Cannot enable Kernel-Mode Hardware-enforced Stack Protection

Question

Hi all,

I noticed today that the Windows Security app was showing me an issue to look at, which turned out to be that the "Kernel-Mode Hardware-enforced Stack Protection" was off. In the Windows Security app settings I am however not able to enale this feature. It shows a yellow message "This setting is managed by your administrator.":

How would I go about resolving this?

Some information that may be relevant:

• The machine is a very recently bought new model Zen 3 laptop, so it should support the feature. I have also enabled the relevant (and to be certain pretty much all) security settings in the BIOS.
• I am using a local administrator account on the machine
• My machine is not managed by any organisation (no connections under "Accounts > Access work or school")
• I took a look at the group policy editor to check whether something has been set there, but everything in the administrative template tree shows as "not configured"
• I have tried resetting the Windows Security app, no change

Answer 1

Hi MarcoTiemann

I am Dave, I will help you with this.

Click your Start Button, then just type cmd

On the resulting list, right click Command Prompt and select 'run as Administrator'

Paste each of these commands into Command one at a time and press Enter, wait for each command to complete, before running the next command, if you receive an error on any command, ignore that and continue to the next command.

reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /f

reg delete "HKLM\Software\Microsoft\WindowsSelfHost" /f

reg delete "HKLM\Software\Policies" /f

reg delete "HKLM\Software\WOW6432Node\Microsoft\Policies" /f

reg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" /f

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware

reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /f

reg delete "HKCU\Software\Microsoft\WindowsSelfHost" /f

reg delete "HKCU\Software\Policies" /f

reg delete "HKLM\Software\Microsoft\Policies" /f

Then, close Command Prompt and restart (not shut down) your laptop.

Answer 2

does this work for desktop?

Answer 3

Hi there,

Thank you for the suggestions, but wiping the group policy settings in the registry following your guide has not resolved my issue.

I see that some other users have subscribed to this thread. Trying this had no positive or negative impact on my system in case you were wondering whether deleting a fair few registry keys would break your installation. May be worth trying in case you get a different outcome.

Answer 4

I had the same issue. I just disabled Memory Integrity and rebooted after this the managed by administrator thing disappeared. But now I realised I can`t turn off Memory Integrity complitely. After rebooting it stays on and although the toggle switch for the Kernel-Mode Hardware-enforced Stack Protection is working now it still stays off after PC restart.

Answer 5

Yea this is what worked for me. Turned off Memory Integrity then restarted then tried to turn it back on to find incompatible drivers from an old phone I used to have. Uninstalled those drivers, restarted my PC, then I was able to turn both back on.