Share via

Understanding Virtualization-Based Security in Windows 10/11 Home Editions

J S 0 Reputation points
2025-01-11T20:20:19.8566667+00:00

Im confused regarding how VBS operates in Windows 10 and 11 Home editions, since resources indicate that VBS requires the Windows hypervisor to create an isolated environment, while other resources imply that Hyper-V, so the Hypervisor (or is there the subtle difference?) isn't available on Home editions.

According to several official Microsoft documentation links, such as
VBS Overview and Enable virtualization-based protection of code integrity,
VBS depends on a hypervisor. However, it seems contradictory since Hyper-V should not be accessible on Home editions, as detailed in Enable Hyper-V.

I did some testing myself and for Memory Integrity (the thing you can enable in the windows security app) i noticed, that it can be enabled on my Windows 11 Home laptop. Since according to Device Security in the Windows Security App its aquivalent to HVCI, it implies a Hypervisor is running, doesn't it?

Also in running a PowerShell command: (found here Enable virtualization-based protection of code integrity)

Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard

I found that the output confirms VBS is enabled on my device, with VirtualizationBasedSecurityStatus showing a value of 2.

It raises the question of how VBS could function without the hypervisor, especially considering mechanisms like SLAT initialization and VTLs need it, as stated in the Windows Internals book part 2 which i read.

So, is the Hypervisor still present in windows 10/11 home editions, to ensure VBS mitigations? Or is there another trick here? Could it be, that the Hypervisor is still present, but the rest of the whole Hyper-V features, like creating children partitions, not?

Thanks for any input!

Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,789 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,975 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ian Xue 38,851 Reputation points Microsoft Vendor
    2025-01-14T03:41:02.35+00:00

    Hi J S,

    Thanks for your post. Based on the official article, Virtualization-based security, or VBS, uses hardware virtualization and the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. The hypervisior doesn’t point to the Hyper-V, just an isolated environment. One such example security solution is memory integrity, which protects and hardens Windows by running kernel mode code integrity within the isolated virtual environment of VBS. Kernel mode code integrity is the Windows process that checks all kernel mode drivers and binaries before they're started, and prevents unsigned or untrusted drivers or system files from being loaded into system memory. Memory integrity also restricts kernel memory allocations that could be used to compromise the system, ensuring that kernel memory pages are only made executable after passing code integrity checks inside the secure runtime environment, and executable pages themselves are never writable. That way, even if there are vulnerabilities like a buffer overflow that allow malware to attempt to modify memory, executable code pages cannot be modified, and modified memory cannot be made executable.

    Reference: Enable memory integrity | Microsoft Learn

    Best Regards,

    Ian Xue

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.