I'm on a freshly installed Windows 11 Pro 24H2 and I want to run a VM with VirtualBox. When I start up the VM, in the lower right corner a little turtle icon is displayed and the VM runns dead-slow.
The Logs say at one point:
HM: HMR3Init: Attempting fall back to NEM: AMD-V is not available
But virtualization features of my CPU are enabled in BIOS.
And further down in the logs:
NEM: NEMR3Init: Snail execution mode is active!
NEM: Note! VirtualBox is not able to run at its full potential in this execution mode.
NEM: To see VirtualBox run at max speed you need to disable all Windows features
NEM: making use of Hyper-V. That is a moving target, so google how and carefully
NEM: consider the consequences of disabling these features.
At that point, I thought that Hyper-V is active and blocking VirtualBox from using the Virtualization features of my CPU.
I first ran msinfo32 to to check if Hyper-V, WSL2, Containers or Virtualization Based Security are enabled. But it said only "A hypervisor has been detected. Features required for Hyper-V will not be displayed."
I still went through the usual steps to disable all Virtualization-Based features (I know of):
- Memory Integritiy: turned off
- Hyper-V: None of the following features are installed
- Hyper-V
- Virtual Machine Platform
- Windows Hypervisor Platform
- Windows Sandbox
I even uninstalled them with powershell (even thoguh I never installed them in the first place):
Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All
Disable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform
Disable-WindowsOptionalFeature -Online -FeatureName Windows-Hypervisor-Platform
Disable-WindowsOptionalFeature -Online -FeatureName Containers-DisposableClientVM
Then I set all boot options to not include any Virtualization functions:
bcdedit /set hypervisorlaunchtype off
bcdedit /set nx OptIn
bcdedit /debug off
bcdedit /set isolatedcontext No
bcdedit /set vsmlaunchtype Off
I read somewhere that "Credential Guard" also might do some Virtualization things, some article said, it could be disabled by editing the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa adding a value called LsaCfgFlags (DWORD 32bit) with the value 0.
Checking that, I found out that this value was already set this way.
Then I installed VirtualBox to make sure that no hypervisor at all was on that machine.
Shut down the computer (even did the unplug and wait 10 seconds thing). After the reboot, still "A hypervisor has been detected"
Some googling brought up some commands to check the hypervisor status:
And the command sc query hvservice returned:
SERVICE_NAME: hvservice
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
By now, I have no clue what that Hypervisor is and I'm out of ideas. Note that I have not (knowingly) installed any other Hypervisor (such as VMWare), usually VirtualBox is my primary choice.
Edit
Here are some Screenshots (System Language is German, translations provided) msinfo32 It says that Virtualization-based security is Running.
Group Policy To Disable Virtualization Based Security The policy "Virtualisierungsbasierte Sicherheit aktivieren" = "Enable virtualization-based security" is set to "Deaktiviert" = "Disabled".
Windows Features No checkmarks at "Hyper-V" (or any sub-elements), "Virtual Machine Platform", "Windows Hypervisor Platform", "Windows Subsystem for Linux" or "Windows Sandbox".
Core Isolation in Windows Security Settings Is disabled, the red text "Die Einstellung wird vom Administrator verwaltet" means "This setting is managed by an Administrator" this is most likely, because this is disabled via Group Policy.
Edit 2
I managed to find the setting to enable/disable AMD-V in my BIOS (MSI somehow hides that under Overclocking). When I disable it and boot into Windows, virtualization-based security is disabled (due to lack of Hardware support). Sadly, after I turn it on again (because I'd like run a VM), virtualization-based security is automatically active again.
