Question
Issue: How to fix "Kernel-mode Hardware-enforced Stack Protection is off" error in Windows?
I got a notification from Windows Defender stating that Kernel-mode Hardware-enforced Stack Protection is disabled, which may leave my device vulnerable. When I click the “Go to settings” button, I encounter an error message: “Page not available. The page you're trying to access lacks supported features and is unavailable.” Visiting the Device Security page doesn't provide any extra options. Any ideas on how to turn this back on?
Solved Answer
Windows 11 users have recently encountered a warning message in Windows Security stating, “Kernel-mode Hardware-enforced Stack Protection is off. Your device may be vulnerable.” This issue has emerged after a recent update to Windows Defender and is believed to be caused by driver compatibility problems. In this article, we will discuss the issue and provide general guidance on how to address it.
Hardware-Enforced Stack Protection is a new security feature in Windows 11 that leverages local CPU hardware to protect the memory stack where app codes are stored during execution. This feature employs modern CPU hardware and shadow stacks to manage the memory stack effectively. However, it may not be compatible with certain apps or drivers, such as outdated anti-cheat systems or some keyboard and mouse drivers.
Users who have come across the warning message have reported that their attempts to enable the feature have been unsuccessful, likely due to driver incompatibilities. The Windows Security app currently struggles to detect the problematic driver, making it challenging for users to resolve the issue independently.
Microsoft has acknowledged this issue as a known bug, and installing the latest updates should fix the problem. If you still encounter the “Kernel-mode Hardware-enforced Stack Protection is off” message after updating your system, there are several other solutions that have worked for other users.
One possible solution is updating your computer's BIOS. Ensuring that your BIOS is up-to-date can help resolve compatibility issues and improve overall system stability. Additionally, some users have reported that enabling virtualization in their BIOS settings has resolved the issue, so it may be worth exploring this option as well.
Another approach to consider is attempting a registry fix. A registry fix might help address the problem, but it is important to proceed with caution, as making changes to the registry can have unintended consequences if not done correctly.
If none of the above solutions work, repairing your Windows installation might help resolve the issue. This process can help fix any underlying system issues that could be causing the “Kernel-mode Hardware-enforced Stack Protection is off” message to appear. We also recommend running a PC repair tool FortectMac Washing Machine X9 that could check Windows for any other underlying issues.
1. Install the latest Windows updates
Whenever Windows updates result in a widespread issue, Microsoft usually addresses it fast with a small patch. Thus, make sure you install all the latest available updates.
- Click Start and select Settings.
- Go to the Windows Update section.
- Click Check for updates and wait.
- Go to the Advanced options and install optional updates.
- Reboot your computer.
2. Try the registry fix
Another solution is to force Kernel-mode Hardware-enforced Stack Protection to be enabled via the Registry. Before proceeding, we recommend you back up your registry just in case.
- Type regedit in Windows search and press Enter.
- When the Registry Editor opens, navigate to the following location:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management - In the right pane, look for the FeatureSettingsOverride. If it doesn't exist, right-click on the empty space and pick New > DWORD value, and name it FeatureSettingsOverride.
- Double-click it and set the value to 9, then click OK.
- Close down the Registry Editor and reboot your PC.
3. Enable virtualization in BIOS
CPU virtualization within the BIOS is a technological innovation that enables a single physical processor to function as several virtual processors. This hardware virtualization method permits multiple operating systems to coexist on the same machine simultaneously, with each operating system operating on its distinct virtual processor.
- Restart your computer and press the appropriate key (e.g., Esc, F1, F2, F10, F12, or Delete) during startup to access the BIOS settings.
- Navigate to the virtualization settings, which may be under “Advanced,” “CPU Configuration,” “Chipset,” or “Security.”
- Find and enable the virtualization option, such as “Virtualization Technology,” “Intel VT-x,” or “AMD-V.”
- Save your changes, typically by pressing F10, and confirm if prompted.
- Your computer will restart with virtualization enabled.
4. Update your BIOS
It is important to note that updating BIOS might not be easy, and if you are not sure what you are doing, we recommend contacting a professional or a power user. It is also important to note that the process varies depending on your computer configuration, and these are just general guidelines.
- Before proceeding, backup your data as a precaution.
- Visit the manufacturer's website and download your specific model's latest BIOS update file (you can check which BIOS you are using by typing System information in Windows search and checking the BIOS Version/Date and BaseBoard Product entries there).
- Extract the BIOS update files and read any provided instructions or documentation.
- Create a bootable USB drive with the BIOS update files, if required.
- Update the BIOS using the manufacturer's recommended method, which may be through a built-in utility or booting from a USB drive.
- Restart your computer to complete the process.
5. Repair-install Windows
You can always attempt to reinstall/repair Windows with the help of a special tool from Microsoft. Before proceeding, make sure you uninstall third-party security software and that you have at least 20GB of space on your main drive.
Create Windows ISO
- Download Windows 11 Installation media from the official Microsoft website.
- Double-click the MediaCreationTool.exe file to launch it.
- When UAC shows up, click Yes.
- Accept license terms.
- Select Language and Edition (make sure it matches the one that you have currently installed) or simply mark the Use the recommended options for this PC and click Next.
- Select the ISO file and click Next.
- Select the location for your ISO file and wait till all the needed files are downloaded, then click Finish.
Repair-install Windows
- Go to the location of your ISO file, right-click, and select Mount.
- Run the setup.exe file.
- You will be asked whether you want to update Windows to the latest version – pick Not right now and click Next.
- Accept Terms and Windows will make several checks to ensure everything is fine.
- Click Change what to keep.
- Here, you have several options: Keep your files and apps, Keep files only, or Keep nothing – choose what suits you the best. Click Next.
- Finally, click Install to begin the installation process.
Related:
Repair your Errors automatically
ugetfix.com team is trying to do its best to help users find the best solutions for eliminating their errors. If you don't want to struggle with manual repair techniques, please use the automatic software. All recommended products have been tested and approved by our professionals. Tools that you can use to fix your error are listed bellow:
Access geo-restricted video content with a VPN
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
Don’t pay ransomware authors – use alternative data recovery options
Malware attacks, particularly ransomware, are by far the biggest danger to your pictures, videos, work, or school files. Since cybercriminals use a robust encryption algorithm to lock data, it can no longer be used until a ransom in bitcoin is paid. Instead of paying hackers, you should first try to use alternative recovery methods that could help you to retrieve at least some portion of the lost data. Otherwise, you could also lose your money, along with the files. One of the best tools that could restore at least some of the encrypted files – Data Recovery Pro.
Jake Doe is the news editor at UGetFix. Since he met Ugnius Kiguolis in 2003, they both launched several projects that spread awareness about cybercrimes, malware, and other computer-related problems.
