I suppose you could run your trusted applications in the top-most Windows instance without mitigations, and run untrusted applications in a virtualized Windows instance with mitigations enabled. Wouldn't be pretty or very practical, but I suppose it might work?