After enabling LSA Protection mode (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL=1) on Windows 2012 R2 domain controller - dcagent.dll stop working. No events from this dc in "view logon events" button on Collector, no record for this domain controller on "show monitored DCs" button, empty dcagent log (enable_log=1 in HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FSAE\DCAgent)

In Microsoft-Windows-CodeIntegrity/Operational event log - events CodeIntegrity 3033:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\lsass.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dcagent.dll that did not meet the Microsoft signing level requirements.

My dcagent.dll verison is 5.0.271

Maybe newer version of dcagent.dll can work with LSA Protection mode?

Or if any dcagent.dll is incompatible with LSA Protection mode - add this to documentation?