Skip to content

Instantly share code, notes, and snippets.

@yzhang2907

yzhang2907/virtualbox-green-turtle.md

Created March 1, 2025 22:25
Show Gist options
  • Save yzhang2907/cdfb317c70900d4806f3e97c6a848488 to your computer and use it in GitHub Desktop.
Save yzhang2907/cdfb317c70900d4806f3e97c6a848488 to your computer and use it in GitHub Desktop.
Download ZIP
How to get rid of the green turtle icon (slow mode) for VirtualBox on Windows 11
Raw
virtualbox-green-turtle.md

How To Get Rid of Green Turtle (Slow Mode) for VirtualBox in Windows 11

Is your VM intolerably slow? Does the green turtle icon haunt the lower right corner of your screen? Well, this guide's for you, my friend.

The following steps will ask you to change your registry values, which could be dangerous if done wrong. Please read everything on this page before you proceed.

Before You Start

  1. In my experience, one or more of the steps below may cause a bluescreen on systems with BitLocker enabled.
    • You should try to disable BitLocker via the GUI first.
    • You may monitor the decryption progress with calls to manage-bde status C: (or relevant drive letter).
    • You may re-enable it after completing the procedure.
  2. Consider backing up the values in your registry.
    • Open Registry Editor, then click on the "Computer" entry on the left sidebar.
    • File > Export, then save your backup - put a date in the file name!

Procedure

  1. Disable Hyper-V: bcdedit /set hypervisorlaunchtype off
  2. Disable Hyper-V, part two: DISM /Online /Disable-Feature:Microsoft-Hyper-V
  3. Disable Device Guard: In regedit (Registry Editor), go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard, then set the Enabled REG_DWORD value to 0
    • Go ahead and disable Credential Guard too if it is in the registry.
  4. Disable Memory Integrity: In settings, navigate to Start > Settings > Update & Security > Windows Security > Device security > Core isolation > Memory integrity.
  5. Disable Virtual Secure Mode: bcdedit /set vsmlaunchtype Off
  6. Reboot.
  7. (Optional, only try if green turtle still prevails) Disable BIOS option "Secured Core".

(These steps are loosely based on this forum post)

PowerShell Script

For some infernal reason, my work laptop keeps on re-enabling the steps involving the registry whenever I reboot it. The following script can be made to run every time your computer boots up to side-step this issue.

# Function to print a message and stop the script if an error occurs
function Stop-ScriptOnError {
    param (
        [string]$message
    )
    Write-Error $message
    exit 1
}

# Disable Hyper-V
try {
    Write-Output "Disabling Hyper-V (bcdedit)..."
    cmd.exe /c bcdedit /set hypervisorlaunchtype off
    Write-Output "Successfully disabled Hyper-V."
} catch {
    Stop-ScriptOnError "Failed to disable Hyper-V."
}

# Disable Hyper-V, part two
try {
    Write-Output "Disabling Hyper-V (DISM)..."
    DISM /Online /Disable-Feature:Microsoft-Hyper-V
    Write-Output "Successfully disabled Hyper-V (DISM)."
} catch {
    Stop-ScriptOnError "Failed to disable Hyper-V (DISM)."
}

# Disable Device Guard and Credential Guard
try {
    Write-Output "Disabling Device Guard and Credential Guard..."
    $regPathSystemGuard = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard"
    $regPathCredentialGuard = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard"
    $regPathDeviceGuard = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard"

    if (Test-Path $regPathSystemGuard) {
        Set-ItemProperty -Path $regPathSystemGuard -Name "Enabled" -Value 0
        Write-Output "Successfully disabled Device Guard."
    } else {
        Write-Warning "Device Guard registry path not found, ignoring."
    }

    if (Test-Path $regPathCredentialGuard) {
        Set-ItemProperty -Path $regPathCredentialGuard -Name "Enabled" -Value 0
        Write-Output "Successfully disabled Credential Guard."
    } else {
        Write-Warning "Credential Guard registry path not found, ignoring."
    }

    if (Test-Path $regPathDeviceGuard) {
        Set-ItemProperty -Path $regPathDeviceGuard -Name "EnableVirtualizationBasedSecurity" -Value 0
        Write-Output "Successfully disabled EnableVirtualizationBasedSecurity."
    } else {
        Write-Warning "EnableVirtualizationBasedSecurity registry path not found, ignoring."
    }
} catch {
    Stop-ScriptOnError "Failed to disable Device Guard or Credential Guard."
}

# Disable Virtual Secure Mode
try {
    Write-Output "Disabling Virtual Secure Mode..."
    cmd.exe /c bcdedit /set vsmlaunchtype Off
    Write-Output "Successfully disabled Virtual Secure Mode."
} catch {
    Stop-ScriptOnError "Failed to disable Virtual Secure Mode."
}

Write-Output "All steps completed. Please verify that all changes were applied successfully."
Write-Output "Complete manual steps if necessary, and reboot the system."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment