This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 21%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWT%3C/text%3E%3C/svg%3E)
Hello,
What's this? Do I need to take any action about it or just leave it alone?
Thanks very muchπ
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 21%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hi Wilson T,
Try rebooting your computer, they get installed / replaced on the boot cycle and then recheck your event viewer. FYI I also have the 1801 event error number scatted amongst all the events, so I don't think you have too much to worry about. Let us know after rebooting if you still have 1801 coming up.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 60%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
I currently have the same issue and it broke the mirroring of my 2 HDD AGAIN, please can someone tell me how this is fixed in the BIOS thanks.
Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:4602;OEMModelNumber:System Product Name;OEMModelBaseBoard:ROG STRIX B450-F GAMING II;OEMModelSystemFamily:To be filled by O.E.M.;OEMManufacturerName:System manufacturer;OEMModelSKU:SKU;OSArchitecture:amd64;
BucketId: aa5b3f49388890199a8eade70fa35fb27d954c0eec70cd0b84ea26aae2e35872
BucketConfidenceLevel:
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 96%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
It does have an effect... it causes the computer to lag up to 30 seconds....a lifetime if you are trading stocks and options on the platform.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 32%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
With the optional update from October 28 (KB5067036), Microsoft introduced a CLI tool for the WinCS API. Install https://support.microsoft.com/en-us/topic/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe
Now install this PowerShell-Module:
Install-Module UEFIv2 -Force
You can list now the certificates:
Get-UEFISecureBootCerts db | select SignatureSubject
Which certificates are needed is listed here:
https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e
Now set the update configuration:
WinCsFlags.exe /apply --key "F33E0C8E002"
Now, run the Scheduled Task Secure-Boot-Update.
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Reboot twice and check again for the certificates and the Event-Log.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 50%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
John Westfield This is the right answer, it worked for me. Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 9%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
I have a similar kind of issue. I have a Dell 7350 laptop and it keeps restarting every time I shutdown. When I checked the event log, same error is there. Would that be fixed by @John Westfield 's fix?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 4%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Great - just freaking great ...
PS C:\WINDOWS\system32> Get-UEFISecureBootCerts db | select SignatureSubject
Get-UEFISecureBootCerts : The 'Get-UEFISecureBootCerts' command was found in the module 'UEFIv2', but the module could not be loaded. For
more information, run 'Import-Module UEFIv2'.
At line:1 char:1
+ CategoryInfo : ObjectNotFound: (Get-UEFISecureBootCerts:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
Answer accepted by question author
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 84%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Hello, Wilson T.
If the OS is stable, you can ignore these messages. Judging by the information from the screenshot, they relate to updates from Lenovo (the manufacturer of your PC).
P.S. Even on a fully functional PC and a working OS, there are always similar messages in the Event Viewer. This is the normal behavior of the log collector.
It does make a difference.... see comment above
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 77%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
e.g. DELL will NOT update Optiplex 7050 UEFI (2017) because they let MS do the job.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 9%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
I have the same problem with Z690 AORUS ELITE AX DDR4 - last Bios updated to F33
Hi Gary Rogers,
I dont think Secure Boot certificate would cause an issue as far as 30 second freeze is concerned, what make and model is your computer, the drivers installed, this sounds far more likely to hardware/ software issue. I can help by pointing which logs to look at that might show which part is causing these delays, let me know.
Dell Pro Slim Plus QBS1250, all drivers updated via their website. I uploaded the logs to Dell, but no solution as of yet. Reset to original state and updated Windows 11 to latest patches and updated all drivers yet again. Still no solution to temporary freezes (10 sec. --- I exaggerated when I said 30 seconds because that's what it seemed like at the time).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 2%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
May not be an issue. Check your BIOS for your type of boot. If you are using the LEGACY boot, then you're not using the secure boot or the these keys anyway and so updating is NOT necessary. Life goes on, albeit with a once per month error in the event log.
DO NOT CHANGE from Legacy Boot to Secure Boot because this will require a reinstall of Windows, and I'm pretty sure you don't want to do that.
Answer recommended by moderator
With the optional update from October 28 (KB5067036), Microsoft introduced a CLI tool for the WinCS API. Install https://support.microsoft.com/en-us/topic/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe
Now install this PowerShell-Module:
Install-Module UEFIv2 -Force
You can list now the certificates:
Get-UEFISecureBootCerts db | select SignatureSubject
Get-UEFISecureBootCerts kek | select SignatureSubject
Certificates which are updated are listed here:
WinCsFlags is going to update ALL FOUR certificates listed. Also the one stored in KEK.
Now set the update configuration:
WinCsFlags.exe /apply --key "F33E0C8E002"
Now, run the Scheduled Task Secure-Boot-Update.
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Reboot twice and check again for the certificates and the Event-Log.
If all is updated, you can set back the update configuration:
WinCsFlags.exe /apply --key "F33E0C8E001"
If this doesn't work, you're not using secure boot. But don't change because you'll have to reinstall Windows if you change the boot type
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 7.000000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEA%3C/text%3E%3C/svg%3E)
finally i tried it myself and succeeded, for fix that. 1 unistall security on "devices manager" and then restart pc. after back to dekstop windows try open delta force and then not show green screen again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 53%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
"I uninstall security". Please give more details. This is as mysterious as the MS-message! Do you mean the "Device Manager" in "Manage my PC" (right click on "This PC" in Explorer? Do you eliminate TPM 2.0? But where is my security then? Probably you won't get anymore messages from TPM if it is no longer in use. But with what do you replace TPM?
just uninstall tpm in security device on device manager, and restart your pc /notebook. tpm/security will be reinstall automatic after finish restart
Okay, here is what to do:
Check for optional Update from 28th of October (KB5067036) where Microsoft introduces a CLI-Tool for the WinCS-API. If not installed, please do so.
Also install this PowerShell Module:
Install-Module UEFIv2 -Force
Now use this command to check certificates:
Get-UEFISecureBootCerts db | select SignatureSubject
Here is a proper output of the above command:
SignatureSubject
----------------
CN=Microsoft Corporation UEFI CA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CN=Windows UEFI CA 2023, O=Microsoft Corporation, C=US
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CN=GIGABYTE
CN=GIGABYTE
CN=Microsoft Option ROM UEFI CA 2023, O=Microsoft Corporation, C=US
CN=Microsoft UEFI CA 2023, O=Microsoft Corporation, C=US
Important are the four Certificates named here:
https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e
You can now instruct your system to update these keys after two reboot which you have to do manually.
Two commands for first step:
This allows you to query and configure the settings for updating certificates and the boot manager. You can check the current status with:
WinCsFlags.exe /query
The active configuration has either the value F33E0C8E001 or F33E0C8E002. The former corresponds to the status "Disabled," meaning an update is not planned. Switching to F33E0C8E002 sets the flag that installs the new certificates and the boot manager.
WinCsFlags.exe /apply --key "F33E0C8E002"
Now, run the Scheduled Task Secure-Boot-Update.
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
After two reboots, check again:
Get-UEFISecureBootCerts db | select SignatureSubject
And you can set the active configuration back:
WinCsFlags.exe /apply --key "F33E0C8E001"