Now, if someone tries to Read or Write on that virtual address, then EPT Violation occurs, and we have a chance to bring the original physical address back to the page entry and set both Read and Write bits of that page but unset the Execute bit, so the page is not executable, we also set VMCS's Monitor Trap Flag (a.k.a. MTF) and thus after a read or write (which causes the EPT Violation), we change everything back to the executable but not readable and writable page.