[Solved] Turn off VBS 100% Solved (Device Guard, Credntial Guard)

Other
2024.11.04

Buy Me a Coffee

Time it takes to read this article 2 minutes.

Step 1. Turn off Credential Guard

  • Download the DG Readiness powershell script: dgreadiness_v3.6.zip
  • Run the script with the -Disable argument
  • Reboot your computer and disable Windows Credentials Guard and VBS
  • Uninstall the Hyper-V feature from the Control Panel
  • Open an administrator command prompt and type: bcdedit.exe /set hypervisorlaunchtype off

dgreadiness_v3.6.zip: https://www.microsoft.com/en-us/download/details.aspx?id=53337

Open a command prompt with administrator privileges, open Powershell with the -ep bypass argument, and run the script.

C:\Windows\System32>powershell -ep bypass
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows

PS C:\Windows\System32> DG_Readiness_Tool_v3.6.ps1 -Disable
PowerShell

Step 2. Turn off Device Guard

Follow the steps above to open a command prompt with administrator and turn off Device Guard with the following command:

mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d
PowerShell

References: https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/configure?tabs=intune

Step 3. Modfiy group policy

Finally, modify the group policy.

Computer Configuration > Administrative Templates > System > Device Guard > Turn Off Virtualization Based Security > Disabled

Step 4. Disable Windiwos Dedender Core isolation

Disable Windows Defender Core isolation.

Setting > Privacy & Security > Windows Security > Device Security > Core isolation > Core isolation details > Off

Step 5. Config BIOS

If the above steps do not turn off VBS, turn on only VT-d or AMD-V in the BIOS settings.

Step 6. Reboot

Reboot your computer.

Step 6. Check VBS

Type msinfo.

If successful, it will “Not enabled”.

Comments

Copied title and URL