Security through virtualization was driving me crazy when I saw so many errors in the Windows 11 PRO Event Viewer. In addition, I suspected that the computer was taking a little longer than necessary to open some programs, although it did not matter to me because I have Windows installed on an M.2 NVMe.
As part of trying to solve the errors that appeared in the Windows Event Viewer, try to review the Credential Guard, which is part of the virtualization system and is responsible for protecting program access credentials (passwords and so on) in a virtualization environment. . What you may notice is that the Windows Event Viewer was indicating problems such as that it was not licensed but was activated anyway and that it could not be initialized due to some error. To remedy that I went to use the Group Policy editor (GPO = gpedit.msc) I noticed that it was in "not Configured" mode as it showed three modes Disabled, Not Configured and Enabled, I enabled it to check if the errors stopped showing up in the Event Viewer, but what happened instead is that it began to cause conflicts with the TPM 2.0 because when I checked to see if it was active, it intermittently showed itself supposedly ineffective and then showed itself enabled normally. The other detail that I noticed is that some programs and games took considerably longer to start, some even more than ten seconds (in the case of programs that previously took 1 second) and having the M.2 NVME as the system unit, it is a time that if It stands out too much and it starts to bother you.
After much reflection on whether it was worth disabling it, I decided to do so and after rebooting and applying the pertinent changes, there were no longer any problems with TPM 2.0 and the programs even seemed to run faster than before having enabled that security option.
What I want to highlight about this case is that core isolation does not disable it (this requires that Bios virtualization be enabled and in Windows) and I do not think it is necessary to do so because I notice that simply disabling Credential Guard is enough for Windows is noticeable without any burden that forces it to reduce performance.
—Every time Credential Guard is disabled or enabled, core isolation is disabled and Windows Defender will warn you about this in the taskbar icon. I decided to have it enabled but if you want to disable it and Windows Defender is not showing you the warning I think I remember that it is enough to disable Virtualization from the Bios so that the core isolation option disappears and Windows Defender no longer shows the warning
I use a Ryzen 5 5600G CPU and Asus B450M-A/CMS Motherboard
Update: I had not noticed at first that every time you turn off or restart the PC, core isolation is deactivated and you must activate it and restart again for it to remain activated. but you have to repeat the process every time you turn off or restart
For this reason, I changed the status of the Credential Guard option from disabled to "not configured", but I made sure to activate the Kernel security option through Hardware, which is located just below where the option to activate core isolation is. I followed a few steps through Regedit to activate that option that I mentioned and the result is that I did not notice that the performance of Windows had decreased and I got a little additional security.
The detail to highlight is that apparently the TPM detection behaves strangely again because when you enter to check if it is activated it seems that it does not detect it but after exiting and re-entering said option it shows you the status of the TPM now. It appears to be working correctly and it seems that it is no longer as intermittent as when I had Credential Guard activated.