[German]Wonders may yet happen. I have the first reports that Microsoft has fixed the Local Security Authority (LSA) issue that has been simmering in Windows 11 for months. It was caused by an update, and as a result, certain features of Defender do not work and cause errors. Here is a brief overview of this issue and the fix.
Advertising
The Defender LSA bug in Windows 11
Since March 2023, the so-called LSA bug has been tormenting owners of Windows 11 22H2. This is because the update of the Defender anti-malware platform through the KB5007651 antimalware platform update led to a Local Security Authority (LSA) bug.
Device Security shows a yellow triangle with an exclamation mark (see screenshot above of a German Windows 11) because the local security authority (LSA) protection isn't activated and cannot be enabled. I had already written something about this in March 2023 in the blog post Windows 11 22H2 Defender causes "Local Security Authority protection is off" warning" (and further posts, see end of article).
Microsoft tried to fix this problem in the following months with updates, but this led to further problems like errors in the memory integrity of the Defender. In the blog post Windows 11: Microsoft can't solve the Defender LSA bug – update pulled, I addressed Microsoft's admission in the support post "Local Security Authority protection is off." with persistent restart on the problem. Now we are almost two months further, and a fix is is around the corner.
A blog reader and Microsoft confirm a fix
German blog reader Windowsnutzer1969 left this morning the following comment (I'm pulling the translated comment out here):
Advertising
Just saw that currently update for Windows Security platform-antimalware platform – KB5007651 (version 1.0.2306.10002) has been installed. Finally solved the never-ending Defender problem (?!).
Thanks for the tip. As of July 5, 2023, Microsoft updated the support article "Local Security Authority protection is off." with persistent restart in the Windows 11 Health Status Dashboard. There, it was already stated since March 2023 that "an update to Microsoft Defender Antivirus Antimalware Platform – KB5007651 (version 1.0.2302.21002)" triggers the problems described above. Microsoft also lists both Windows 11 21H2 and Windows 11 22H2 as affected operating systems. With yesterday's update, it now states:
Resolution: This issue was resolved in an update for Windows Security platform antimalware platform KB5007651 (Version 1.0.2306.10002). If you would like to install the update before it is installed automatically, you will need to check for updates
The update of the Windows Security Platform Antimalware Platform to version 1.0.2306.10002 should fix the problem. The update is rolled out automatically. However, this can take a while. The installation of the new version can be accelerated by letting the user check for updates. Question for those affected: Is the problem really fixed now?
Similar articles:
Windows 11 22H2 Defender causes "Local Security Authority protection is off" warning
Windows 11 22H2: Microsoft confirms Defender bug "Local security protection is disabled"
Windows 11: Defender update KB5007651 brings FASR, fixes LAS bug, but still causes issues
Windows 11: Defender LSA bug fixed by "removing settings", and more Defender/FASR issues …
Windows 11: Microsoft can't solve the Defender LSA bug – update pulled
Advertising
It seems to be fixed for me with this update. So far! – Let's wait and see if other problems appear in time.
seems to be fixed for others, according to this from askwoody forum:
https://www.askwoody.com/forums/topic/kb-5007651-2/
The error seems to have been fixed with the latest platform update, but in Event Viewer I have a lot of warnings about LSA (Event IDs 6155) – for example: "LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard. PackageName: tspkg"
Here in late November 2023 I'm still getting constant LSA (EsaSrv) warnings of "LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard." but with a variety of cited PackageNames: msv1_0, kerberos, negoexts, tspkg, pku2u, cloudap, wdigest, schannel, schannel, sfapm, pku2u, … this as well as constant and unpredictable system freezes requiring reboot and causing lost data…. very frustrating to say the least. No stop gap patches in the meantime?