There is a bug in the security update for the Defender antimalware platform – KB5007651 (Version 1.0.2302.21002) for the March 2023 patch of Windows 11 that’s giving users a false warning that says local security authority (LSA) protection is off even though it’s enabled. This has left many people confused and worried, and it’s caused panic in some cases.
What is Local Security Authority or LSA Protection?
The LSA feature is a key security process that addresses authentication and authorization through such tasks as verifying logon attempts, password changes, and creating access tokens related to Microsoft accounts and Azure AD accounts. It’s a critical part of Windows’ security system, so it’s important to keep it enabled on your computer.
Resolution: Thanks fully, Microsoft has now confirmed that it has fixed the issue with the release of the latest update for Microsoft Defender Antivirus antimalware platform KB5007651 (Version 1.0.2303.27001). Here is what it says:
“This issue was resolved in an update for Microsoft Defender Antivirus antimalware platform KB5007651 (Version 1.0.2303.27001). If you would like to install the update before it is installed automatically, you will need to check for updates.”
Workaround – One workaround that has been widely reported to eliminate the warning is to create a couple of DWORDs in the registry, namely RunAsPPL and RunAsPPLBoot. Then, in the Windows Security app, go to Device Security and enable the toggle under Local Security Authority protection.
Alternatively, you can manually enable it by opening the group policy management editor and going to Computer Configuration > Administrative Templates. From the right pane, find Configure LSASS to run as a protected process, then click Edit.
Microsoft, however, does not recommend any workaround for this issue. However, it has suggested that users who have enabled LSA protection and restarted their devices at least once can dismiss warning notifications and ignore any additional notifications prompting for a restart.
It’s worth noting that this option isn’t available in all installations of the OS. If you’re using a Windows 10 version of the OS, you may be able to turn on LSA protection by opening the group policy settings and changing the “Configure LSASS to run as a trusted process” setting from disabled to enabled.