mdnsNSP.dll in C:\Program Files\Bonjour is normally part of Apple Bonjour. The Windows message that it was “blocked from loading into the Local Security Authority” means LSA protection rejected that module; the warning alone does not prove malware. Keep LSA protection on. Verify the path and Apple signature, identify which app installed Bonjour, then update or repair that app. Uninstall Bonjour through Windows only when no installed app needs it.
The warning often appears after a Windows 11 security or application update leaves an older Bonjour component installed. The number in a device path such as \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll is not a threat score and can differ between PCs.
What the mdnsNSP.dll LSA warning means
Local Security Authority handles Windows sign-in credentials and authentication tokens. LSA protection prevents untrusted or incompatible modules from running inside that sensitive process. Microsoft says that when LSA blocks software, Windows names the blocked file in a notification.1
Bonjour is a local-network discovery component used by Apple software and some audio, printing, and device-management applications. Windows can block its namespace provider DLL while the rest of the app still appears installed. That is a compatibility decision by Windows, not an instruction to turn the protection off.
Is mdnsNSP.dll malware?
An expected Bonjour copy is usually legitimate when all of these facts line up:
- the file is under
C:\Program Files\BonjourorC:\Program Files (x86)\Bonjour; - Properties shows a valid digital signature from Apple;
- Bonjour, iTunes, Apple Devices, iCloud, or another known discovery-dependent app is installed;
- the warning appeared after a Windows or vendor update and there are no other security symptoms.
The name becomes suspicious when it appears in AppData, Temp, Downloads, a random program folder, or a startup location; when its signature is missing or invalid; or when it arrives with unknown installers, browser changes, disabled security settings, repeated alerts, or unexplained network traffic. A filename alone is weak evidence. Our DLL safety guide explains why path, publisher, source, and behavior need to agree.
| Situation | Risk and what to do |
|---|---|
| Expected Bonjour path and valid Apple signature | Likely legitimate but incompatible. Update or repair the parent app; keep LSA protection on. |
| Expected file, but no app seems to need Bonjour | Uninstall Bonjour through Installed apps or Programs and Features, then restart. |
| Wrong path, invalid signature, or unknown parent app | Do not allow or register the DLL. Scan the file and the PC before deleting individual components. |
| Warning returns after a supported uninstall | Look for a partial parent-app install or another app reinstalling Bonjour; scan if the source remains unexplained. |
Check the path, signature, and parent app first
- Read the complete path in the notification. Translate the device-style path to the normal drive path shown in File Explorer. Do not assume every
HarddiskVolume3is the same drive on every PC. - Open the file location. The expected folders are
C:\Program Files\Bonjourand, on some systems,C:\Program Files (x86)\Bonjour. - Check the signature. Right-click
mdnsNSP.dll, choose Properties, open Digital Signatures, and inspect the signer. A valid Apple signer supports the legitimate-copy verdict. Microsoft Sysinternals Sigcheck can show version and signature-chain details when the normal dialog is unclear.3 - Find the parent application. Open Settings > Apps > Installed apps and look for Bonjour and the Apple or device-discovery app that installed it. If an audio or hardware tool relies on Bonjour, check that vendor’s current installer before removing the component.
How to fix mdnsNSP.dll blocked by LSA safely
- Keep Local Security Authority protection enabled. Do not weaken credential protection to make an old module load.
- Update the parent app. For current Apple apps on Windows, check Microsoft Store updates. Older Apple packages may use Apple Software Update.2 For Dante, audio, printing, or other discovery tools, install the vendor’s current supported package.
- Repair before removing. In Control Panel, open Programs and Features, select Bonjour or the parent application, and choose Repair or Change when available. Restart Windows and test the app.
- Uninstall only if Bonjour is not needed. Use Settings > Apps > Installed apps or Programs and Features. Remove the parent app first when it owns the Bonjour installation. Restart after the supported uninstall.
- Confirm the result. Check that the warning no longer appears and that the app, device discovery, printing, or audio workflow you actually use still works.
If a partial Bonjour removal breaks an app or networking
Do not download a replacement mdnsNSP.dll from a DLL mirror and do not copy it into System32. Reinstall the current parent application from its official source so Windows receives the matching Bonjour files and installer records. Then repair the application or uninstall it cleanly.
If the problem started immediately after manual service, registry, or DLL deletion, undoing those edits by hand can make the catalog less predictable. Reinstall the owning package first. If Windows networking itself remains damaged, use the built-in Network reset only after recording VPN, proxy, and custom adapter settings that you may need to restore.
When mdnsNSP.dll needs a malware scan
Scan the PC when the DLL is outside the Bonjour program folder, its signature is invalid or names an unexpected publisher, it returns after a supported uninstall, or the same incident includes unknown startup entries, scheduled tasks, browser changes, disabled security tools, or outbound connections you cannot explain.
Keep the suspicious copy blocked. Run a full Gridinsoft Anti-Malware scan to check the surrounding folder, startup entries, scheduled tasks, services, bundled apps, browser changes, and other persistence that could recreate the file. If a suspicious installer already ran, follow the broader Windows security audit after malware after the first scan.
If the process path is wrong, the name imitates a Windows component, or high CPU started after an unknown installer, scan for hidden miners, services, startup entries, and bundled components.
Scan suspicious process activityWhat not to do
- Do not disable LSA protection just to silence the warning.
- Do not unregister or force-delete
mdnsNSP.dllbefore checking which app uses Bonjour. - Do not delete the Bonjour service or edit Winsock/namespace-provider registry entries as the first fix.
- Do not download a standalone DLL from a mirror.
- Do not assume a valid signature proves the whole PC is clean; path, source, and behavior still matter.
FAQ
What is mdnsNSP.dll?
It is a Bonjour namespace provider library used for local-network service discovery. The expected copy belongs in the Bonjour program folder and should have a valid Apple signature.
Why does Bonjour keep getting blocked?
Windows is preventing an installed Bonjour module from loading into LSA. The warning can repeat when the older component remains installed, a parent app reinstalls it, or a repair/update did not replace the incompatible copy.
How do I unblock Bonjour on Windows 11?
Do not bypass LSA protection. Update or repair the app that installed Bonjour. If no app needs Bonjour, uninstall it through Windows and restart.
Can I delete mdnsNSP.dll?
Do not delete it directly. Use the parent application’s repair or uninstall process so its service and networking registrations are removed consistently.
Does this warning mean my PC has a virus?
No. The warning alone means Windows blocked a module from LSA. Treat it as suspicious only when the path, signature, parent app, or surrounding behavior does not match a normal Bonjour installation.
References
- Microsoft Support. “Device Security in the Windows Security App.” Microsoft, accessed July 15, 2026. https://support.microsoft.com/en-US/Windows/Security/Windows-Security/device-security-in-the-windows-security-app
- Apple Support. “Update Apple software for Microsoft Windows.” Apple, updated June 8, 2026, accessed July 15, 2026. https://support.apple.com/en-us/118406
- Microsoft Learn, Sysinternals. “Sigcheck v2.91.” Microsoft, updated February 4, 2026, accessed July 15, 2026. https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck

