LSA Warning logs in Windows 11 Home 22h2


TheVisitor

Well-known member
Member
VIP
Local time
4:27 AM
Posts
156
OS
Windows 11 Intel i5 10400 HD630 graphics chip
I never saw any of the following stuff in Win11 21h2.

Each boot up/restart I get the following list of LSA warnings in Event Viewer ID 6155.
LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard.

PackageName: negoexts
PackageName: kerberos
PackageName: msv1_0
PackageName: tspkg
PackageName: pku2u
PackageName: cloudap
PackageName: wdigest
PackageName: schannel
PackageName: sfapm

I have read through 'Configuring Additional LSA Protection' serveral times
and the article indicates its for Windows Server 2022, 2016, 2019.
I am using Windows Home 22h2, not a server. Windows home also does not have GPO.

Under section on the article 'how to disable LSA protection' -
I have looked at registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
but.. I don't have 'RunAsAPPL dword. So I assume by not having the setting
that LSA should not be running/starting, why all the warnings.

To best of my knowledge I don't have Keberos, negoexts, and all the others listed above.

Machine seems to be running just fine but would like to get rid of warnings.
I have also looked thru the Event Viewer 'windows system and application' logs for
Event ID 12 indicating that LSA was started, there are no Event ID 12's.
So if its not loading the above items and no Event ID I assume its not running/starting
at all, so why again the logs.

Thanks in advance, sorry for the large post
 

My Computer

System One

  • OS
    Windows 11 Intel i5 10400 HD630 graphics chip
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    CPU
    i5-10400
    Memory
    12 gb
    Graphics Card(s)
    HD630 chipset
    Monitor(s) Displays
    LG 24inch
    Hard Drives
    SSD, external usb drive 1tb for files/backups
    Keyboard
    wireless Logi
    Mouse
    ms 4000 wireless mouse
    Internet Speed
    10meg
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    Win11 Home 23H2 22631.3374 03/26/24
Microsoft has LSA protections audit mode enabled by default now in 22H2 and could be generating these alerts. They are warnings so I honestly would ignore them. Most of those packages are irrelevant for a home system
 

My Computer

System One

  • OS
    Windows 11
Thanks for the info, is there a way to suppress those notifications , like maybe something in the registry ?
 

My Computer

System One

  • OS
    Windows 11 Intel i5 10400 HD630 graphics chip
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    CPU
    i5-10400
    Memory
    12 gb
    Graphics Card(s)
    HD630 chipset
    Monitor(s) Displays
    LG 24inch
    Hard Drives
    SSD, external usb drive 1tb for files/backups
    Keyboard
    wireless Logi
    Mouse
    ms 4000 wireless mouse
    Internet Speed
    10meg
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    Win11 Home 23H2 22631.3374 03/26/24
I never saw any of the following stuff in Win11 21h2.

Each boot up/restart I get the following list of LSA warnings in Event Viewer ID 6155.
LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard.

PackageName: negoexts
PackageName: kerberos
PackageName: msv1_0
PackageName: tspkg
PackageName: pku2u
PackageName: cloudap
PackageName: wdigest
PackageName: schannel
PackageName: sfapm

I have read through 'Configuring Additional LSA Protection' serveral times
and the article indicates its for Windows Server 2022, 2016, 2019.
I am using Windows Home 22h2, not a server. Windows home also does not have GPO.

Under section on the article 'how to disable LSA protection' -
I have looked at registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
but.. I don't have 'RunAsAPPL dword. So I assume by not having the setting
that LSA should not be running/starting, why all the warnings.

To best of my knowledge I don't have Keberos, negoexts, and all the others listed above.

Machine seems to be running just fine but would like to get rid of warnings.
I have also looked thru the Event Viewer 'windows system and application' logs for
Event ID 12 indicating that LSA was started, there are no Event ID 12's.
So if its not loading the above items and no Event ID I assume its not running/starting
at all, so why again the logs.

Thanks in advance, sorry for the large post
Yeah few of us have the same problem as your. please see this post all about this ;-)

Microsoft-Windows-Security-Auditing Event#1108 Errors?

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    EVGA
    CPU
    i9 11900K
    Motherboard
    EVGA Z590 FTW
    Memory
    Corsair DDR4 3600mhz XMP 32GB
    Graphics Card(s)
    Sli 2 x NVIDIA RTX2080Ti Foundtion Editon
    Sound Card
    Realtek and EVGA NU Audio
    Monitor(s) Displays
    Acer Predator X35 35-inch Curved G-Sync Ultimate
    Screen Resolution
    3440 x 1440 G-Sync
    Hard Drives
    M.2 Samsung Pro 500gb
    M.2 Samsung Pro 250gb
    Westdigtal WD Green HDD 500gb
    PSU
    EVGA SuperNOVA 1300 X3
    Case
    EVGA case D77
    Cooling
    EVGA CLCx 380 Liquid / Water CPU Cooler
    Keyboard
    EVGA Z10
    Mouse
    EVGA Torq X10
    Internet Speed
    850mbp
    Browser
    Mircosoft Edges Google and Bing
    Antivirus
    Kaspersky Internet
    Other Info
    Logitech Z906 THX 5.1 Surround Sound Speakers SPDIF
In case some people still want to get rid of the credential guard and the LSA warnings,


How to disable LSA (Credential Guard) using Local Group Policy on Windows 11, 22H2
  1. Press Win-X an then Run
  2. Type in gpedit.msc
  3. Expand Computer Configuration, expand Administrative Templates, expand System, and then expand Local Security Authority.
  4. Open the Configure LSASS to run as a protected process policy.
  5. Set the policy to Enabled.
  6. Under Options, set Configure LSA to "Disabled"
 

My Computer

System One

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Build
    CPU
    Ryzen 5600X
    Motherboard
    Asus Rog Strix B550 E-Gaming
    Memory
    Corsair Dominator Platinum 3600mhz C16 (2x16gb)
    Graphics Card(s)
    MSI RTX 3060 Gaming X 12gb
    Sound Card
    Supreme FX
    Monitor(s) Displays
    Sammy 55 inch Q80T
    Screen Resolution
    3840x2160
    Hard Drives
    Sammy 980 Pro 1tb NVME, Sammy 970 Pro 1tb NVME, Cruzer SSD 2tb
    PSU
    Corsair RM1000X
    Case
    Corsair 4000D Airflow
    Cooling
    Corsair Icue H100 Elite LCD Display
    Keyboard
    Corsair K70 RGB Pro
    Mouse
    Corsair RGB Dark Pro
    Internet Speed
    350 mb/s
    Browser
    Edge
    Antivirus
    Windows Defender

Latest Support Threads

Back
Top Bottom