Windows 11 22H2 Defender causes "Local Security Authority protection is off" warning

Windows[German]Windows 111 22H2 users are annoyed since months by a Defender warning "Local Security Authority protection is off". It seems that it correspondents with Windows Defender update KB5007651. Some registry entries  allow to remove that warning/malfunction.


Advertising

Some user reports

I received a first report on March 16,  2023 from an annoyed user of Windows 11 22H2. He reported, that the got a warning, that "Local Security Authority protection is off", after he received the latest Defender security update KB5007651.

I still remembered several posts within the internet – for instance the Microsoft Answers forum post Windows Security Bug – Local Security Authority Protection Not Registering a System Restart from January 15, 2023, where a user wrote:

After I uninstalled Avira Antimalware, I got an alert from Windows Security that my Local Security Authority Protection was turned off. But after I turned it on and restarted as instructed, I continue to get the same alert that my Local Security Authority Protection is turned off, even though within the same window, the toggle switch under the "Local Security Authority Protection" heading displays that it's already turned on.

There is a 2nd post Device Security – Local Security Authority Protection is off. Your device may be vulnerable. from March 15, 2023 at Microsoft Answers forum, reporting this incident too. My German reader has mentioned numerous hits at reddit.com like here (with video and confimations), as well as here, here and here).

Core isolation and Defender update KB5007651

I remembered in this context a German post "Schutz durch lokalen Sicherheit Autorität" – Probleme durch die KB5007651 in Windows 11 22H2 by deskmodder colleagues from late February 2023. KB5007651 is the cyclically rolled out update for the Windows Security Platform. And this update seems to cause trouble for some Windows 11 22H2 users for months. At deskmodder.de it says:

Local Security Authority Protection is disabled. Your device may be vulnerable".

I hadn't picked that up here in my blog, because the post referred to Insider Previews of Windows 11, which I almost never address here on the blog. It is reported, that Microsoft ships an update, that fixes this behavior. A quick workaround to overcome this warning is to go in the registry editor to the key:


Advertising

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

and add/set the following two DWORD values (32-bit) RunAsPPL and RunAsPPLBoot to 2. If a value is missing, add it. After that it should probably work again – although I have hints that it doesn't help with all users. And this may have side effects, see the entry within this Microsoft article.

At this point I'm asking, what's wrong at Microsoft, because we have had a continous stream of Defender related issues within the last months.

Similar articles:
Microsoft Defender update/ASR deletes desktop shortcuts, taskbar broken, Office apps don't start anymore
Windows deleted shortcuts; Microsoft explains Windows Defender ASR issue Jan. 13, 2023
Is Microsoft Defender killing applications like Outlook again? (Feb 3, 2023)
Windows 11: "Defender trouble" due to updates KB5022845 and KB5022913 (app startup hangs)
Defender Update KB2267602 (v1.383.1400.0 and above) drops install error 0x80070643 – reports low memory
Windows 11: "Windows Security Health Service exe no longer functional" due to Defender update


Advertising

This entry was posted in issue, Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).