System Protections

Step 3 of 4 — Disable Windows security features that block injection.

Each product requires different system protections to be disabled. Select your product below — your selection will be remembered across all setup pages.

warning

Most of these changes require a PC restart to take effect. You can make all changes first and do a single restart at the end.

HOOK (Fortnite / Apex)

Disable TPM

1. Restart your PC and enter BIOS/UEFI (press F2, Del, or F12 during boot — varies by motherboard)
2. Navigate to the Security or Trusted Computing section
3. Find TPM, Intel PTT, or AMD fTPM and set it to Disabled
4. Save and exit BIOS

Manufacturer-specific names

• Intel boards: Look for Intel Platform Trust Technology (PTT)
• AMD boards: Look for AMD fTPM or AMD PSP fTPM
• ASUS: Security → Trusted Computing → TPM Device Selection → Disable
• MSI: Settings → Security → Trusted Computing → Disable
• Gigabyte: Peripherals → Intel PTT / AMD CPU fTPM → Disabled

Can't disable TPM?

Some newer laptops have TPM permanently enabled or locked by the manufacturer. If you cannot find a TPM option in your BIOS, your device may not be compatible. Check our Terms of Service — it is your responsibility to verify compatibility before purchasing.

Windows 11 Only — Additional Steps

If you are on Windows 11, you must also complete these extra steps. Windows 10 users can skip this section.

Disable Vulnerable Driver Blocklist (Registry Edit)

1. Press Win + R, type regedit, and press Enter
2. Navigate to:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config

3. Find VulnerableDriverBlocklistEnable and double-click it
4. Set the value to 0 and click OK

Can't find the key?

If VulnerableDriverBlocklistEnable doesn't exist:

1. Right-click in the right pane → New → DWORD (32-bit) Value
2. Name it VulnerableDriverBlocklistEnable
3. Set the value to 0

Disable Core Isolation

1. Open Settings → Privacy & Security → Windows Security
2. Click Device Security → Core isolation details
3. Turn off all toggles:
   • Memory Integrity
   • Kernel-mode Hardware-enforced Stack Protection (if present)
   • Microsoft Vulnerable Driver Blocklist (if present)
   • Any other toggles shown

Reboot

Restart your PC to apply all changes.

Verify

After restarting, press Win + R → type msinfo32 → check:

Setting	Should Be
TPM	Not found / Off
Memory Integrity	Off

SAFEST (Rust)

Disable Core Isolation

1. Open Windows Security → Device Security → Core isolation details
2. Turn off every toggle on this page:
   • Memory Integrity (HVCI)
   • Kernel-mode Hardware-enforced Stack Protection (if present)
   • Microsoft Vulnerable Driver Blocklist (if present)
   • Any other toggles shown

Disable Exploit Protections

1. Open Windows Security → App & browser control
2. Click Exploit protection settings
3. In the System settings tab, set all of the following to Off by default:
   • Control flow guard (CFG)
   • Data Execution Prevention (DEP)
   • Force randomization for images (Mandatory ASLR)
   • Randomize memory allocations (Bottom-up ASLR)
   • High-entropy ASLR
   • Validate exception chains (SEHOP)
   • Validate heap integrity

warning

Set every single one to Off by default. Missing even one can cause injection to fail.

Disable Virtualization

In BIOS

1. Restart your PC and enter BIOS/UEFI (press F2, Del, or F12 during boot)
2. Find Intel VT-x / Intel Virtualization Technology (Intel) or SVM Mode (AMD)
3. Set to Disabled
4. Save and exit

In Windows

1. Press Win + R, type optionalfeatures, press Enter
2. Uncheck the following:
   • Hyper-V (all sub-entries)
   • Virtual Machine Platform
   • Windows Hypervisor Platform
3. Click OK

Disable Secure Boot

1. Restart and enter BIOS/UEFI
2. Find Secure Boot (usually under Security or Boot)
3. Set to Disabled
4. Save and exit

Reboot

Restart your PC to apply all changes.

Verify

After restarting, press Win + R → type msinfo32 → check:

Setting	Should Be
Memory Integrity	Off
Virtualization-based security	Not enabled
Secure Boot State	Off

SQUAD (Rust)

Disable VBS / HVCI (Core Isolation)

1. Open Settings → Privacy & Security → Windows Security
2. Click Device Security → Core isolation details
3. Turn off all toggles — especially Memory Integrity
4. Restart your PC

If Memory Integrity Won't Turn Off

If VBS is still showing as enabled after restart:

1. Open Command Prompt as Administrator (right-click Start → Terminal (Admin))
2. Run the following command:

   bcdedit /set hypervisorlaunchtype off

3. Restart your PC

Disable Kernel DMA Protection

In BIOS

1. Restart and enter BIOS (press Del, F2, or F10 during boot)
2. Disable VT-d (Intel) or IOMMU / AMD-Vi (AMD):
   • Intel: Usually under CPU Configuration or Chipset settings
   • AMD: Usually under NBIO Configuration or IOMMU settings
3. Save and exit BIOS

In Windows (optional)

• Open Windows Security → Device Security → Core isolation
• Turn off Memory access protection (if present)

Disable Meltdown & Spectre Mitigations (KVA Shadow)

1. Open Command Prompt as Administrator

2. Run these two commands one by one:

   REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

   REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

3. Restart your PC

Reboot

Restart your PC to apply all changes.

Verify

After restarting, press Win + R → type msinfo32 → check:

Setting	Should Be
Virtualization-based security	Not enabled
Kernel DMA Protection	Off
Memory Integrity	Off

MATRIX (Arc Raiders)

Disable TPM

1. Restart your PC and enter BIOS/UEFI (press F2, Del, or F12 during boot)
2. Navigate to the Security or Trusted Computing section
3. Find TPM, Intel PTT, or AMD fTPM and set it to Disabled
4. Save and exit

Manufacturer-specific names

• Intel boards: Look for Intel Platform Trust Technology (PTT)
• AMD boards: Look for AMD fTPM or AMD PSP fTPM
• ASUS: Security → Trusted Computing → TPM Device Selection → Disable
• MSI: Settings → Security → Trusted Computing → Disable
• Gigabyte: Peripherals → Intel PTT / AMD CPU fTPM → Disabled

Can't disable TPM?

Some newer laptops have TPM permanently enabled or locked by the manufacturer. If you cannot find a TPM option in your BIOS, your device may not be compatible. Check our Terms of Service — it is your responsibility to verify compatibility before purchasing.

Disable Virtualization

In BIOS

1. While in BIOS, find Intel VT-x / Intel Virtualization Technology (Intel) or SVM Mode (AMD)
2. Set to Disabled
3. Save and exit

In Windows

1. Press Win + R, type optionalfeatures, press Enter
2. Uncheck:
   • Hyper-V (all sub-entries)
   • Virtual Machine Platform
   • Windows Hypervisor Platform
3. Click OK

Disable Secure Boot

1. Restart and enter BIOS/UEFI
2. Find Secure Boot (usually under Security or Boot)
3. Set to Disabled
4. Save and exit

Reboot

Restart your PC to apply all changes.

Verify

After restarting, press Win + R → type msinfo32 → check:

Setting	Should Be
TPM	Not found / Off
Virtualization-based security	Not enabled
Secure Boot State	Off