Before actually selecting device security on left pane of secttins
what is shown on - settings
windows security under the icon - device security

1. Go to this link
TUF GAMING H670-PRO WIFI D4｜Motherboards｜ASUS United Kingdom
download the
Version 1.00.04
2022/02/15 135.01 KBytes
AI Suite 3 Cleaner
Use the uninstall tool to remove AI Suite 3 and its related service files.

and run that.

2. RESTART the computer not shut down as on 11 that is not of course a complete shutdown.

3. Check now if the standard hardware security is now OK and does not display the not supported message.

4. If so go back to the link and download
Version 3.01.06
2022/01/04 154.67 MBytes
ASUS AI Suite 3 V3.01.06 Install Program for Windows 10 64-bit, Windows 11 64-bit.
-Performance and Power Saving Utilities V2.00.88 for Windows 10 64-bit, Windows 11 64-bit.
-ASUS System Information V2.00.18 for Windows 10 64-bit, Windows 11 64-bit.

install
and check again IF the first step did show all in order with hardware security under device security

IF that does not work when you reply I will give you further advice.

 

do you mean this settings page?

here is security after removing the app and performing a restart

 

1. Are you absolutely certain
PTT is enabled in firmware
Advanced Screen

Section 6.6. BIOS manual
PRIME_PROART_TUF_GAMING_Intel_600_Series_BIOS_EM_WEB_EN.pdf (asus.com)

If you are
cmd prompt admin arights and
type
sfc /scannow
press enter

if all is in order leave the prompt
if errors could not be fixed
run
Dism /Online /Cleanup-Image /RestoreHealth

please report result of DISM if it was needed
If errors still could not be fixed
send DISM log please as an attachment
Windows
Logs
DISM

 

PTT 100% enabled, TPM 2.0 all setup, UEFI Mode set in Bios

C:\Windows\System32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\System32>

 

Please see if you have this folder in bold in the
C:\Windows\System32\SecurityHealth\
1.0.2109.27002-0

Would I be correct in thinking that the problem only occured after the upgrade to 22H2
The folowing only applies IF the problem arose AFTER you system upgraded to 22H2
If you do have that folder
1. create a restore point
check it has been created

2. Copy that folder and save it to the desktop
THEN delete the folder

RESTART and try again

 

1. Is this computer running ONLY windows 11
Or is it Windows 11 with a virtual install of another OS
HyperV is as I am sure you know
How to Enable Hyper-V on Windows 11? Here Are 3 Ways (partitionwizard.com)

2. Although you do not have that folder that you do have

C:\Windows\System32\SecurityHealth

the security health folder in windows
system 32.

 

i dont have that folder and yes you are correct

security health is empty but i have noticed this in hwinfo: Microsoft Hyper-V is active. Some results may not reflect real hardware !

 

yes just win 11 nothing else, hyper v is on already

C:\Windows\System32\SecurityHealth is there but its contents are empty

 

I resume after setting standard and save and exit and then you restarted system
Without the restart the changes will not take effect

If it still does not work I can only suggest the repair install

A number of such problems as you are having - have been reported, but a roll back, has cured the issue
OR the deletion of that folder

What puzzles me and I must admit I do not know the answer is why you do nt have any entries in that

C:\Windows\System32\SecurityHealth is there but its contents are empty

I do not have 2H22 but I have four entries in that folder on my 11

 

Goodnight
signing off
I am in UK - back approx 1800 hrs UK time

 

So I done the roll back on that update and it just installed itself after a reboot so that didn't work, I've checked all the bios and attached screenshot of the settings, I'm just going to run a repair on boot now see what happens after that.

 

I suggest
Section 8
BIOS manual
set secure boot mode
STANDARD not custom

 

I suggest
Section 8
BIOS manual
set secure boot mode
STANDARD not custom

just changed that still the same

 

Further to the above, I realise this is NOT your particular issue
however it is closely related
I suspect it is a Microsoft - caused problem
(12) Did Microsoft mess up my Security? Strange story! | Page 2 | Windows 11 Forum (elevenforum.com)
I have just thought, there is no point in doing a repair on the roll back
I should have perhaps made it clearer that I referred to the repair on the 2H22

 

I honestly do not know
Have you got a system image of the whole drive on an external drive
The reason I ask is that if you do a clean install and it does not work, you can at least then go back to the system image to save you reinstalling all the apps and indeed your personal data will be preserved.

Returning to the custom or standard for the secure boot
Standard takes the keys from the TPM trusted platform in the firmware and the various hardware and then from boot devices etc.and eventually from the OS for the successful result on the windows security - devices etc.

As I understand it, and I am by no means an expert in this issue, custom is only used when the user wishes to configure the keys
That seems to be the general theme of the BIOS operating manual for your board.

My recommendation is
1. System image I always use Macrium Reflect free edition
It has never failed me on my personal use or in my use for solving problems on relatives and friends computers.
It is very highly regarded, simple to use and has none of the complexity of Acronis for example.

2. Reset BIOS to optimal defaults.
CHECK settings for secure boot and UEFI but I am sure they will be correct

3. Clean install from USB using Microsoft download media
Download Windows 11 (microsoft.com)
second option.
Ensure you delete all partitions on the drive
UNLESS of course you have partitions other than the four for the UEFI install
eg a partition containing such as other personal data - games etc,
See link for excellent guide
(13) Clean Install Windows 11 Tutorial | Windows 11 Forum (elevenforum.com)

4. If that works, then the next step is of course up to you.
If it does not, I am sorry to say I do not know the answer.

 

I honestly do not know
Have you got a system image of the whole drive on an external drive
The reason I ask is that if you do a clean install and it does not work, you can at least then go back to the system image to save you reinstalling all the apps and indeed your personal data will be preserved.

Returning to the custom or standard for the secure boot
Standard takes the keys from the TPM trusted platform in the firmware and the various hardware and then from boot devices etc.and eventually from the OS for the successful result on the windows security - devices etc.

As I understand it, and I am by no means an expert in this issue, custom is only used when the user wishes to configure the keys
That seems to be the general theme of the BIOS operating manual for your board.

My recommendation is
1. System image I always use Macrium Reflect free edition
It has never failed me on my personal use or in my use for solving problems on relatives and friends computers.
It is very highly regarded, simple to use and has none of the complexity of Acronis for example.

2. Reset BIOS to optimal defaults.
CHECK settings for secure boot and UEFI but I am sure they will be correct

3. Clean install from USB using Microsoft download media
Download Windows 11 (microsoft.com)
second option.
Ensure you delete all partitions on the drive
UNLESS of course you have partitions other than the four for the UEFI install
eg a partition containing such as other personal data - games etc,
See link for excellent guide
(13) Clean Install Windows 11 Tutorial | Windows 11 Forum (elevenforum.com)

4. If that works, then the next step is of course up to you.
If it does not, I am sorry to say I do not know the answer.

cool thanks for the help, i dont store anything on my m.2 its all on externals only have 4 games installed on it. everything is backed up so ill just fresh install and see what happens. ill let you know.

 

Not had the time to wipe just yet but I've just had an update for the 2H22 update unknown what it was for but I didn't resolve the issue so far, will keep you updated.

 

Cheers
Will wait to hear from you

 

just a quick update, not had time to complete a full wipe but ive received a number of updates titled 2H22 and still noting is changing, bios is still all enabled so untill i can get a minute im hoping the updates will fix it, if there are any other things you have seen regarding this then please share.

thanks for your help so far

 

f there are any other things you have seen regarding this then please share.

I have nothing further to suggest
However 2H22 is more or less a complete fresh install of windows as it is a new version of 11
and you will notice that you have on C drive a windows old folder whioch is for the purpose of rollng back to 21H2

Are you aware that a number of people have had issues with 2H22 which was I think an optional update
That is not to mean that you will - but you may wish to see this

If you google 2H22 problems you can see the many reports
2h22 problems - Google Search

although the official microsoft problems do not show most of them
Windows 11, version 22H2 known issues and notifications | Microsoft Learn
I suspect like many other version updates many of those reported on google - will be peculiar to certaion setups and certain third party software

 

we have lift off, all my settings are back BUT when i turn off memory integrity in settings it makes me restart to take effect then i come back on and its on again. can it not be kept off?

 

You would be far better leaving it turned on
from security aspects and forget about A1 Suite
(14) Enable or Disable Core Isolation Memory Integrity in Windows 11 Tutorial | Windows 11 Forum (elevenforum.com)

 

I understand its importance but turning it off is the only way to overclock using the ai program, I can't see how in bios to switch it off switching off from device security saves it and forces a restart then login and it's back on, same with the ai app open that says do you want to turn off memory integrity, click yes and forces reboot to make changes, comes back on and it's still not off.

It is a frustrating thing it is

 

Have you tried the reg file on the link

 

Would that enable me to turn it off and back on or would I have to manually change it in the registry editor incase it messes up my security settings, again.

 

I would think you would have to re-run the reg file.
That said depending on what OC you are making the easier way - surely is turn off memory integrity - run A1
and then turn on memory integrity
It is not, as I see it, a repeated exercise with A1 suite
OR OC in firmware without using A1