[Bug]: VBS #596
Description
Description
Privacy over Security > Disable Defender > Disable system modification restrictions > > Disable VBS (revert) doesnt work
To fix
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
Add the DWORD > Enabled > 1 (value of 1)
How can the bug be recreated?
- Disable VBS
- Disable VBS (revert)
- Check msinfo32 (Windows + R(
- Must restart after applying
Operating system
23h2 iot 22631.6060
Script file
@echo off
:: https://privacy.sexy — v0.13.8 — Fri, 24 Oct 2025 12:29:02 GMT
:: Ensure PowerShell is available
where PowerShell >nul 2>&1 || (
echo PowerShell is not available. Please install or enable PowerShell.
pause & exit 1
)
:: Ensure admin privileges
fltmc >nul 2>&1 || (
echo Administrator privileges are required.
PowerShell Start -Verb RunAs '%0' 2> nul || (
echo Right-click on the script and select "Run as administrator".
pause & exit 1
)
exit 0
)
:: Initialize environment
setlocal EnableExtensions DisableDelayedExpansion
:: ----------------------------------------------------------
:: -------Disable virtualization-based security (VBS)--------
:: ----------------------------------------------------------
echo --- Disable virtualization-based security (VBS)
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!EnableVirtualizationBasedSecurity"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'EnableVirtualizationBasedSecurity' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!EnableVirtualizationBasedSecurity"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data = '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'EnableVirtualizationBasedSecurity' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!RequirePlatformSecurityFeatures"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'RequirePlatformSecurityFeatures' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!RequirePlatformSecurityFeatures"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data = '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'RequirePlatformSecurityFeatures' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!Locked"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'Locked' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!NoLock"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data = '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'NoLock' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!Unlocked"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data = '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'Unlocked' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity!Locked"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity' /v 'Locked' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!RequireMicrosoftSignedBootChain"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'RequireMicrosoftSignedBootChain' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity!Enabled"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!HypervisorEnforcedCodeIntegrity"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data = '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'HypervisorEnforcedCodeIntegrity' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!Mandatory"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'Mandatory' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity!HVCIMATRequired"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity' /v 'HVCIMATRequired' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!HVCIMATRequired"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data = '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'HVCIMATRequired' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: ----------------------------------------------------------
:: Pause the script to view the final state
pause
:: Restore previous environment settings
endlocal
:: Exit the script successfully
exit /b 0
Screenshots
No response
Additional information
No response