us to run other operating systems through a hypervisor, but not to run an entire system, but to run certain functions of Windows 10 and later in said isolated environment.

One way to break security is through hardware drivers, because they serve to communicate the programs with the different physical components of the computer, many of them have a much higher level of privileges than a normal program and a programmer with bad intentions it can take advantage of this and pass malicious applications as drivers.

Diagram VBS Windows disable

In order to gain an additional level of security, use is made of the Hypervisor-Enforced Code Integrity or HVCI that makes use of Virtualization-based Security or VBS in Windows to check if the code is malicious or not. How? Well, in the same way that a gunner can explode a bomb in a controlled environment, the same is done here: the malicious driver is executed in a separate environment that cannot affect the rest of the system. Another feature is to assign the memory environment of the TPM module to store the key credentials for the use of certain sensitive actions such as the user’s personal and banking data.

Of course, this means having to run an additional environment that cuts resources to the processor that we are going to want to have available for our applications. Let’s see below how to disable this feature of Windows 11 and regain lost power.

How to know if VBS is enabled?