Press "Enter" to skip to content

Windows 11 incorrectly warns Local Security Authority protection is off

Some users have reported that the Windows Security app is showing “Local Security authority protection is off. Your device may be vulnerable” warnings when the feature is enabled. This bug is in Windows Defender (KB5007651), a mandatory security update shipped alongside Windows 11’s March 2023 Update.

For those unaware, Local Security Authority protection is a feature that prevents code injection and reduces the possibility of compromising credentials. This security feature also verifies Windows logins, and it’s necessary for the OS to function normally. It is enabled by default in all installations of Windows.

After the latest update, the app tells you to enable Local Security Authority protection and restart the device even though it’s already enabled (the toggle is on). The feature is running in the background. Our tests showed that this could be a bug with the Windows Security interface, which doesn’t mean your installation is corrupted.

Local Security authority protection is off. Your device may be vulnerable in Windows Security app

“Under the Device Security and Core isolation settings, Local Security Authority protection is toggled on. However, I am always notified that Local Security Authority Protection is off. Above the category is a message that the change requires that I restart the device. I also have tried turning it off, restarting, turning it back on, and also restarting. The issue still persists,” one of the affected users noted in a post on Feedback Hub.

The issue seems widespread, and Microsoft is aware of the reports. A Microsoft source told us the company is taking steps to pause the rollout of the botched Windows 11 KB5007651 security update and will resume the update when the problem is fixed.

Just came in:  Snapdragon 8 Gen 3 processor leaks: A 64-bit-only powerhouse?

How to fix Local Security Authority protection is off error

To fix “Local Security authority protection is off. Your device may be vulnerable”, follow these steps:

  1. Open Windows Registry Editor.
  2. Navigate to the following location: ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
  3. Make sure you have RunAsPLL and RunAsPLLBoot. If you don’t have RunAsPLLBoot listed, create DWORD entries for RunAsPLL and RunAsPLLBoot.
  4. Reboot and warnings should stop.

This is a developing story…