Windows ESS enabled and suddenly disabled

leli eee 0 Reputation points
2024-12-24T13:41:30.3933333+00:00

Hello,

I had some issues with windows ESS (enhanced sign -in security). I recently bought a new Asus laptop – b5404cma. It had windows ESS enabled and it worked fine. Then one month ago (30th October) (based on event viewer ) ESS wasn’t enabled anymore. Searching in the event viewer I found out the following:

Until 29th October the logs were:

The Windows Biometric Service successfully created a Biometric Unit for sensor: FPC Fingerprint Reader (USB\VID_10A5&PID_9544\5&1423ACB5&0&9)

The sensor's mode is "Badic," its pool-type is "System," and it's isolated in a "Virtual Secure Mode" process.

Based on Microsoft’s page about ESS (Windows Hello Enhanced Sign-in Security | Microsoft Learn) this indicates ESS is working.

Sometimes sensor mode is adcanced – as for example in this log:

The Windows Biometric Service successfully created a Biometric Unit for sensor: FPC Fingerprint Reader (USB\VID_10A5&PID_9544\5&1423ACB5&0&9)

The sensor's mode is "Advanced," its pool-type is "System," and it's isolated in a "Virtual Secure Mode" process.

Then on 30th October the logs change to:

The Windows Biometric Service successfully created a Biometric Unit for sensor: Windows Hello Face Virtual Software Device (\Bootstrap\Virtual Sensors{0527b250-7514-4321-8b68-41c65f956998})

The sensor's mode is "Basic," its pool-type is "System," and it's isolated in a "Local System" process.

Now it says it is isolated in »local system«, which based on Microsoft’s page indicates ESS is not working.

Could anyone help me resolve this issue as its bothering me for over a month. I searched on the internet and found someone that says I should add a key (PassportForWork) and inside a value (UseEnhancedSignInSecurity) set to 1. is that a good idea or should i try something else?

Any help is welcome, thank you

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,964 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Daisy Zhou 26,946 Reputation points Microsoft Vendor
    2024-12-25T07:49:23.65+00:00

    Hello

    Thank you for posting in Q&A forum.

    Here are a few steps you can take to troubleshoot and potentially resolve this issue:

    1. Ensure that ESS is still enabled in your system settings. You can do this by navigating to Settings > Update & Security > Windows Security > Device Security > Core isolation details. Make sure that all necessary settings for ESS are enabled
    2. Ensure that all your biometric sensor drivers are up to date. Sometimes, driver updates can resolve issues with hardware compatibility and functionality.
    3. You might need to manually re-enable ESS. This can sometimes be done through Group Policy or the Registry Editor. For example, you can add a registry key (PassportForWork) and set the value (UseEnhancedSignInSecurity) to 1
    4. Make sure your system is fully updated. Sometimes, updates can inadvertently disable certain features, and subsequent updates might fix these issues.
    5. Uninstall and then reinstall the biometric drivers. This can sometimes reset the configuration and resolve issues.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. leli eee 0 Reputation points
    2024-12-25T08:26:58.8766667+00:00

    Hello. I found out the ESS was randomly off and on since I bought my laptop (is 2 months old) - in event viewer sometimes it said local system other times secure virtual mode. But from 30th October it's only local system. And in settings I don't see the ess option anymore. Before I saw it in defender under device security and in security but now I don't see in either of those places.

    1. Should I update the bios (my bios version is the same as on the official Asus site but the date on my bios is older than on Asus website. Should I install the bios even if the version is the same but date is newer? In my Asus app I don't see any bios update, though Windows suggests an optional bios update.
    2. Should I try to use the Asus one click driver instal on Asus website to try and update all drivers. Based on what I learned it should include biometric drivers.I
    3. s it safe to add that use enhanced sign in security under passport for work in the registry editor? Won't it damage my laptop?

    Thank you for your help.


    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.