Application Guard Testing with Virt-Manager

Received a BSOD with error code 0xc0000225 on a Windows 10 (and 11) VM when enabling the Hyper-V role to do some testing with Microsoft Defender Application Guard. This VM runs on a Rocky Linux host and I typically use Virt-Manager to handle my VMs. Two changes were necessary to get nested Hyper-V working with virt-manager:

  1. virt-xml <VM-NAME> –edit –cpu host-passthrough
  2. sudo modprobe kvm_intel nested=1
    1. kvm_amd for AMD processors
    2. You can check the value here:
      1. cat /sys/module/kvm_intel/parameters/nested

Once that was done, Hyper-V took great, and I could test Application Guard on the VM.