Windows 11 incorrectly warns that local security authority protection is turned off

Some users have reported that the Windows Security app displays a "Local security authorization protection is turned off. When this feature is enabled, your device may be vulnerable" warning. This bug exists in Windows Defender (KB5007651), a mandatory security update released with the March 2023 Update for Windows 11.

Local Security Authority Protection is a feature that prevents code injection and reduces the possibility of compromised credentials. The Local Security Authority feature authenticates Windows logins, which is required for the operating system to function properly.

This security switch in the Settings application adds additional protection to LCA against code injection that could compromise credentials. With LCAP, Microsoft hopes to prevent the accidental sharing or disclosure of sensitive information such as passwords, tokens, and certificates.

After the latest update, the app will tell you to enable Local Security Authority protection and restart the device even though it is already enabled (the toggle is turned on). This feature runs in the background. Our testing suggests this may be a bug in the Windows security interface, which does not mean your installation is corrupted.

Local security permission protection is turned off. Your device may be vulnerable in Windows Security App

"Under Device Security and Core Isolation settings, Local Security Authority Protection is turned on. However, I am always told that Local Security Authority Protection Closed. Above the category is a message stating that the change requires me to reboot the device. I've also tried closing it, rebooting, reopening it, and rebooting. The issue persists," one affected user said in the Feedback Hub pointed out in the post.

This issue appears to be widespread and Microsoft is aware of these reports.

Update for Microsoft Defender Antivirus anti-malware platform – KB5007651

A Microsoft source tells us the company is taking steps to pause the botched Windows rollout 11 KB5007651 security update and will resume updates after the issue is resolved.

How to Fix Local Security Authority Protection is Off Error

To fix "Local Security Authority Protection is Off. Your device may be vulnerable", please follow these steps:

1. Open the Windows Registry Editor.
2. Navigate to the following location: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Make sure you have RunAsPPL and RunAsPPLBoot. If you do not list RunAsPLLBoot, create DWORD entries for RunAsPPL and RunAsPPLBoot.
4. The restart and warnings should stop.

If you are unable to change the Windows Registry, you can run the following PowerShell script we created and tested:

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f;

For now, the above workaround appears to be working for users. If you are not experiencing this issue and do not have Windows Defender KB5007651 installed, it is best to pause Windows Update while Microsoft works on the patch.

The above is the detailed content of Windows 11 incorrectly warns that local security authority protection is turned off. For more information, please follow other related articles on the PHP Chinese website!