Virtualization-based security (VBS)

The virtualization-based security (VBS) functions are disabled by default in the Windows images from Beckhoff, as they are not compatible with TwinCAT XAR. Typically, industrial PCs have fixed communication partners with which they communicate via predefined protocols. The applications run according to pre-defined rules and are tailored to the specific application. Therefore, industrial PCs can usually be adequately hardened using the other measures described in this guide.

This restriction does not apply to the use of TwinCAT XAE. VBS can be enabled on PCs with TwinCAT XAE. In this case, you should use the TwinCAT 3 Usermode Runtime for testing purposes.