1/15/2025 14:51 Microsoft-Windows-CodeIntegrity/Operational Error CodeIntegrity <customer domain> 3033 Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Symantec\Symantec Endpoint Protection\14.3.9210.6000.105\Bin64\symamsi.dll that did not meet the Microsoft signing level requirements....
Windows 11
Local Security Authority (LSA) protection mode
1) The event viewer code integrity messages will be logged when PPL processes (e.g. MPCmdRun.exe, SvcHost.exe etc.) tried to load symamsi.dll.
The event viewer logs are as expected since symamsi.dll for RUs is NOT Microsoft signed and doesn't meet AMPPL requirement, other vendors will have similar issues.
NOTE: The error messages will be logged whether system is in Local Security Authority (LSA) protected mode or not.
2) symamsi.dll is not in the LSA code path at all. So the error message shouldn't impact Local Security Authority (LSA) protection mode.
https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
CRE-20569