Windows Virtualization-based Security (VBS) service Hypervisor-Protected Code Integrity (HVCI) is not running on ESXi 7.0.3
search cancel

Windows Virtualization-based Security (VBS) service Hypervisor-Protected Code Integrity (HVCI) is not running on ESXi 7.0.3

book

Article ID: 313267

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:

Windows Virtualization-based Security (VBS) service Hypervisor-Protected Code Integrity (HVCI) is not listed in the running services in System Information (msinfo32) in Windows VM running on ESXi 7.0.3 when “Require UEFI Memory Attributes Table” is selected in guest OS.


Environment

VMware vSphere ESXi 7.0.3

Cause

The virtual EFI firmware does not provide NX information correctly to the guest OS.

Resolution

The issue has been resolved in VMware vSphere 7.0 Update 3l.


Workaround:

To workaround the issue, please follow the below mentioned steps:

Option1: When enabling HVCI via local group policy, do not select “Require UEFI Memory Attributes Table”.
  1. Open Windows VM console and login.
  2. Open Local Group Policy Editor by typing gpedit.msc.
  3. Select Computer Configuration -> Administrative Templates -> System -> Device Guard, double click “Turn On Virtualization Based Security”, when enabling “Virtualization Based Protection of Code Integrity”, do not select “Require UEFI Memory Attributes Table”.
Option 2: Install patch ESXi 7.0 Update 3l.

Powered by Wolken Software