Fully disable VBS

Atlas-OS · Dec 5, 2024 · 70151ee · 70151ee
1 parent dad2711
commit 70151ee
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/src/playbook/Executables/AtlasDesktop/7. Security/Core Isolation (VBS)/Disable VBS.reg b/src/playbook/Executables/AtlasDesktop/7. Security/Core Isolation (VBS)/Disable VBS.reg
@@ -0,0 +1,7 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
+"Enabled"=dword:00000000
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
+"EnableVirtualizationBasedSecurity"=dword:00000000
diff --git a/src/playbook/Executables/AtlasDesktop/7. Security/Core Isolation (VBS)/Enable VBS.reg b/src/playbook/Executables/AtlasDesktop/7. Security/Core Isolation (VBS)/Enable VBS.reg
@@ -0,0 +1,7 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
+"Enabled"=dword:00000001
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
+"EnableVirtualizationBasedSecurity"=dword:00000001
diff --git a/src/playbook/Executables/AtlasModules/Scripts/ScriptWrappers/ConfigVBS.ps1 b/src/playbook/Executables/AtlasModules/Scripts/ScriptWrappers/ConfigVBS.ps1
@@ -14,11 +14,7 @@ if ($DisableAllVBS) {
 	Write-Warning "Disabling VBS features..."
 
 	# Memory Integrity
-	if (Test-Path $memIntegrity) {
-		New-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 0 -PropertyType DWORD -Force
-		Remove-ItemProperty -Path $memIntegrity -Name "ChangedInBootCycle" -EA 0
-		Remove-ItemProperty -Path $memIntegrity -Name "WasEnabledBy" -EA 0
-	}
+	New-ItemProperty -Path $memIntegrity -Name "Enabled" -Value 0 -PropertyType DWORD -Force # Need to be forced since Windows 11 24H2
 
 	# Kernel-mode Hardware-enforced Stack Protection (Windows 11 only)
 	if (Test-Path $kernelShadowStacks) {
@@ -36,6 +32,9 @@ if ($DisableAllVBS) {
 
 	# LSA Protection (24H2 only)
 	New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "RunAsPPL" -Value 0 -PropertyType DWORD -Force
+
+	# VBS General setting (24H2 only) https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-deviceguard-unattend-enablevirtualizationbasedsecurity
+	New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard" -Name "EnableVirtualizationBasedSecurity" -Value 0 -PropertyType DWORD -Force
 	exit
 } elseif ($EnableMemoryIntegrity) {
 	Write-Warning "Enabling memory integrity..."