After updating Windows Defender, some Windows 11 users report that they received the “Kernel-mode Hardware-enforced Stack Protection is off. Your device may be vulnerable” error message. This post from MiniTool introduces some solutions for you.

Kernel-Mode Hardware-Enforced Stack Protection

Kernel-mode Hardware-enforced Stack Protection is a security feature that protects the system from various memory attacks, such as stack buffer overflows. It is intended to be used in conjunction with other security features such as Local Security Authority protection (LSA).

Microsoft added the Kernel-mode Hardware-enforced Stack Protection feature to Windows 11 22H2 in April 2023 as part of the Microsoft Defender update. To use the Kernel-mode Hardware-enforced Stack Protection feature, your device must have an Intel Tiger Lake CPU or AMD Zen3 CPU and later with CPU virtualization enabled in the BIOS.

What Is the Function of the Kernel of an Operating System?
What Is the Function of the Kernel of an Operating System?

What is kernel? What is the function of the kernel of an operating system? This post provides a full introduction for you.

Read More

Kernel-Mode Hardware-Enforced Stack Protection Is off

Windows 11 users recently encountered a warning message in Windows Security stating that “Kernel-mode hardware-enforced stack protection is off. Your device may be vulnerable.” This issue occurred after a recent update to Windows Defender and is believed to be caused by driver compatibility issues and outdated anti-cheat systems or keyboard/mouse drivers.

Tips:

Tip: Many conflicts are related to the copyright protection and anti-cheat drivers used by games, including PUBG, Valorant (Riot Vanguard), Bloodhunt, Destiny 2, Genshin Impact, Phantasy Star Online 2 (Game Guard), and Dazed.

Kernel-mode Hardware-enforced Stack Protection is off

How to fix Kernel-mode Hardware-enforced Stack Protection is off on Windows 11? Here are some workable solutions.

Fix 1: Modify the Registry

You can fix the “Kernel-mode Hardware-enforced Stack Protection is off” issue via Registry Editor. Here is how to do that:

Step 1: Press the Windows + R keys together to open the Run dialogue box. Type regedit in it and click OK.

Step 2: Go to the following path:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

go to the above path

Step 3: Find FeatureSettingsOverride in the right pane. If it doesn’t exist, right-click the empty space and choose New > DWORD (32-bit) Value, and name it FeatureSettingsOverride.

Step 4: Double-click it and set the value to 9, then click OK. Close Registry Editor and restart your PC.

Fix 2: Enable Virtualization in BIOS

CPU virtualization in BIOS is a technological innovation that enables a single physical processor to act as multiple virtual processors. Some users reported that enabling this feature can fix the “Kernel-mode hardware-enforced stack protection is turned off” error in Windows.

Tips:

Tip: Enabling virtualization in the BIOS may vary by manufacturer and BIOS version.

Step 1: Restart your computer and press the appropriate key (e.g., Esc, F1, F2, F10, F12, or Delete) during startup to access the BIOS settings.

Step 2: Go to the virtualization settings, which may be under Advanced, CPU ConfigurationChipset, or Security.

Step 3: Find and enable the virtualization option, such as Virtualization Technology, Intel VT-x, or AMD-V.

Step 4: Save your changes. Your computer will restart with virtualization enabled.

Fix 3: Uninstall Conflicting Software

As mentioned earlier in this guide, anti-cheat software could also be the culprit. All you need to do is uninstall them (and sometimes the games they came with), and that will most likely fix the “Kernel-mode Hardware-enforced Stack Protection is off. Your device may be vulnerable” issue.

Fix 4: Reset Windows 11

Resetting your Windows 11 may be also useful for you to get rid of the “Kernel-mode Hardware-enforced Stack Protection is off” issue.

Before setting your Windows 11, you had better make a backup of your files and programs to avoid data loss and having to re-download apps. To do this, you can use a piece of professional system backup software. We highly recommend using MiniTool ShadowMaker.

MiniTool ShadowMaker TrialClick to Download100%Clean & Safe

To back up your system, follow the guide below:

Step 1: Download and launch MiniTool ShadowMaker, then click Keep Trial.

Step 2: Go to the Backup page. MiniTool ShadowMaker backs up the operating system and chooses the destination by default. You can click Back Up Now to begin the backup.

click Back Up Now

Step 3: After that, you are advised to click Tools > Media Builder to create a bootable medium with an ISO file, USB flash drive, or CD/DVD disc.

Then, you can start to reset your Windows 11:

Step 1: Right-click the Windows icon at the bottom of the system tray and select Settings.

Step 2: Go to Update & Security System >Recovery > Reset this PC.

Step 3: In the Choose an option screen, select the way that you want to reset Windows 11 and follow the on-screen prompts to complete the operation. You can choose Keep my files or Remove everything.

choose Keep my files or Remove everything

Step 4: If you want to download a fresh copy of Windows, you can select Cloud download. Or, you can select Local reinstall which will perform a Windows 11 factory reset locally.

click Cloud download or Local reinstall

Step 5: At last, click on Reset at the Ready to reset this PC screen. This resetting process will take you some time to complete. Please wait patiently.

How to Factory Reset Windows 11 Without Password? [4 Ways]
How to Factory Reset Windows 11 Without Password? [4 Ways]

If you want to factory reset Windows 11 without password but don’t know how to do that, this post is what you need. This post provides 4 ways for you.

Read More

Fix 5: Update BIOS

If none of the methods can fix the “Kernel-mode Hardware-enforced Stack Protection is off” error, then you should update your BIOS. BIOS is responsible for waking up all your computer’s hardware components. And you should know that it is very complicated to update your BIOS.

If the process isn’t performed correctly, it may cause permanent damage to your computer, so you’d better check your motherboard manual to update your BIOS.

Step 1: Type msinfo in the Search bar to find System Information and open it.

Step 2: Locate the BIOS Version/Date and copy it to a text file on your computer or write it down on a piece of paper.

Step 3: This process varies by manufacturer, thus you can go to the official website of your computer brand to find the next steps.

Related post:

Final Words

In conclusion, this post has offered you 5 useful methods to fix the “Kernel-mode Hardware-enforced Stack Protection is off” error. So if you meet the error, don’t hesitate to try the methods mentioned above. Besides, backing up your system in advance can not only protect your data but also allows you to restore your system easily and quickly.

  • linkedin
  • reddit

About The Author

Daisy
Daisy

Position: Columnist

Having been an editor at MiniTool since graduating college as an English major, Daisy specializes in writing about data backups, disk cloning, and file syncing as well as general computer knowledge and issues. In her free time, Daisy enjoys running and going with friends to the amusement park.