Windows 10 has an optional feature that allows running lsass.exe as a protected process, to mitigate various credential theft attacks:
Configuring Additional LSA Protection | Microsoft Docs
When this feature is enabled, DLLs loaded into LSASS must be signed with the file signing service for LSA on the Windows Hardware Dev Center dashboard.
VMware Tools installs an LSA plugin called vmwsu_v1_0.dll which is not signed in the required manner and fails to load when RunAsPPL is enabled in Lsa's configuration. When a kernel debugger is attached to the guest, the following message appears:
******************************************************************
* This break indicates this binary is not signed correctly: \Device\HarddiskVolume4\Windows\System32\VMWSU_V1_0.DLL
* and does not meet the system policy.
* The binary was attempted to be loaded in the process: \Device\HarddiskVolume4\Windows\System32\lsass.exe
* This is not a failure in CI, but a problem with the failing binary.
* Please contact the binary owner for getting the binary correctly signed.
******************************************************************
This has been observed with the latest version of VMware Tools included in VMWare Workstation Pro 14.1.2 build-8497320.