Not loaded aswAMSI.dll for LSA protection

[Gee580]

Hi there.

I have found a compatibility issue between Avast Free Edition and Windows 10/11 22H2 LSA protection feature.
I have turned on Windows LSA protection but it is not at Avast settings->troubleshooting.LSA protection check box.
Then I get a bunch of Event ID 3033.

"Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll, which does not meet the Windows signing level requirements".

1. What is "aswAMSI.dll"?

2. How is this critical to security?

3. Can I ask Avast support to get the correct Windows signature from them and implement it because you should have some solid developer contact channels than ordinary users.

[Spec8472]

Hello Gee580, the Avast LSA protection is different from MS LSA protection. It is not same feature.
The Event ID 3033 is not connected to any LSA protection.
1. aswAMSI.dll, is Avast "anti-malware scan interface provider", this is module provided by Avast which can by used for scanning by 3rd part processes.
2. Not critical at all, the SecurityHealthService.exe is MS protected process (PPL). This means there are restriction on modules which can be loaded into MS PPL processes, special MS signature  is required.
3. MS is not willing to provide its "Microsoft Windows Publisher" signatures to other software companies.

[Gee580]

Thanks Spec8472,

I got it!

I read an MS article that only if compatible drivers are installed, then "LSA prototection" enabled by default.
However, MS does not clearly describe around this issue. I'm still confused. Windows has different editions for organizations like Enterprise, and Education and for home users like Pro/Home Edition.

The implementation is different for each. Also, Windows behaves differently depending on how it was updated; the 22H2 clean install or via Windows Update. I hope MS should improve the level of consistency for Windows OSes, so far.