solution Contentsolution Content

SUPPORT COMMUNICATION- CUSTOMER ADVISORY

Document ID: c08184449

Version: 1

HP Consumer Notebook and Desktop PCs - Certain features in HP applications might not function due to Virtualization-Based Security (VBS) being enabled

Notice: The information in this document, including products and software versions, is current as of the release date.The document is subject to change without notice.

Release date : 30-Mar-2022

Last updated : 30-Mar-2022

DESCRIPTION
HP applications that utilize the Extreme Tuning Utility (XTU) Software Development Kit (SDK), including the OMEN Gaming Hub and HP Command Center, might not work properly if the Microsoft Virtualization-Based Security (VBS) feature is enabled.
The following issues might be exhibited in the OMEN Gaming Hub on OMEN models:
  • Undervolting feature might not work.
  • Intel Overclocking feature might not work.
  • OMEN Gaming Hub Performance Control might not work properly.
    • Manual fan speed control might not work.
    • Switching performance modes might not work.
    • A message This feature is temporarily unavailable because Microsoft Virtualization-based Security (VBS) is currently enabled on your system might display.
The following issues might be exhibited in the HP Command Center/MyHP app on HP 15 and Pavilion models:
  • Performance mode might not work.
  • Fan Control might not work.
Background: Microsoft Virtualization-based Security, or VBS, uses hardware virtualization features to create a secure environment which can host a number of security features. One area of vital system resources that VBS must protect from malicious use is processor model-specific registers, or MSRs. In order to provide a robust security platform, MSRs must be protected from misuse from malicious kernel mode code. To enforce this, VBS monitors/controls access to all MSRs and only allow kernel mode code to access MSRs. But MSR access control will cause Intel Extreme Tuning Utility (XTU) not work since it cannot access MSR to set/get processor parameter.

SCOPE
The information in this document applies to the following:
Notebook Computers:
  • HP ENVY 15-ep0000 Laptop PC series
  • HP Pavilion 15.6 inch Gaming Laptop PC 15-dk2000 series
  • HP Pavilion 15.6 inch Gaming Laptop PC 15-ec2000 series
  • HP Pavilion 17.3 inch Gaming Laptop PC 17-cd2000 series
  • HP Pavilion Gaming 15-cx0000 Laptop PC series
  • HP Pavilion Gaming 15-dk0000 Laptop PC series
  • HP Pavilion Gaming 15-dk1000 Laptop PC series
  • HP Pavilion Gaming 15-ec0000 Laptop PC series
  • HP Pavilion Gaming 15-ec1000 Laptop PC series
  • HP Pavilion Gaming 16-a0000 Laptop PC series
  • HP Pavilion Gaming 17-cd0000 Laptop PC series
  • HP Pavilion Gaming 17-cd1000 Laptop PC series
  • OMEN 15.6 inch Gaming Laptop PC 15-ek1000 series
  • OMEN 15.6 inch Gaming Laptop PC 15-en1000 series
  • OMEN 15-dc2000 Laptop PC series
  • OMEN 15-dh1000 Laptop PC series
  • OMEN 15-ek0000 Laptop PC series
  • OMEN 15-en0000 Laptop PC Series
  • OMEN 16.1 inch Gaming Laptop PC 16-b0000 series
  • OMEN 16.1 inch Gaming Laptop PC 16-b1000 series
  • OMEN 16.1 inch Gaming Laptop PC 16-c0000 series
  • OMEN 17.3 inch Gaming Laptop PC 17-ck0000 series
  • OMEN 17.3 inch Gaming Laptop PC 17-ck1000 series
  • OMEN 17-cb1000 Laptop PC series
  • OMEN by HP 15-ce000 Laptop PC series
  • OMEN by HP 15-ce100 Laptop PC series
  • OMEN by HP 15-dc0000 Laptop PC series
  • OMEN by HP 15-dc1000 Laptop PC series
  • OMEN by HP 15-dh0000 Laptop PC series
  • OMEN by HP 16.1 inch Gaming Laptop 16-k0000 series
  • OMEN by HP 16.1 inch Gaming Laptop 16-n0000 series
  • OMEN by HP 17-an000 Laptop PC series
  • OMEN by HP 17-an100 Laptop PC series
  • OMEN by HP 17-an200 Laptop PC series
  • OMEN by HP 17-cb0000 Laptop PC series
  • OMEN X by HP 17-ap000 Laptop PC series
  • OMEN X by HP 2S 15-dg0000 Laptop PC series
  • Victus by HP 16.1 inch Gaming Laptop PC 16-d0000 series
  • Victus by HP 16.1 inch Gaming Laptop PC 16-d1000 series
  • Victus by HP 16.1 inch Gaming Laptop PC 16-e0000 series
  • Victus by HP 16.1 inch Gaming Laptop PC 16-e1000 series
Desktop Computers:
  • OMEN 25L Desktop PC GT11-1000a series
  • OMEN 25L Desktop PC GT11-1000i series
  • OMEN 25L Desktop PC GT12-1000a series
  • OMEN 25L Desktop PC GT12-1000i series
  • OMEN 30L Desktop PC GT13-1000a series
  • OMEN 30L Desktop PC GT13-1000i series
  • OMEN 40L Desktop PC GT21-0000a series
  • OMEN 40L Desktop PC GT21-0000i series
  • OMEN by HP 25L Gaming Desktop PC GT14-0000a series
  • OMEN by HP 25L Gaming Desktop PC GT14-0000i series
  • OMEN by HP 25L Gaming Desktop PC GT15-0000a series
  • OMEN by HP 25L Gaming Desktop PC GT15-0000i series
  • OMEN by HP 45L Gaming Desktop PC GT22-0000a series
  • OMEN by HP 45L Gaming Desktop PC GT22-0000i series
  • OMEN by HP Obelisk Desktop PC 875-0000a series
  • OMEN by HP Obelisk Desktop PC 875-1000i series
  • OMEN Desktop PC 25L GT11-0000a series
  • OMEN Desktop PC 25L GT11-0000i series
  • OMEN Desktop PC 25L GT12-0000a series
  • OMEN Desktop PC 25L GT12-0000i series
  • OMEN Desktop PC 30L GT13-0000a series
  • OMEN Desktop PC 30L GT13-0000i series
Operating Systems:
Microsoft Windows 11
RESOLUTION
There is no single switch to turn off VBS. VBS must be turned off individually for each security application.
First, check if Virtualization-based Security is enabled by one of the Windows security features, if so, perform the appropriate method provided below to disable the option:
  1. Click Start.
  2. Click the Search field, and then type msinfo32.
  3. Click Open.
  4. On the System Information page, identify the Virtualization-Based Security Status for the impacted security features.
  5. Follow the guidelines provided below to turn off/disable VBS for the impacted Windows Security features (if VBS is enabled):
    Impacted Windows Security features and methods to disable VBS:
    To disable Hypervisor-protected code integrity (HVCI):
    1. Click Start > Settings.
    2. Click Privacy & Security > Windows Security > Device security.
    3. Locate Core Isolation, and then click Core isolation details.
    4. Switch the Memory Integrity option to Off.
    5. Close Windows.
    To disable Microsoft Defender Application Guard, Virtual Machine Platform, and Windows Hypervisor Platform:
    1. Open the Control Panel.
    2. Click Programs and Features.
    3. Click Turn Windows features on or off in the left pane.
      Windows features list opens.
    4. Locate and uncheck Microsoft Defender Application Guard, Virtual Machine Platform, and Windows Hypervisor Platform.
    5. Click OK.
    6. Close the Control Panel.
IMPORTANT: The following steps to disable Windows Credential Guard might only be required on a computer that is under a Managed Network. The steps below require editing the registry. If you believe your computer is in a managed network, or these steps are too complex, contact your IT department for support.
  caution:
The next step provides instructions for modifying the registry. Editing the registry incorrectly might cause problems that might require you to reinstall your operating system to correct. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs.
To disable Windows Credential Guard (on an IT managed network):
To disable Windows Defender Credential Guard, you can use the following set of procedures or the Device Guard and Credential Guard hardware readiness tool. If Credential Guard was enabled with UEFI Lock, then you must use the following procedure as the settings are persistent in EFI (firmware) variables and it will require physical presence at the computer to press a function key to accept the changes being made. If Credential Guard was enabled without UEFI Lock, it can be turned off by using Group Policy.
  1. If Group Policy is used, disable the Group Policy setting you used to enable Windows Defender Credential Guard ( Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security).
  2. Navigate to the registry key and delete the following registry settings:
    HKEY _LOCAL_MACHINE\System\CurrentControlSet\Control\LsaCfgFlags
    HKEY _LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
  3. If you also wish to disable Virtualization-Based Security, delete the following registry settings:
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures
    IMPORTANT: If you do not delete all required registry settings the computer might enter BitLocker Recovery. If you manually delete these registry settings, ensure you delete them all.
  4. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. Type the following commands from an elevated Command Prompt:
    mountvol X: /s
    copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
    bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
    bcdedit {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
    bcdedit /set {bootmgr} {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} Device partition=X:
    mountvol X: /d
  5. Restart the computer.

Hardware platforms affected : HP ENVY 15-ep0000 Laptop PC Configurable Material, HP ENVY 15-ep0000 Laptop PC series, HP Pavilion 15.6 inch Gaming Laptop PC 15-dk2000, HP Pavilion 15.6 inch Gaming Laptop PC 15-ec2000, HP Pavilion 17.3 inch Gaming Laptop PC 17-cd2000, HP Pavilion Gaming 15 Laptop PC (Cyprus) Configurable Material, HP Pavilion Gaming 15 Laptop PC (Duskers) Configurable Material, HP Pavilion Gaming 15-cx0000 Laptop PC, HP Pavilion Gaming 15-dk0000 Laptop PC, HP Pavilion Gaming 15-dk1000 Laptop PC series, HP Pavilion Gaming 15-ec0000 Laptop PC series, HP Pavilion Gaming 15-ec1000 Laptop PC series, HP Pavilion Gaming 16 Laptop PC (Nimbatus) Configurable Material, HP Pavilion Gaming 16-a0000 Laptop PC series, HP Pavilion Gaming 17 Laptop PC (Mallorca) Configurable Material, HP Pavilion Gaming 17-cd0000 Laptop PC, HP Pavilion Gaming 17-cd1000 Laptop PC series, OMEN 15 Laptop PC (Starmade) Configurable Material, OMEN 15 Laptop PC Configurable Material, OMEN 15-dc2000 Laptop PC series, OMEN 15-dh1000 Laptop PC series, OMEN 15-ek0000 Laptop PC series, OMEN 15-en0000 Laptop PC Series, OMEN 15.6 inch Gaming Laptop PC 15-ek1000, OMEN 15.6 inch Gaming Laptop PC 15-en1000, OMEN 16.1 inch Gaming Laptop PC (Ralph) Configurable Material, OMEN 16.1 inch Gaming Laptop PC (Vanellope) Configurable Material, OMEN 16.1 inch Gaming Laptop PC 16-b0000, OMEN 16.1 inch Gaming Laptop PC 16-b1000, OMEN 16.1 inch Gaming Laptop PC 16-c0000, OMEN 17-cb1000 Laptop PC series, OMEN 17.3 inch Gaming Laptop PC 17-ck0000, OMEN 17.3 inch Gaming Laptop PC 17-ck1000, OMEN 17.3 inch Gaming Laptop PC Configurable Material, OMEN 25L Desktop PC GT11-1000a, OMEN 25L Desktop PC GT11-1000i, OMEN 25L Desktop PC GT12-1000a, OMEN 25L Desktop PC GT12-1000i, OMEN 25L/30L Desktop PC (OrisaA) Configurable Material, OMEN 30L Desktop PC Configurable Material, OMEN 30L Desktop PC Configurable Material (Orisa30A), OMEN 30L Desktop PC GT13-1000a, OMEN 30L Desktop PC GT13-1000i, OMEN Desktop PC (OrisaI) Configurable Material, OMEN Desktop PC 25L GT11-0000a, OMEN Desktop PC 25L GT11-0000i, OMEN Desktop PC 25L GT12-0000a, OMEN Desktop PC 25L GT12-0000i, OMEN Desktop PC 30L GT13-0000a, OMEN Desktop PC 30L GT13-0000i, OMEN Obelisk Desktop PC (TracerA) Configurable Material, OMEN X by HP 17-ap000 Laptop PC, OMEN X by HP 2S 15 Laptop PC (DRX) Configurable Material, OMEN X by HP 2S 15-dg0000 Laptop PC series, OMEN by HP 15 Laptop PC (Gamora) Configurable Material, OMEN by HP 15 Laptop PC (Milos) Configurable Material, OMEN by HP 15-ce000 Laptop PC series, OMEN by HP 15-ce100 Laptop PC series, OMEN by HP 15-dc0000 Laptop PC series, OMEN by HP 15-dc1000 Laptop PC series, OMEN by HP 15-dh0000 Laptop PC series, OMEN by HP 16.1 inch Gaming Laptop 16-k0000, OMEN by HP 16.1 inch Gaming Laptop 16-k0000 Configurable Material, OMEN by HP 16.1 inch Gaming Laptop 16-n0000, OMEN by HP 16.1 inch Gaming Laptop 16-n0000 Configurable Material, OMEN by HP 17 Laptop PC (Santorini) Configurable Material, OMEN by HP 17-an000 Laptop PC, OMEN by HP 17-an100 Laptop PC, OMEN by HP 17-an200 Laptop PC, OMEN by HP 17-cb0000 Laptop PC, OMEN by HP 25L Gaming Desktop PC Configurable Material (LaprasA), OMEN by HP 25L Gaming Desktop PC Configurable Material (LaprasI), OMEN by HP 25L Gaming Desktop PC GT14-0000a, OMEN by HP 25L Gaming Desktop PC GT14-0000i, OMEN by HP 25L Gaming Desktop PC GT15-0000a, OMEN by HP 25L Gaming Desktop PC GT15-0000i, OMEN by HP 40L Gaming Desktop PC Configurable Material (ArtiA), OMEN by HP 40L Gaming Desktop PC Configurable Material (ArtiI), OMEN by HP 40L Gaming Desktop PC GT21-0000a, OMEN by HP 40L Gaming Desktop PC GT21-0000i, OMEN by HP 45L Gaming Desktop PC Configurable Material (ArticunoA), OMEN by HP 45L Gaming Desktop PC Configurable Material (ArticunoI), OMEN by HP 45L Gaming Desktop PC GT22-0000a, OMEN by HP 45L Gaming Desktop PC GT22-0000i, OMEN by HP Desktop PC Configurable Material, OMEN by HP Obelisk Desktop PC 875-0000a, OMEN by HP Obelisk Desktop PC 875-1000i, Victus by HP 16.1 inch Gaming Laptop PC 16-d0000, Victus by HP 16.1 inch Gaming Laptop PC 16-d0000 Configurable Material, Victus by HP 16.1 inch Gaming Laptop PC 16-d1000, Victus by HP 16.1 inch Gaming Laptop PC 16-e0000, Victus by HP 16.1 inch Gaming Laptop PC 16-e0000 Configurable Material, Victus by HP 16.1 inch Gaming Laptop PC 16-e1000

Operating systems affected : Not applicable

Software affected : Not applicable

Support Communication Cross Reference ID : IA08184449

© Copyright 2023 HP Development Company, L.P.
HP Inc. shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Additional support options

Try one of our automated tools or diagnostics
Ask a question on our HP Support Community page
Get in touch with one of our support agents

Enter a topic to search our knowledge library

What can we help you with?