Kernel-mode Hardware-enforced Stack Protection is Off [Fix]

Fix this error message by modifying values in your registry

Reading time icon 4 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Kernel-mode hardware-enforced stack protection is off and can be fixed with a BIOS update.
  • Adjusting a few values in the registry can remedy this issue on your PC.
kernel-mode hardware-enforced stack protection is off

Your PC security should be your priority, but many users reported Kernel-mode hardware-enforced stack protection is off message in Windows Defender.

This message can leave your PC vulnerable to malware attacks, so you must fix this problem as soon as possible.

Luckily, there are ways to solve this issue, and in today’s guide, we will show you the best way to fix this.

What is kernel mode hardware-enforced stack protection?

This feature is associated with Local Security Authority Protection, and it’s designed to protect sensitive information, such as your login credentials or encryption keys.

Using this feature, your computer will block untrusted code from running in kernel mode and keep your PC safe.

How can I fix Kernel-mode hardware-enforced stack protection is off error?

Before we start fixing this issue, you might want to do the following:

  • Update BIOS – It’s suggested to update BIOS. To fix this error, you need to have BIOS that supports Control-flow Enforcement Technology (CET).

1. Modify the registry

  1. Press Windows key + R and enter regedit. Press Enter.
  2. Once the Registry Editor opens, navigate to the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. In the right pane, locate FeatureSettingsOverride and double-click it.
  4. If it’s not available, right-click the right pane, choose New, and then select DWORD (32-bit Value). Name the new value FeatureSettingsOverride and double-click it.
  5. Now change its Value data to 9 and save changes.
  6. Close Registry Editor and restart your PC.

The KSHSP will now be enabled. If it’s not, do the following:

  1. Open search and enter cmd. Now select Run as administrator to start Command Prompt.
  2. Enter the following command: bcdedit /set {current} nx AlwaysOn
  3. After doing that, this feature should be enabled.
Note icon NOTE
Keep in mind that this solution requires you to install a version of BIOS that supports CET.

2. Uninstall the GameGuard and other anti-cheat software

  1. Press Windows key + X and choose Apps and features.
  2. Locate the software that you want to uninstall and click the Uninstall button.
  3. Follow the instructions on the screen to complete the process.

According to users, the issue is GameGuard software that comes with Phantasy Star Online 2. After uninstalling the game, the issue should be gone.

Keep in mind that other anti-cheat applications can cause this issue. Users reported it with Valorant and Vanguard, but after removing the game, the issue was gone.

3. Enable virtualization in BIOS

  1. Restart your PC and keep pressing F2 or Del to access BIOS.
  2. Once you enter BIOS head over to CPU overclocking.
  3. Choose Advanced CPU Settings and enable SVM.
  4. Go back to Windows and you’ll be able to enable this feature from the Core Isolation settings.

4. Perform an in-place upgrade

Note icon NOTE
This method might delete your files or software, so create a backup before using it.

Download the ISO file

  1. Visit Windows 10 download page.
  2. Click on Download Now in Create Windows 10 installation media section.
  3. Once the software is downloaded, run it.
  4. Accept the terms of service.
  5. Choose the Create installation media (USB flash drive, DVD, or ISO file) for another PC and click Next.
  6. Make sure the settings match your architecture and language and click Next.
  7. Choose the ISO file and click Next.
  8. Set the save location and wait for the software to download it.

Perform the upgrade

  1. Once the ISO file is downloaded, double-click to mount it.
  2. A new window will appear. Double-click the setup file to run the installation.
  3. Follow the instructions on the screen.
  4. Once you reach Choose what to keep screen, make sure you select Keep Windows settings, personal files, and apps. If this option isn’t available, you’ll lose installed applications and files from the system drive if you proceed.
  5. The installation process will now start.

After the installation is finished, check if the problem is resolved.

These are just some methods that can fix the Kernel-mode Hardware-enforced Stack Protection is off. Your device may be vulnerable error.

If the problem persists, perhaps you should consider using a third-party antivirus. Many great antivirus solutions for Windows offer better protection than Windows Defender.

Did we miss a solution that worked for you? If so, let us know in the comments section below.

More about the topics: windows 10 fix, Windows Defender issues