Some Windows 11 users have been experiencing a persistent warning from Windows Security that says “Local Security authority protection is off. Your device may be vulnerable” even if the feature is enabled. Microsoft has confirmed there is an issue that stems from the compulsory Windows Defender security update (KB5007651), which was a part of March 2023 Patch Tuesday. The company is now rolling out a fix for the problem.
“After installing “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002)”, you might receive a security notification or warning stating that “Local Security protection is off. Your device may be vulnerable.” and once protections are enabled, your Windows device might persistently prompt that a restart is required.”
Local Security Authority (LSA) is a protected subsystem that authenticates and logs users onto a PC's local system. LSA also maintains information about all aspects of local security on a system, which is collectively known as the Local Security Policy of the system. In short, it prevents the theft of sensitive information such as login credentials.
Microsoft is Now Rolling Out a Fix
While Microsoft acknowledged the problem last month, the company was only able to provide a workaround. However, the company is now back with a permanent fix. To stop the LSA warning bug, users need to follow these steps:
- Open Windows Registry Editor.
- Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- See if RunAsPPL and RunAsPPLBoot are listed. If not, right-click on the Lsa folder and create new DWORD entries.
- Right-click on the entries and be sure their values are set to 2.
- Restart your PC.
This should stop the annoying warning from appearing. However, users should be careful when editing the registry, as any mistake could cause serious problems for their system. Microsoft has also advised users to upgrade to Windows 11, version 22H2, which does not have this issue.
Users who are not getting the update next can use the following workaround in the meantime:
“Workaround: If you have enabled Local Security Authority (LSA) protection and have restarted your device at least once, you can dismiss warning notifications and ignore any additional notifications prompting for a restart. You can verify that LSA protection is enabled by looking in Event Viewer using the information available here. Important: Currently, we do not recommend any other workaround for this issue.”
Tip of the day: Having problems with pop-ups and unwanted programs in Windows? Try the hidden adware blocker of Windows Defender. We show you how to turn it on in just a few steps.
