Solved Local Security Authority protection warning - legitimate, or false-positive?


safron

Well-known member
Member
VIP
Local time
11:16 AM
Posts
151
OS
Windows 11 22H2
Hi - I'd posted this in the antivirus board, but it doesn't seem very active so I'm posting again here (I didn't see any way of deleting the old post).

I'm getting conflicting information from Windows Security regarding Local Security Authority protection (LSAp).

After installing WUS February updates
> 2023-02 .Net 6.0.14 Security Update KB5023288, and
> 2023-02 Cum Update for Windows KB5022845
I noticed "Windows security - Actions recommended" in the system tray.

In Windows Security > Device security:
> Memory integrity was Off. I toggled it to On.
> LSAp was Off. I toggled it to On.

I believe (?) both these settings were On prior to applying February updates.

After rebooting again, the toggle for LSAp now shows it's switched On, but there's still a warning saying it's off (see pic). The system tray icon also continues to show Actions recommended.

I researched a bit, and see on reddit ( Link ) others are having the same issue. They say something about a missing Registry entry, and creating a new DWORD32, but I didn't want to blindly mess with the Registry. Likewise, I have a restore point, but am not sure that's the best course, as I don't know if LSAp is truly Off, or On, and Windows is just displaying an erroneous message.

For now, I've elected not to do anything (except post here) and hope Microsoft applies a fix.

Has anyone here encountered this? Any suggestions will be appreciated.

Windows Build/Version22H2, Build 22621.1265

Attachments​

  • LSAP.jpg
    LSAP.jpg
    96.4 KB · Views: 1
 
Windows Build/Version
22H2, Build 22621.1265

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS8950
    CPU
    i7-12700K
    Motherboard
    Z690 : 9D2HH Foxconn, R6PCT Foxconn 2nd
    Memory
    16GB (2 x 8)
    Graphics Card(s)
    Intel(R) UHD Graphics 770 with shared graphics memory
    Sound Card
    Integrated
    Monitor(s) Displays
    Acer CBL282K Smiiprx
    Screen Resolution
    4K UHD (3840 x 2160) @ 60 Hz
    Hard Drives
    Western Digital PC SN810 512 GB M.2 NVMe SSD, PCIe
    PSU
    750W
    Cooling
    2G44F Asetek 125W CPU liquid cooler
    Keyboard
    Arteck Wireless
    Mouse
    Victsing-mm057 wireless
    Internet Speed
    Wi-Fi 6
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
  • Operating System
    Win 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 5620
    CPU
    12th Gen Intel Core i7-1260P
    Memory
    2 x 8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Screen Resolution
    1920 x 1200 @ 60 Hz
    Hard Drives
    NVMe 512 GB
    Case
    Aluminum
    Mouse
    Touchpad
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Thanks @glasskuter. The reg file in Brink's tutorial is consistent with what others were suggesting on Reddit.

I implemented changes in the Group Policy Editor, and set to Enable Local Security Authority (LSA) Protection without UEFI Lock, which is apparently the Win 11 default, but the issue persists (see pic).

SFC and DISM are all clear. This is looking more and more like a Windows bug.
 

Attachments

  • LSAp2.jpg
    LSAp2.jpg
    20.7 KB · Views: 5
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS8950
    CPU
    i7-12700K
    Motherboard
    Z690 : 9D2HH Foxconn, R6PCT Foxconn 2nd
    Memory
    16GB (2 x 8)
    Graphics Card(s)
    Intel(R) UHD Graphics 770 with shared graphics memory
    Sound Card
    Integrated
    Monitor(s) Displays
    Acer CBL282K Smiiprx
    Screen Resolution
    4K UHD (3840 x 2160) @ 60 Hz
    Hard Drives
    Western Digital PC SN810 512 GB M.2 NVMe SSD, PCIe
    PSU
    750W
    Cooling
    2G44F Asetek 125W CPU liquid cooler
    Keyboard
    Arteck Wireless
    Mouse
    Victsing-mm057 wireless
    Internet Speed
    Wi-Fi 6
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
  • Operating System
    Win 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 5620
    CPU
    12th Gen Intel Core i7-1260P
    Memory
    2 x 8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Screen Resolution
    1920 x 1200 @ 60 Hz
    Hard Drives
    NVMe 512 GB
    Case
    Aluminum
    Mouse
    Touchpad
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
Per this link, (page 4) and Brink's reg file, it seems a missing Registry entry was the culprit.

In the Registry, we were in fact missing the RunAsPPLBoot key (which of course the Group Policy mod didn't address).

I reversed the Group Policy change, just to keep things clean.

I then implemented changes specified in Brink's reg file
a) adding the RunAsPPLBoot key, and
b) assigning dword = 2.

That did the trick. Notification in the system tray is gone, and Windows Security is no longer flagging LSAp as Off (even though the toggle was On).

Thanks again for your help @glasskuter (and of course Brink).
 

Attachments

  • Registry change.jpg
    Registry change.jpg
    11 KB · Views: 10
  • Registry Before.jpg
    Registry Before.jpg
    66 KB · Views: 8
  • Registry After.jpg
    Registry After.jpg
    138.6 KB · Views: 9

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS8950
    CPU
    i7-12700K
    Motherboard
    Z690 : 9D2HH Foxconn, R6PCT Foxconn 2nd
    Memory
    16GB (2 x 8)
    Graphics Card(s)
    Intel(R) UHD Graphics 770 with shared graphics memory
    Sound Card
    Integrated
    Monitor(s) Displays
    Acer CBL282K Smiiprx
    Screen Resolution
    4K UHD (3840 x 2160) @ 60 Hz
    Hard Drives
    Western Digital PC SN810 512 GB M.2 NVMe SSD, PCIe
    PSU
    750W
    Cooling
    2G44F Asetek 125W CPU liquid cooler
    Keyboard
    Arteck Wireless
    Mouse
    Victsing-mm057 wireless
    Internet Speed
    Wi-Fi 6
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
  • Operating System
    Win 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 5620
    CPU
    12th Gen Intel Core i7-1260P
    Memory
    2 x 8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Screen Resolution
    1920 x 1200 @ 60 Hz
    Hard Drives
    NVMe 512 GB
    Case
    Aluminum
    Mouse
    Touchpad
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
You're welcome. I donate my share of thanks to @Brink. He's the brains behind it. He does the work, we just provide the links.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Per this link, (page 4) and Brink's reg file, it seems a missing Registry entry was the culprit.

In the Registry, we were in fact missing the RunAsPPLBoot key (which of course the Group Policy mod didn't address).

I reversed the Group Policy change, just to keep things clean.

I then implemented changes specified in Brink's reg file
a) adding the RunAsPPLBoot key, and
b) assigning dword = 2.

That did the trick. Notification in the system tray is gone, and Windows Security is no longer flagging LSAp as Off (even though the toggle was On).

Thanks again for your help @glasskuter (and of course Brink).
Sorry - a and b in my post # 4 above should read:

a) adding the RunAsPPLBoot dword, and
b) assigning value= 2.
 

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS8950
    CPU
    i7-12700K
    Motherboard
    Z690 : 9D2HH Foxconn, R6PCT Foxconn 2nd
    Memory
    16GB (2 x 8)
    Graphics Card(s)
    Intel(R) UHD Graphics 770 with shared graphics memory
    Sound Card
    Integrated
    Monitor(s) Displays
    Acer CBL282K Smiiprx
    Screen Resolution
    4K UHD (3840 x 2160) @ 60 Hz
    Hard Drives
    Western Digital PC SN810 512 GB M.2 NVMe SSD, PCIe
    PSU
    750W
    Cooling
    2G44F Asetek 125W CPU liquid cooler
    Keyboard
    Arteck Wireless
    Mouse
    Victsing-mm057 wireless
    Internet Speed
    Wi-Fi 6
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
  • Operating System
    Win 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 5620
    CPU
    12th Gen Intel Core i7-1260P
    Memory
    2 x 8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Screen Resolution
    1920 x 1200 @ 60 Hz
    Hard Drives
    NVMe 512 GB
    Case
    Aluminum
    Mouse
    Touchpad
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
Toggling LSAP to ON should have been all that was needed. An optional way of turning it on is using a reg file that does the same thing. Here is Brink's tutorial that includes the reg file. Try that method to see if the warning is removed. Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial
Hi Glasskuter
After the March 14 update I got a yellow warning on my Windows Security notification icon. I turned on LSA but the yellow warning remains, I checked the registry (Brink's tutorial) and the first RunAsPPL is set to 00000002 but I don't have the "RunAsPPLBoot"=dword:00000002 entry (Windows11 22H2 Home) should I run Brink's script to include the second key? I checked my UEFI and Secure Boot is enabled.
Alternatively I dismiss the warning?
Frank
 

Attachments

  • Local Security is on with yellow icon.jpg
    Local Security is on with yellow icon.jpg
    56.4 KB · Views: 4

My Computers

System One System Two

  • OS
    Windows 11 Home 22H2 build: 22621.1928
    Computer type
    Laptop
    Manufacturer/Model
    Acer/Aspire5 515-54G-70AG
    CPU
    Intel i7-10510U CPU 1.8 GHZ
    Motherboard
    Intel Comet Lake-U PCH-LP Premium, firmware version 3.2
    Memory
    8 GB 1333.3 MHz Dual channel
    Graphics Card(s)
    Intel UHD + NVIDIA GeForce MX250
    Sound Card
    RealTek ALC255 chipset
    Monitor(s) Displays
    Full HD TN 16"
    Screen Resolution
    1920x1080 220 NITS
    Hard Drives
    SATA mechanical 1TB TOSHIBA HDWL110 X1UGPHELT 5600 rpm
    PSU
    Murata battery AP18C4k (31CP5/81/68) Li-Polymer Battery Pack, full capacity 46620 mWh 11.4V
    Case
    Polycarbonate with a metal panel lid
    Cooling
    1 fan
    Keyboard
    US
    Mouse
    Precision Trackpad
    Internet Speed
    15 mb/s
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    2022 Intel diplay driver: gfx_win_101.3413_101.2111.exe
  • Operating System
    Windows 11 Home 23H2 build 22631.3374
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivobook K3502Z S15 15" OLED
    CPU
    Intel 12th Gen. i7 12700H, 14 cores, 2.3 GHz (24M Cache, up to 4.7 GHz, 6P+8E cores)
    Motherboard
    Alder Lake-H, 1700-4700 MHz clock rate
    Memory
    8GB LPDDR4 on board + 8GB LPDDR4 3200 MHz in Dual Channel.
    Graphics card(s)
    Intel Iris Xe supports up to 4096 x 2304 @ 120Hz
    Sound Card
    Harman Kardon - DTS
    Monitor(s) Displays
    OLED 15.6inch 2.8K (2880 x 1620)
    Screen Resolution
    16:9 aspect ratio 0.2ms response time 120Hz refresh rate, 550nits
    Hard Drives
    512GB M.2 NVMe Gen4 PCIe 4.0 SSD, Micron_2450_MTFDKBA512TFK
    PSU
    90-Watt USB charger (Thunderbolt4)
    Case
    Metal lid, plastic case
    Cooling
    1 fan
    Mouse
    Precision Trackpad
    Keyboard
    With backlight
    Internet Speed
    ISP provides 15 mb/s WIFI LTE (4G), laptop WIFI 6 adapter.
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    BIOS American Megatrends International, LLC. K3502ZA.307, 08/09/2022. Network adapter: Intel Wi-Fi 6E AX211 160 MHz
Yes, Frank. The reg file will create the key.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
It looks like 2023-03 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5023706) turns LSAP to off. Only noticed it yesterday and had the same issue.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Not to take anything away from Brink, but if you click the 'learn more' link under the Defender item it will take you to the Microsoft page :
Configuring Additional LSA Protection

There are instructions and explanations there on how to correctly configure LSAp, including the registry settings and how to use Event Viewer to check the status of relevent files that might cause issues.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes

My Computers

System One System Two

  • OS
    Windows 11 Home 22H2 build: 22621.1928
    Computer type
    Laptop
    Manufacturer/Model
    Acer/Aspire5 515-54G-70AG
    CPU
    Intel i7-10510U CPU 1.8 GHZ
    Motherboard
    Intel Comet Lake-U PCH-LP Premium, firmware version 3.2
    Memory
    8 GB 1333.3 MHz Dual channel
    Graphics Card(s)
    Intel UHD + NVIDIA GeForce MX250
    Sound Card
    RealTek ALC255 chipset
    Monitor(s) Displays
    Full HD TN 16"
    Screen Resolution
    1920x1080 220 NITS
    Hard Drives
    SATA mechanical 1TB TOSHIBA HDWL110 X1UGPHELT 5600 rpm
    PSU
    Murata battery AP18C4k (31CP5/81/68) Li-Polymer Battery Pack, full capacity 46620 mWh 11.4V
    Case
    Polycarbonate with a metal panel lid
    Cooling
    1 fan
    Keyboard
    US
    Mouse
    Precision Trackpad
    Internet Speed
    15 mb/s
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    2022 Intel diplay driver: gfx_win_101.3413_101.2111.exe
  • Operating System
    Windows 11 Home 23H2 build 22631.3374
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivobook K3502Z S15 15" OLED
    CPU
    Intel 12th Gen. i7 12700H, 14 cores, 2.3 GHz (24M Cache, up to 4.7 GHz, 6P+8E cores)
    Motherboard
    Alder Lake-H, 1700-4700 MHz clock rate
    Memory
    8GB LPDDR4 on board + 8GB LPDDR4 3200 MHz in Dual Channel.
    Graphics card(s)
    Intel Iris Xe supports up to 4096 x 2304 @ 120Hz
    Sound Card
    Harman Kardon - DTS
    Monitor(s) Displays
    OLED 15.6inch 2.8K (2880 x 1620)
    Screen Resolution
    16:9 aspect ratio 0.2ms response time 120Hz refresh rate, 550nits
    Hard Drives
    512GB M.2 NVMe Gen4 PCIe 4.0 SSD, Micron_2450_MTFDKBA512TFK
    PSU
    90-Watt USB charger (Thunderbolt4)
    Case
    Metal lid, plastic case
    Cooling
    1 fan
    Mouse
    Precision Trackpad
    Keyboard
    With backlight
    Internet Speed
    ISP provides 15 mb/s WIFI LTE (4G), laptop WIFI 6 adapter.
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    BIOS American Megatrends International, LLC. K3502ZA.307, 08/09/2022. Network adapter: Intel Wi-Fi 6E AX211 160 MHz
I've also had the same issue following the March 14th update - LSAP was set to off and toggling it on just keeps the yellow warning and tells me I need to restart to activate even after a reboot.

I'm not one to particularly enjoy fiddling with registry entries for no reason (not a super techy person!), so I'm inclined to just leave it off and tag the notification as Dismissed. Is this a particularly useful security setting for an average home user? If it's viewed as vital I'll deal with the registry entry issue but if the update itself is mass turning this setting off for people I'm inclined to leave it disabled!
 

My Computer

System One

  • OS
    Windows 11
I've also had the same issue following the March 14th update - LSAP was set to off and toggling it on just keeps the yellow warning and tells me I need to restart to activate even after a reboot.

I'm not one to particularly enjoy fiddling with registry entries for no reason (not a super techy person!), so I'm inclined to just leave it off and tag the notification as Dismissed. Is this a particularly useful security setting for an average home user? If it's viewed as vital I'll deal with the registry entry issue but if the update itself is mass turning this setting off for people I'm inclined to leave it disabled!
If you read the MS page I linked you can decide for yourself if you need to resolve the issue or not, only you really know if your setup needs it on or off.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes
Not to take anything away from Brink, but if you click the 'learn more' link under the Defender item it will take you to the Microsoft page :
Configuring Additional LSA Protection

There are instructions and explanations there on how to correctly configure LSAp, including the registry settings and how to use Event Viewer to check the status of relevent files that might cause issues.
Read thru that, and its over my head... however, how does this apply to Windows 'Home', ? There is stuff there that I'm sure is not part of Home.
 

My Computer

System One

  • OS
    Windows 11 Intel i5 10400 HD630 graphics chip
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    CPU
    i5-10400
    Memory
    12 gb
    Graphics Card(s)
    HD630 chipset
    Monitor(s) Displays
    LG 24inch
    Hard Drives
    SSD, external usb drive 1tb for files/backups
    Keyboard
    wireless Logi
    Mouse
    ms 4000 wireless mouse
    Internet Speed
    10meg
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    Win11 Home 23H2 22631.3374 03/26/24
I was getting the same (Pro) since, there was a Defender platform update this morning, and now every other time I open Windows security I get "Windows security health service stopped working"
Tried repair and reset on Windows security.
SFC scannow (found and resolved)
DISM restore.

the Dword reg egit entries are indeed missing , however I didn't realise I was beta testing.

KB 5007651 was the little gem I received today
 

My Computer

System One

  • OS
    11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    PC Specialist
    CPU
    I7 12700K
    Motherboard
    Gigabyte Z690 Aorus Elite
    Memory
    2 X Corsair Vengeance DDR4 @ 3600 32 gb total
    Graphics Card(s)
    Zotac RTX 3070 ti
    Sound Card
    onboard
    Monitor(s) Displays
    Iiyama 27"
    Screen Resolution
    2560 x 1440
    Hard Drives
    2 TB OEM M.2 + 2TB Samsung Evo 860 sata 3
    PSU
    Corsair 850 watt modular
    Case
    Fractal Meshify 2
    Cooling
    AIO on CPU trinity on GPU
    Keyboard
    Roccat Arvo
    Mouse
    RAT 5
    Internet Speed
    52gb
    Browser
    Edge Chrome
    Antivirus
    Defender
Not to take anything away from Brink, but if you click the 'learn more' link under the Defender item it will take you to the Microsoft page :
Configuring Additional LSA Protection

There are instructions and explanations there on how to correctly configure LSAp, including the registry settings and how to use Event Viewer to check the status of relevent files that might cause issues.
There's no mention of RunAsPPLBoot in that article though.

I encountered this issue today at work and also here at home.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Intel Core i5-10600K
    Motherboard
    Gigabyte Aorus Z490 Elite AC
    Memory
    32 GB (G.Skill Ripjaws V F4-3600C16D-32GVKC)
    Graphics Card(s)
    MSI GeForce RTX 3070 Gaming Z Trio
    Monitor(s) Displays
    LG UltraGear 32GR93U
    Screen Resolution
    4K
    Hard Drives
    Kingston A2000 500GB; Kingston A2000 1TB; Seagate Barracuda Compute 3,5", 8TB
    PSU
    be quiet! Straight Power 11 750W
    Case
    be quiet! Silent Base 801
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    CPU
    Intel Core i5-1155G7
    Memory
    8 GB
    Graphics card(s)
    Intel Iris Xᵉ
    Screen Resolution
    1920 x 1080
I got this after the update also.
I can't recall if I ever had this enabled when I clean installed Windows. Now I have questions:

If this a "silent" security feature - it runs in the background and never bothers me?
The description of it :
"is a process in Microsoft Windows that verifies logon attempts, password changes, creates access tokens, and other important tasks relating to Windows authentication and authorization protocols"
I have a Local Account - I don't log in, use passwords, access tokens, or a MS Account. It's not going to start nagging for any of those is it?

In Brink's tutorial Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial :
What is the UEFI Lock option? Why would I or wouldn't I want to enable this?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel i7-13700K
    Motherboard
    MSI PRO Z790-A WiFi
    Memory
    Corsair Vengence 5600 - 32GB
    Graphics Card(s)
    MSI RTX3060 Ventus 2x 12GB
    Sound Card
    On board - Realtek ALC4080
    Monitor(s) Displays
    LG 27GL850
    Screen Resolution
    2560 x 1440
    Hard Drives
    WD Black SN850X Nvme - 1TB
    WD Black 6TB HDD 256MB cache CMR
    WD Black 6TB HDD 128MB cache CMR
    PSU
    Corsair RM850x
    Case
    Fractal Design - Define 7
    Cooling
    Deepcool AK400
    Keyboard
    MS KC0405
    Mouse
    MS Model 1113 / MS Wireless Mobile Mouse 3500
    Internet Speed
    940 Mbps
    Browser
    Firefox
    Antivirus
    Windows Security
    Other Info
    I have a Case Speaker!
    I have a Blueray Disk drive!
  • Operating System
    Windows 10 Pro 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    i7-9700K
    Motherboard
    Asus Prime Z390-A
    Memory
    Corsair Vengence 32GB
    Graphics card(s)
    EVGA GTX1060
    Sound Card
    On Board
    Monitor(s) Displays
    Acer 27"
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD Black Nvme 500GB
    Toshiba X300 5TB
    PSU
    Corsair RM850x
    Case
    Antec P101 Silent
    Cooling
    CoolerMaster Hyper T4
    Mouse
    Logitec M-U0007
    Keyboard
    MS KC0405
    Internet Speed
    940 Mbps
    Browser
    Firefox
    Antivirus
    Avast!
    Other Info
    I have a Case Speaker!
I just saw This post where Microsoft finally acknowledges this issue, which has apparently been going on since Jan 15, 2023. In the post, they say that LSA is ON, and that the warning is a false positive. They also include the registry mod to remove the warning, if desired.
 

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS8950
    CPU
    i7-12700K
    Motherboard
    Z690 : 9D2HH Foxconn, R6PCT Foxconn 2nd
    Memory
    16GB (2 x 8)
    Graphics Card(s)
    Intel(R) UHD Graphics 770 with shared graphics memory
    Sound Card
    Integrated
    Monitor(s) Displays
    Acer CBL282K Smiiprx
    Screen Resolution
    4K UHD (3840 x 2160) @ 60 Hz
    Hard Drives
    Western Digital PC SN810 512 GB M.2 NVMe SSD, PCIe
    PSU
    750W
    Cooling
    2G44F Asetek 125W CPU liquid cooler
    Keyboard
    Arteck Wireless
    Mouse
    Victsing-mm057 wireless
    Internet Speed
    Wi-Fi 6
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
  • Operating System
    Win 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 5620
    CPU
    12th Gen Intel Core i7-1260P
    Memory
    2 x 8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Screen Resolution
    1920 x 1200 @ 60 Hz
    Hard Drives
    NVMe 512 GB
    Case
    Aluminum
    Mouse
    Touchpad
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
I just noticed Windows Defender had a *new* next to it? Checked updates, nothing there, but on the store it says updated today, don't think I've seen this before
 

Attachments

  • Screenshot 2023-03-21 115715.png
    Screenshot 2023-03-21 115715.png
    23.9 KB · Views: 5

My Computer

System One

  • OS
    11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    PC Specialist
    CPU
    I7 12700K
    Motherboard
    Gigabyte Z690 Aorus Elite
    Memory
    2 X Corsair Vengeance DDR4 @ 3600 32 gb total
    Graphics Card(s)
    Zotac RTX 3070 ti
    Sound Card
    onboard
    Monitor(s) Displays
    Iiyama 27"
    Screen Resolution
    2560 x 1440
    Hard Drives
    2 TB OEM M.2 + 2TB Samsung Evo 860 sata 3
    PSU
    Corsair 850 watt modular
    Case
    Fractal Meshify 2
    Cooling
    AIO on CPU trinity on GPU
    Keyboard
    Roccat Arvo
    Mouse
    RAT 5
    Internet Speed
    52gb
    Browser
    Edge Chrome
    Antivirus
    Defender
Follow-up question: Is cleanup recommended?

Background
To resolve the issue, I added the RunAsPPLBoot DWord with a value of 2 in the Registry under the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] key.

Status
Microsoft has now acknowledged this issue as a bug (i.e., a false-positive) and said:
  • The erroneous notification can just be dismissed. After toggling LSA on, and rebooting LSA is on regardless of the notification.
  • Remedial action is NOT recommended. The erroneous notification should disappear with upcoming updates.
Question
Should I now remove the DWord I added, thereby "restoring" the Registry to a pre-modified state? Is there any downside to keeping this DWord under the LSA key if we want LSA enabled?
 

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS8950
    CPU
    i7-12700K
    Motherboard
    Z690 : 9D2HH Foxconn, R6PCT Foxconn 2nd
    Memory
    16GB (2 x 8)
    Graphics Card(s)
    Intel(R) UHD Graphics 770 with shared graphics memory
    Sound Card
    Integrated
    Monitor(s) Displays
    Acer CBL282K Smiiprx
    Screen Resolution
    4K UHD (3840 x 2160) @ 60 Hz
    Hard Drives
    Western Digital PC SN810 512 GB M.2 NVMe SSD, PCIe
    PSU
    750W
    Cooling
    2G44F Asetek 125W CPU liquid cooler
    Keyboard
    Arteck Wireless
    Mouse
    Victsing-mm057 wireless
    Internet Speed
    Wi-Fi 6
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)
  • Operating System
    Win 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 5620
    CPU
    12th Gen Intel Core i7-1260P
    Memory
    2 x 8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Screen Resolution
    1920 x 1200 @ 60 Hz
    Hard Drives
    NVMe 512 GB
    Case
    Aluminum
    Mouse
    Touchpad
    Browser
    Vivaldi
    Antivirus
    Windows Defender (native)

Latest Support Threads

Back
Top Bottom