Privacy and Security Enable or Disable Local Security Authority (LSA) Protection in Windows 11


  • Staff
Windows_Security_banner.png

This tutorial will show you how to enable or disable Local Security Authority (LSA) protection for all users in Windows 11.

Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.

Windows 11, version 22H2 supports additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.

Windows has several critical processes to verify a user’s identity. The LSA is one of those processes, responsible for authenticating users and verifying Windows logins. It is responsible for handling user credentials, like passwords, and tokens used to provide single sign-on to Microsoft accounts and Azure services. Attackers have developed tools and have abused Microsoft tools to take advantage of this process to steal credentials. To combat this, additional LSA protection will be enabled by default in the future for new, enterprise-joined Windows 11 devices making it significantly more difficult for attackers to steal credentials by ensuring LSA loads only trusted, signed code.

Reference:

You must be signed in as an administrator to enable or disable Local Security Authority (LSA) protection.

LSA requires CPU virtualization turned on.


Resolved

After installing "Update for Microsoft Defender Antivirus antimalware platform - KB5007651 (Version 1.0.2302.21002)", you might receive a security notification or warning stating that "Local Security protection is off. Your device may be vulnerable." and once protections are enabled, your Windows device might persistently prompt that a restart is required. Important: This issue affects only "Update for Microsoft Defender Antivirus antimalware platform - KB5007651 (Version 1.0.2302.21002)". All other Windows updates released on March 14, 2023 for affected platforms (KB5023706 and KB5023698), do not cause this issue.

Workaround: If you have enabled Local Security Authority (LSA) protection and have restarted your device at least once, you can dismiss warning notifications and ignore any additional notifications prompting for a restart. You can verify that LSA protection is enabled by looking in Event Viewer using the information available here. Important: Currently, Microsoft does not recommend any other workaround for this issue.

Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Updated July 05, 2023: This issue was resolved in an update for Windows Security platform antimalware platform KB5007651 (Version 1.0.2306.10002). If you would like to install the update before it is installed automatically, you will need to check for updates.

If still needed, you can use Option Two, Option Three, or Option Five below to enable LSA without the warning.



Contents

  • Option One: Turn On or Off Local Security Authority (LSA) Protection in Windows Security
  • Option Two: Turn On or Off Local Security Authority (LSA) Protection using REG file
  • Option Three: Turn On or Off Local Security Authority (LSA) Protection using Command
  • Option Four: Enable or Disable Local Security Authority (LSA) Protection in Local Group Policy Editor
  • Option Five: Enable or Disable Local Security Authority (LSA) Protection using REG file




Option One

Turn On or Off Local Security Authority (LSA) Protection in Windows Security


1 Open Windows Security.

2 Click/tap on Device security on the left side, and click/tap on the Core isolation details link on the right side. (see screenshot below)

LSA_protection_Windows_Security-1.png

3 Turn on (default) or off Local Security Authority protection for what you want. (see screenshots below)

LSA_protection_Windows_Security-2.png
LSA_protection_Windows_Security-3.png

4 If prompted by UAC, click/tap on Yes to approve.

5 Restart the computer to apply. (see screenshot below)

LSA_protection_Windows_Security-5.png




Option Two

Turn On or Off Local Security Authority (LSA) Protection using REG file


1 Do step 2 (on without UEFI Lock), step 3 (on with UEFI Lock) or step 4 (off) below for what you want.

2 Turn On Local Security Authority (LSA) Protection without UEFI Lock

This is the default setting.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Turn_ON_Local_Security_Authority_protection_without_UEFI_Lock.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002

3 Turn On Local Security Authority (LSA) Protection with UEFI Lock

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect. It acts as a tamper protection.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Turn_ON_Local_Security_Authority_protection_with_UEFI_Lock.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000001
"RunAsPPLBoot"=dword:00000002

4 Turn Off Local Security Authority (LSA) Protection

If you turned on LSA with UEFI Lock using step 3, then you will need to use the Local Security Authority Protected Process Opt-out tool to remove the UEFI variable in the registry.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Turn_OFF_Local_Security_Authority_protection.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000000
"RunAsPPLBoot"=dword:00000000

5 Save the .reg file to your desktop.

6 Double click/tap on the downloaded .reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 Restart the computer to apply.

9 You can now delete the downloaded .reg file if you like.




Option Three

Turn On or Off Local Security Authority (LSA) Protection using Command


1 Open Windows Terminal (Admin), and select Command Prompt.

2 Copy and paste the command below you want to use into Windows Terminal (Admin), and press Enter.

Turn On Local Security Authority (LSA) Protection without UEFI Lock

This is the default setting.


reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

OR​

Turn On Local Security Authority (LSA) Protection with UEFI Lock

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect. It acts as a tamper protection.


reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 1 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

OR​

Turn Off Local Security Authority (LSA) Protection

If you turned on LSA with UEFI Lock, then you will need to use the Local Security Authority Protected Process Opt-out tool to remove the UEFI variable in the registry.


reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 0 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 0 /f

3 Restart the computer to apply.




Option Four

Enable or Disable Local Security Authority (LSA) Protection in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Fve to configure the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration > Administrative Templates > System > Local Security Authority

LSA_protection_gpedit-1.png

3 In the right pane of Local Security Authority in the Local Group Policy Editor, double click/tap on the Configure LSASS to run as a protected process policy to edit it. (see screenshot above)

4 Do step 5 (default), step 6 (disable), step 7 (enable with UEFI Lock), or step 8 (enable without UEFI Lock) below for what you want.

5 Default User Choice Local Security Authority (LSA) Protection

This is the default setting to allow using Option One Option Two, and Option Three.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-2.png

6 Disable Local Security Authority (LSA) Protection

This will override and prevent using Option One, Option Two, and Option Three.


A) Select (dot) Enabled. (see screenshot below)​

B) Select Disabled in the Configure LSA to run as a protected process drop menu.​

C) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-3.png

7 Enable Local Security Authority (LSA) Protection with UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect. It acts as a tamper protection.


A) Select (dot) Enabled. (see screenshot below)​

B) Select Enabled with UEFI Lock in the Configure LSA to run as a protected process drop menu.​

C) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-4.png

8 Enable Local Security Authority (LSA) Protection without UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.


A) Select (dot) Enabled. (see screenshot below)​

B) Select Enabled without UEFI Lock in the Configure LSA to run as a protected process drop menu.​

C) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-4.png

9 You can now close the Local Group Policy Editor if you like.




Option Five

Enable or Disable Local Security Authority (LSA) Protection using REG file


1 Do step 2 (default), step 3 (disable), step 4 (enable with UEFI Lock), or step 5 (enable without UEFI Lock) below for what you want.


 2. Default User Choice Local Security Authority (LSA) Protection

This is the default setting to allow using Option One, Option Two, and Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Default_user_choice_Local_Security_Authority_protection.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=-


 3. Disable Local Security Authority (LSA) Protection

This will override and prevent using Option One, Option Two, and Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Disable_Local_Security_Authority_protection.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000000


 4. Enable Local Security Authority (LSA) Protection with UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Always_Enable_Local_Security_Authority_protection_with_UEFI_Lock.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000001


 5. Enable Local Security Authority (LSA) Protection without UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Always_Enable_Local_Security_Authority_protection_without_UEFI_Lock.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000002

6 Save the REG file to your desktop.

7 Double click/tap on the downloaded REG file to merge it.

8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

9 You can now delete the downloaded REG file if you like.


That's it,
Shawn Brink


 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 95
  • Turn_OFF_Local_Security_Authority_protection.reg
    684 bytes · Views: 222
  • Always_Enable_Local_Security_Authority_protection_with_UEFI_Lock.reg
    634 bytes · Views: 256
  • Always_Enable_Local_Security_Authority_protection_without_UEFI_Lock.reg
    638 bytes · Views: 253
  • Disable_Local_Security_Authority_protection.reg
    634 bytes · Views: 267
  • Default_user_choice_Local_Security_Authority_protection.reg
    608 bytes · Views: 251
  • Turn_ON_Local_Security_Authority_protection_without_UEFI_Lock.reg
    672 bytes · Views: 131
  • Turn_ON_Local_Security_Authority_protection_with_UEFI_Lock.reg
    672 bytes · Views: 90
Last edited:
That is strange, from what you show on security health folder you got the kb5007651 1.0.2302.21002-0, but it does not show as installed on your System security information. Looks like it was not installed for some reason.
You can run the SecurityHealthSetup.exe from the folder SecurityHealth.
Right Click on SecurityHealthSetup.exe and run as Administrator. That should install the update and after that it should show up in the System information.

View attachment 55890
Hello.

I did what you told me but SecurityHealthSetup.exe opens and closes immediately without doing anything.
I read somewhere today that Microsoft has paused this kb5007651 update until it solves a lot of people's problems.
Maybe that's the reason why I can't get rid of the problem.
I allready did a in place repair but still have the issue.
I think i'm gonna wait until a fix.
I already try everything possible.
All I have left is a clean install...but I don't want that. I hope microsoft fixes it soon.

Thanks again friend!
 

My Computer

System One

  • OS
    Windows 11 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 13 9360
    CPU
    Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    Memory
    8 GB
Hello.

I did what you told me but SecurityHealthSetup.exe opens and closes immediately without doing anything.
I read somewhere today that Microsoft has paused this kb5007651 update until it solves a lot of people's problems.
Maybe that's the reason why I can't get rid of the problem.
I allready did a in place repair but still have the issue.
I think i'm gonna wait until a fix.
I already try everything possible.
All I have left is a clean install...but I don't want that. I hope microsoft fixes it soon.

Thanks again friend!

It does not take long to setup the new security, it just updates the links, next time you check for security updates it may be all done.
There is another strange thing on your SecurityHealth folder, the date on the SecurityHealthSetup.exe is 20/03/2023 while the folder is 19/03/2023, like you got a new SecurityHealthSetup today?
I hope MS straighten this out.
They said they were rolling out a fix, but it may take several days to get to all users.
I don't think a clean install would solve anything, anyway, just wait and see what happens. 🤷‍♂️

1679363070691.png
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Yoga 920
    CPU
    Intel I7-8550U
    Motherboard
    n/a
    Memory
    16GB
    Graphics Card(s)
    Intel Graphics UHD 620
    Sound Card
    Realtek High Definition Audio (SST)
    Monitor(s) Displays
    4k Touch screen
    Screen Resolution
    3480 x 2160
    Hard Drives
    512GB NVMe
Hello.

I did what you told me but SecurityHealthSetup.exe opens and closes immediately without doing anything.
I read somewhere today that Microsoft has paused this kb5007651 update until it solves a lot of people's problems.
Maybe that's the reason why I can't get rid of the problem.
I allready did a in place repair but still have the issue.
I think i'm gonna wait until a fix.
I already try everything possible.
All I have left is a clean install...but I don't want that. I hope microsoft fixes it soon.

Thanks again friend!
While you're waiting for MS to do their thing, have you tried resetting the Security App. Open Settings > Apps > Windows Security. You will see three dots ... on the far right > click on them > Advanced Options > Reset. The Reset selection has two choices, try Reset first and if that fails try Repair. Worst case scenario, you could try Uninstalling the app. It most likely would be available to download again from the MS Store, or may become available on the next Windows Update check. Better yet, just ignore everything I wrote.
 

My Computer

System One

  • OS
    Windows 11
Another weird thing happened today on public Build 22621.1413 on 2 different machines.
The Security processor entry (TPM) was completely missing from this screen below.
I then issued Win + R and entered the command tpm.msc which showed the status of the TPM (see second shot below).
After that I checked back again on this screen and the Security processor showed up normally. 🤷‍♂️

1679365877403.png

.
1679366253500.png


1679366455423.png
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Yoga 920
    CPU
    Intel I7-8550U
    Motherboard
    n/a
    Memory
    16GB
    Graphics Card(s)
    Intel Graphics UHD 620
    Sound Card
    Realtek High Definition Audio (SST)
    Monitor(s) Displays
    4k Touch screen
    Screen Resolution
    3480 x 2160
    Hard Drives
    512GB NVMe
I just saw This post where Microsoft finally acknowledges this issue, which has apparently been going on since Jan 15, 2023. In the post, they say that LSA is ON, and that the warning is a false positive. They also include the registry mod to remove the warning, if desired.
 

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS8950
    CPU
    i7-12700K
    Motherboard
    Z690 : 9D2HH Foxconn, R6PCT Foxconn 2nd
    Memory
    16GB (2 x 8)
    Graphics Card(s)
    Intel(R) UHD Graphics 770 with shared graphics memory
    Sound Card
    Integrated
    Monitor(s) Displays
    Acer CBL282K Smiiprx
    Screen Resolution
    4K UHD (3840 x 2160) @ 60 Hz
    Hard Drives
    Western Digital PC SN810 512 GB M.2 NVMe SSD, PCIe
    PSU
    750W
    Cooling
    2G44F Asetek 125W CPU liquid cooler
    Keyboard
    Arteck Wireless
    Mouse
    Victsing-mm057 wireless
    Internet Speed
    Wi-Fi 6
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
  • Operating System
    Win 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 5620
    CPU
    12th Gen Intel Core i7-1260P
    Memory
    2 x 8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Screen Resolution
    1920 x 1200 @ 60 Hz
    Hard Drives
    NVMe 512 GB
    Case
    Aluminum
    Mouse
    Touchpad
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
Here this again, Security processor disappeared from the device security. 🤷‍♂️

1679367885202.png



1679367986904.png


and showed up again just reopening the dashboard:
1679368270067.png
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Yoga 920
    CPU
    Intel I7-8550U
    Motherboard
    n/a
    Memory
    16GB
    Graphics Card(s)
    Intel Graphics UHD 620
    Sound Card
    Realtek High Definition Audio (SST)
    Monitor(s) Displays
    4k Touch screen
    Screen Resolution
    3480 x 2160
    Hard Drives
    512GB NVMe
I just saw This post where Microsoft finally acknowledges this issue, which has apparently been going on since Jan 15, 2023. In the post, they say that LSA is ON, and that the warning is a false positive. They also include the registry mod to remove the warning, if desired.
It sure had nothing to do with the update mentioned there in that post.
The update that introduced this problem is the security update KB5007651 Version 1.0.2302.21002-0. MS never answered my FBH report for the issue.
It was first released to Insider Dev builds and later to all users including public Builds 22000.xxxx and 22621.xxxx.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Yoga 920
    CPU
    Intel I7-8550U
    Motherboard
    n/a
    Memory
    16GB
    Graphics Card(s)
    Intel Graphics UHD 620
    Sound Card
    Realtek High Definition Audio (SST)
    Monitor(s) Displays
    4k Touch screen
    Screen Resolution
    3480 x 2160
    Hard Drives
    512GB NVMe
I just saw This post where Microsoft finally acknowledges this issue, which has apparently been going on since Jan 15, 2023. In the post, they say that LSA is ON, and that the warning is a false positive. They also include the registry mod to remove the warning, if desired.
The article also says that LSA is on by default in the Insider Canary build.
Earlier this month, Redmond announced that the latest Windows 11 build rolling out to Insiders in the Canary channel would also enable Local Security Authority (LSA) Protection by default.
And in the Insider Canary build 25314.1010 the RunAsPPLBoot registry entry does exist, confirming that creating one is the correct solution to this bug.

1679368837398.png
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
The article also says that LSA is on by default in the Insider Canary build.

And in the Insider Canary build 25314.1010 the RunAsPPLBoot registry entry does exist, confirming that creating one is the correct solution to this bug.
The registry entries were already correct on Dev builds weeks before 25314.
I think they started with 25295 and above. 😉
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Yoga 920
    CPU
    Intel I7-8550U
    Motherboard
    n/a
    Memory
    16GB
    Graphics Card(s)
    Intel Graphics UHD 620
    Sound Card
    Realtek High Definition Audio (SST)
    Monitor(s) Displays
    4k Touch screen
    Screen Resolution
    3480 x 2160
    Hard Drives
    512GB NVMe
The registry entries were already correct on Dev builds weeks before 25314.
I think they started with 25295 and above. 😉
That may well be the case, but if MS had already fixed it for Insiders why on earth did they see fit to release an earlier broken version to the rest of us?
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
That may well be the case, but if MS had already fixed it for Insiders why on earth did they see fit to release an earlier broken version to the rest of us?
There were FBH reports about the issues starting with 25281 on Jan 24, with kb5007651 version 1.0.2301.24001-0, but MS never replied to the FBH reports and never provided any official fix.
Then they rolled out the problem to everybody in March 2023. 🤣🤣🤣🤐
Typical MS security team. 🤐🤬
The same happened with the problems they had with 21H2 in Aug 2022.

1679370521926.png


This was a problem on Build 25281:


Feb 23, 2023 the problems started happening with Build 22621 after receiving KB5007651 Version 1.0.2302.21002-0.



I saw four other different Symptoms depending on the combination of the Windows Build number and the kb5007651 update version.

1)
Image
2 App and Browser Control missing from the Security Dashboard

3) Firewall & network protection missing from the Security Dashboard.

4) System tray Security icon showing yellow warning sign and then icon completely missing after a reboot.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Yoga 920
    CPU
    Intel I7-8550U
    Motherboard
    n/a
    Memory
    16GB
    Graphics Card(s)
    Intel Graphics UHD 620
    Sound Card
    Realtek High Definition Audio (SST)
    Monitor(s) Displays
    4k Touch screen
    Screen Resolution
    3480 x 2160
    Hard Drives
    512GB NVMe
Microsoft confirms recent Defender LSA issue on Windows 11 - "Local Security Authority protection is off." with persistent restart.
"
Workaround: If you have enabled Local Security Authority (LSA) protection and have restarted your device at least once, you can dismiss warning notifications and ignore any additional notifications prompting for a restart. You can verify that LSA protection is enabled by looking in Event Viewer using the information available here. Important: Currently, we do not recommend any other workaround for this issue.

Next steps: We are working on a resolution and will provide an update as soon as it is available."


Windows 11, version 22H2 known issues and notifications
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    DELL VOSTRO 15 3568
    CPU
    Intel Core i5-7200U
    Memory
    8,00 GB
    Graphics Card(s)
    Intel HD Graphics 620, Radeon R5 M420
    Sound Card
    Realtek Audio ALC3246
    Screen Resolution
    1920 X 1080
    Hard Drives
    SK HYNIX SC311 SATA 256 GB, SanDisk Extreme 510 external
    Mouse
    DELL WM615
    Internet Speed
    30/5 MB/s VDSL
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Defender
I don't have these options in my security settings?

Screenshot 2023-03-22 133030.png
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (RP channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte
    CPU
    AMD Ryzen 5900X 12-core
    Motherboard
    X570 Aorus Xtreme
    Memory
    64GB Corsair Platinum RGB 3600MHz CL16
    Graphics Card(s)
    MSI Suprim X 3080 Ti
    Sound Card
    Soundblaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming VG289Q
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 990 Pro 2TB
    Samsung 980 Pro 2TB
    Samsung 970 Evo Plus 1TB
    Samsung 870 Evo 4TB
    Samsung T7 Touch 1TB
    PSU
    Asus ROG Strix 1000W
    Case
    Corsair D750 Airflow
    Cooling
    Noctua NH-D15S
    Keyboard
    Asus ROG Flare
    Mouse
    Logitech G903 with PowerPlay charger
    Internet Speed
    500Mb/sec
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Hello Brian, :alien:

Which build and version of Windows 11 are you currently running?
22621.1483 Release preview. My SecurityHealth folder is empty as any attempt to install 'Update to Windows antimalware platform 1.0.2302.21002-0' renders my Security app unusable. Yellow triangle and the UI won't open, constantly crashes. I restored my backup just now which had that update blocked, no problems with Security app now. Others have reported similar issues with this update.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (RP channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte
    CPU
    AMD Ryzen 5900X 12-core
    Motherboard
    X570 Aorus Xtreme
    Memory
    64GB Corsair Platinum RGB 3600MHz CL16
    Graphics Card(s)
    MSI Suprim X 3080 Ti
    Sound Card
    Soundblaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming VG289Q
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 990 Pro 2TB
    Samsung 980 Pro 2TB
    Samsung 970 Evo Plus 1TB
    Samsung 870 Evo 4TB
    Samsung T7 Touch 1TB
    PSU
    Asus ROG Strix 1000W
    Case
    Corsair D750 Airflow
    Cooling
    Noctua NH-D15S
    Keyboard
    Asus ROG Flare
    Mouse
    Logitech G903 with PowerPlay charger
    Internet Speed
    500Mb/sec
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
@BrianInEngland

How can you be on 22621.1483 ?
Is that Beta channel or something?


Ah... you're one of those Insider types. :-)
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3374 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
22621.1483 Release preview. My SecurityHealth folder is empty as any attempt to install 'Update to Windows antimalware platform 1.0.2302.21002-0' renders my Security app unusable. Yellow triangle and the UI won't open, constantly crashes. I restored my backup just now which had that update blocked, no problems with Security app now. Others have reported similar issues with this update.

Yeah, LSA should have been there for that build.

They could see if using option 2 or 4 to enable LSA may add it back.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium

Attachments

  • Screenshot 2023-03-22 141144.png
    Screenshot 2023-03-22 141144.png
    11.7 KB · Views: 28

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (RP channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte
    CPU
    AMD Ryzen 5900X 12-core
    Motherboard
    X570 Aorus Xtreme
    Memory
    64GB Corsair Platinum RGB 3600MHz CL16
    Graphics Card(s)
    MSI Suprim X 3080 Ti
    Sound Card
    Soundblaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming VG289Q
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 990 Pro 2TB
    Samsung 980 Pro 2TB
    Samsung 970 Evo Plus 1TB
    Samsung 870 Evo 4TB
    Samsung T7 Touch 1TB
    PSU
    Asus ROG Strix 1000W
    Case
    Corsair D750 Airflow
    Cooling
    Noctua NH-D15S
    Keyboard
    Asus ROG Flare
    Mouse
    Logitech G903 with PowerPlay charger
    Internet Speed
    500Mb/sec
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
@BrianInEngland

How can you be on 22621.1483 ?
Is that Beta channel or something?
It's the Release Preview Channel for Insiders.

 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Yeah, LSA should have been there for that build.

They could see if using option 2 or 4 to enable LSA may add it back.
Does it require the Security update I mentioned? Because there's no way I can install that due to the problem I mentioned
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (RP channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte
    CPU
    AMD Ryzen 5900X 12-core
    Motherboard
    X570 Aorus Xtreme
    Memory
    64GB Corsair Platinum RGB 3600MHz CL16
    Graphics Card(s)
    MSI Suprim X 3080 Ti
    Sound Card
    Soundblaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming VG289Q
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 990 Pro 2TB
    Samsung 980 Pro 2TB
    Samsung 970 Evo Plus 1TB
    Samsung 870 Evo 4TB
    Samsung T7 Touch 1TB
    PSU
    Asus ROG Strix 1000W
    Case
    Corsair D750 Airflow
    Cooling
    Noctua NH-D15S
    Keyboard
    Asus ROG Flare
    Mouse
    Logitech G903 with PowerPlay charger
    Internet Speed
    500Mb/sec
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender

Latest Support Threads

Back
Top Bottom