mdnsNSP.dll Blocked by Local Security Authority: Safe Fix

Brendan Smith
Brendan Smith - Cybersecurity Analyst
9 Min Read
Bonjour mdnsNSP.dll stopped by Local Security Authority protection on Windows.
Windows can block an outdated Bonjour module from Local Security Authority without classifying the file as malware.

mdnsNSP.dll in C:\Program Files\Bonjour is normally part of Apple Bonjour. The Windows message that it was “blocked from loading into the Local Security Authority” means LSA protection rejected that module; the warning alone does not prove malware. Keep LSA protection on. Verify the path and Apple signature, identify which app installed Bonjour, then update or repair that app. Uninstall Bonjour through Windows only when no installed app needs it.

The warning often appears after a Windows 11 security or application update leaves an older Bonjour component installed. The number in a device path such as \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll is not a threat score and can differ between PCs.

What the mdnsNSP.dll LSA warning means

Local Security Authority handles Windows sign-in credentials and authentication tokens. LSA protection prevents untrusted or incompatible modules from running inside that sensitive process. Microsoft says that when LSA blocks software, Windows names the blocked file in a notification.1

Bonjour is a local-network discovery component used by Apple software and some audio, printing, and device-management applications. Windows can block its namespace provider DLL while the rest of the app still appears installed. That is a compatibility decision by Windows, not an instruction to turn the protection off.

Is mdnsNSP.dll malware?

An expected Bonjour copy is usually legitimate when all of these facts line up:

  • the file is under C:\Program Files\Bonjour or C:\Program Files (x86)\Bonjour;
  • Properties shows a valid digital signature from Apple;
  • Bonjour, iTunes, Apple Devices, iCloud, or another known discovery-dependent app is installed;
  • the warning appeared after a Windows or vendor update and there are no other security symptoms.

The name becomes suspicious when it appears in AppData, Temp, Downloads, a random program folder, or a startup location; when its signature is missing or invalid; or when it arrives with unknown installers, browser changes, disabled security settings, repeated alerts, or unexplained network traffic. A filename alone is weak evidence. Our DLL safety guide explains why path, publisher, source, and behavior need to agree.

Situation Risk and what to do
Expected Bonjour path and valid Apple signature Likely legitimate but incompatible. Update or repair the parent app; keep LSA protection on.
Expected file, but no app seems to need Bonjour Uninstall Bonjour through Installed apps or Programs and Features, then restart.
Wrong path, invalid signature, or unknown parent app Do not allow or register the DLL. Scan the file and the PC before deleting individual components.
Warning returns after a supported uninstall Look for a partial parent-app install or another app reinstalling Bonjour; scan if the source remains unexplained.

Check the path, signature, and parent app first

  1. Read the complete path in the notification. Translate the device-style path to the normal drive path shown in File Explorer. Do not assume every HarddiskVolume3 is the same drive on every PC.
  2. Open the file location. The expected folders are C:\Program Files\Bonjour and, on some systems, C:\Program Files (x86)\Bonjour.
  3. Check the signature. Right-click mdnsNSP.dll, choose Properties, open Digital Signatures, and inspect the signer. A valid Apple signer supports the legitimate-copy verdict. Microsoft Sysinternals Sigcheck can show version and signature-chain details when the normal dialog is unclear.3
  4. Find the parent application. Open Settings > Apps > Installed apps and look for Bonjour and the Apple or device-discovery app that installed it. If an audio or hardware tool relies on Bonjour, check that vendor’s current installer before removing the component.

How to fix mdnsNSP.dll blocked by LSA safely

  1. Keep Local Security Authority protection enabled. Do not weaken credential protection to make an old module load.
  2. Update the parent app. For current Apple apps on Windows, check Microsoft Store updates. Older Apple packages may use Apple Software Update.2 For Dante, audio, printing, or other discovery tools, install the vendor’s current supported package.
  3. Repair before removing. In Control Panel, open Programs and Features, select Bonjour or the parent application, and choose Repair or Change when available. Restart Windows and test the app.
  4. Uninstall only if Bonjour is not needed. Use Settings > Apps > Installed apps or Programs and Features. Remove the parent app first when it owns the Bonjour installation. Restart after the supported uninstall.
  5. Confirm the result. Check that the warning no longer appears and that the app, device discovery, printing, or audio workflow you actually use still works.

If a partial Bonjour removal breaks an app or networking

Do not download a replacement mdnsNSP.dll from a DLL mirror and do not copy it into System32. Reinstall the current parent application from its official source so Windows receives the matching Bonjour files and installer records. Then repair the application or uninstall it cleanly.

If the problem started immediately after manual service, registry, or DLL deletion, undoing those edits by hand can make the catalog less predictable. Reinstall the owning package first. If Windows networking itself remains damaged, use the built-in Network reset only after recording VPN, proxy, and custom adapter settings that you may need to restore.

When mdnsNSP.dll needs a malware scan

Scan the PC when the DLL is outside the Bonjour program folder, its signature is invalid or names an unexpected publisher, it returns after a supported uninstall, or the same incident includes unknown startup entries, scheduled tasks, browser changes, disabled security tools, or outbound connections you cannot explain.

Keep the suspicious copy blocked. Run a full Gridinsoft Anti-Malware scan to check the surrounding folder, startup entries, scheduled tasks, services, bundled apps, browser changes, and other persistence that could recreate the file. If a suspicious installer already ran, follow the broader Windows security audit after malware after the first scan.

Scan an unexpected mdnsNSP.dll copy

If the process path is wrong, the name imitates a Windows component, or high CPU started after an unknown installer, scan for hidden miners, services, startup entries, and bundled components.

Scan suspicious process activity

What not to do

  • Do not disable LSA protection just to silence the warning.
  • Do not unregister or force-delete mdnsNSP.dll before checking which app uses Bonjour.
  • Do not delete the Bonjour service or edit Winsock/namespace-provider registry entries as the first fix.
  • Do not download a standalone DLL from a mirror.
  • Do not assume a valid signature proves the whole PC is clean; path, source, and behavior still matter.

FAQ

What is mdnsNSP.dll?

It is a Bonjour namespace provider library used for local-network service discovery. The expected copy belongs in the Bonjour program folder and should have a valid Apple signature.

Why does Bonjour keep getting blocked?

Windows is preventing an installed Bonjour module from loading into LSA. The warning can repeat when the older component remains installed, a parent app reinstalls it, or a repair/update did not replace the incompatible copy.

How do I unblock Bonjour on Windows 11?

Do not bypass LSA protection. Update or repair the app that installed Bonjour. If no app needs Bonjour, uninstall it through Windows and restart.

Can I delete mdnsNSP.dll?

Do not delete it directly. Use the parent application’s repair or uninstall process so its service and networking registrations are removed consistently.

Does this warning mean my PC has a virus?

No. The warning alone means Windows blocked a module from LSA. Treat it as suspicious only when the path, signature, parent app, or surrounding behavior does not match a normal Bonjour installation.

References

  1. Microsoft Support. “Device Security in the Windows Security App.” Microsoft, accessed July 15, 2026. https://support.microsoft.com/en-US/Windows/Security/Windows-Security/device-security-in-the-windows-security-app
  2. Apple Support. “Update Apple software for Microsoft Windows.” Apple, updated June 8, 2026, accessed July 15, 2026. https://support.apple.com/en-us/118406
  3. Microsoft Learn, Sysinternals. “Sigcheck v2.91.” Microsoft, updated February 4, 2026, accessed July 15, 2026. https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck
Share This Article
Cybersecurity Analyst
Follow:
Brendan Smith has spent over 15 years knee-deep in cybersecurity, chasing down malware from the gritty reverse-engineering of old-school trojans all the way to wrangling full-blown incident responses for small-to-medium businesses that couldn’t afford a full-blown breach. Over at Gridinsoft, he’s the guy piecing together those double-checked guides on nasty stuff like AsyncRAT ransomware—take last year, for instance, when his breakdowns caught more than 200 sneaky variants right in live scans, knocking user cleanup jobs down by a solid 40% and saving folks hours of headache.
Leave a Comment

AI Assistant

Hello! 👋 How can I help you today?