Kernel-Mode Hardware-enforced Stack Protection suddenly off?

Kreinzer · Apr 28, 2023

linuxfish said:
I found somewhere that disabling "Memory integrity" and re-enabling it could help with getting Kernel-mode Hardware-enforcement Stack Protection enabled, but I was only able to enable memory integrity again by manually enabling it in the registry. I would recommend against disabling this setting until the problems with kernel enforcement are resolved as they appear to be linked

Additionally, I'm guessing the "Review Incompatible Drivers" is supposed to give a list of incompatible drivers. I have no list and only a link where Microsoft recommends against uninstalling drivers to resolve the issue

I have updated every driver I could find from Dell, but the issue still persists. (Dell Latitude 3420)
View attachment 58997

A-ha, so we can expect a fix from Microsoft for being locked out of the Kernel-mode Hardware-enforcement Stack Protection? That would be neat.

Mooly · Apr 29, 2023

Just enabled the Kernel Mode setting and restarted and now find I've lost (no biggie) the picture on the Search Box. It is still enabled in settings I think.

Mooly · Apr 30, 2023

Also found this morning that 'Night Light' is not behaving correctly. It has worked for weeks perfectly up to this point. All this is to much of a coincidence.

Have turned the Kernel Mode setting back to off.

pwcrickman · May 6, 2023

Today the Kernel-Mode Hardware section in the Security settings have been replaced with a Microsoft Vulnerable Driver Blocklist section with a toggle set to "on" but grayed out. The shield icon in the task tray still shows a yellow exclamation point and the Settings home page under Device Security states that Local Security Authority protection is off.

Mooly · May 7, 2023

I'm seeing that as well.

In fact following my posts just above these I went back to have another go with the view of turning it back on again and found the option had disappeared. As I mentioned in another thread (and its replies):

Mooly said:
This is puzzling me as well although if I'm honest I prefer the Bing icon... but I would just like to know what happened.

For me this coincided exactly with me enabling the 'Kernel Mode' that I kept being nagged about. I had the picture before enabling this feature and doing the requested restart. Following the restart and it was gone. I disabled the Kernel Mode again but no pictures now.

Kernel-Mode Hardware-enforced Stack Protection suddenly off?

Coincidence or...

The big problem in all this is just not having a clue when something changes by design or whether something has broken or whether you have done something and don't know what that was.

I was left thinking that having enabled, then disabled that something had broken.

TVeblen · May 7, 2023

I do not seem to be having issue with this. I was able to turn KMHE Stack Protection on and have had no ill effects yet.
I'm wondering if it might have something to do with a local configuration issue.

I'm on W11 22H2 22621.1555

My current Windows Defender Settings:

_

_

_

I have not installed this Windows Update Preview as of yet:
_

Mooly · May 7, 2023

I'm now missing the 'Kernel Mode Hardware Stack'. I'm assuming it disappeared after I decided to disable it as a test although I did not immediately look to see... I never dreamt it would just disappear. For curiosity I tried SFC and DISM but no issues found.

TVeblen · May 7, 2023

Have you installed WU KB5025305 yet?
How did you disable KMHE Stack Protection?

TVeblen · May 7, 2023

Interesting that Microsoft Vulnerable Driver Blocklist is ON and greyed out.
That will be annoying when testing various drivers.

pwcrickman · May 7, 2023

I am also missing "Microsoft Defender Credential Guard". I have installed WU KB5025305 and KB4023057.

I'm on W11 22H2 22621.1631

Mooly · May 8, 2023

TVeblen said:
Have you installed WU KB5025305 yet?
How did you disable KMHE Stack Protection?

Who, you mean me?

Yes that update was installed on 26th April.

I did have the button for Kernel Mode protection but after turning it on and then off the next day it disappeared for good.

BrianInEngland · May 8, 2023

It seems that many users are seeing different options/features enabled/disabled or not showing at all - despite running the same versions of Windows and Security updates!

Nothing like being inconsistent

Zinoviev · May 8, 2023

For the first time in months i don't have windows security telling me that the system is vulnerable. But.. LSA and Kernel Mode protection settings have disappeared completely.

TVeblen · May 9, 2023

I'm trying to determine if the latest update (KB5025305) will remove both LSA and Kernal Mode settings before I install it.

TVeblen · May 9, 2023

I never installed KB5025305 and KB4023057, and they disappeared and KB5026372 took their place.
I just installed KB5026372 and there is no change to my Defender Core Isolation settings. KMHE Stack Protection is still there and ON.

I suspect that this difference issue has to do with your processor and motherboard's security capabilities.

linuxfish · May 11, 2023

The most recent update KB5026372 seems to have removed the toggle for Kernel-mode Hardware-enforcement stack for me

Before this whole Kernel enforcement setting was introduced, I had Memory integrity enabled but now it has to be manually enabled in the registry. I still have a blank list of incompatible drivers even though that was supposed to be one of the main fixes in KB5026372