New Update Microsoft finally manages to fix Windows 11 Defender Local Security Authority protection off

[Gandalf_The_Grey]

It is somewhat common for the Patch Tuesday OS security updates to break something, and the ones for March were no different. The updates introduced an issue with the Windows Security app wherein Microsoft Defender would wrongly report that the Local Security Authority (LSA) protection was off. It affected both Windows 11 22H2 as well as 21H2.

Microsoft provided a workaround for the issue at that time as it was still investigating the bug. After a month passed since then, the company announced that it was able to resolve the issue and the solution was to update to Defender version 1.0.2303.27001.

However, this victory of Microsoft was short-lived as the issue returned, as it never left for some, including one of Neowin forum members kiddingguy. Today, the Windows health dashboard issues section was updated by the tech giant as it claims that the LSA off issue has been finally resolved.

Microsoft says that the Defender version 1.0.2306.10002. Essentially, all you need to do is update to the latest version of Windows Security app via the Windows Update, and the issue should go away.

Microsoft writes:

Resolution: This issue was resolved in an update for Windows Security platform antimalware platform KB5007651 (Version 1.0.2306.10002). If you would like to install the update before it is installed automatically, you will need to check for updates.

Microsoft finally manages to fix Windows 11 Defender Local Security Authority protection off

Microsoft suggests that it finally managed to, once and for all, resolve the Defender Local Security Authority (LSA) protection off issue, which has been plaguing Windows 11 systems since March.

www.neowin.net

 

[HarborFront]

Still not getting Windows Security platform antimalware platform KB5007651 (Version 1.0.2306.10002)

 

[silversurfer]

Still not getting Windows Security platform antimalware platform KB5007651 (Version 1.0.2306.10002)

Where did you check for it?

Windows Security Center => Settings => Info:

 

[HarborFront]

Where did you check for it?

Windows Security Center => Settings => Info:

View attachment 276955

Sorry, I can't find it

 

[oldschool]

I have the latest version but LSA protection isn't showing at all. It's been that way for months.

 

[Sandbox Breaker]

They need Cookie and Password Manager "protection"

At least use the TPM with Windows Hello for your password storage protection.

 

[silversurfer]

I have the latest version but LSA protection isn't showing at all. It's been that way for months.

True, LSA settings can't be touched anymore, maybe available via group policy...
Windows Security Center => Core isolation: there Microsoft replaced LSA option for this: "Kernel-mode Hardware-enforced Stack Protection" but depends on device hardware:

New Update - Windows 11 incorrectly warns Local Security Authority protection is off

Some users have reported that the Windows Security app is showing “Local Security authority protection is off. Your device may be vulnerable” warnings when the feature is enabled. This bug is in Windows Defender (KB5007651), a mandatory security update shipped alongside Windows 11’s March 2023...

malwaretips.com

 

[oldschool]

Microsoft replaced LSA option for this: "Kernel-mode Hardware-enforced Stack Protection" but depends on device hardware:

Thanks for the reminder. My hardware doesn't support it.

 

[ForgottenSeer 97327]

My hardware neither, but my wife's laptop ryzen 5 4500U should support stack protection, but in process explorer it is off for all processes (even when I enable it with exploit protection). Anyone same experience (hardware should support it, but is off)? Or even better has resolved this issue?

 

[SeriousHoax]

My hardware neither, but my wife's laptop ryzen 5 4500U should support stack protection

I don't think it does. AFAIK, you need AMD Zen 3 or higher architecture processors. 4500U is Zen 2.

 

[HarborFront]

However, I have this

Update for Windows Security platform antimalware platform - KB5007651 (Version 1.0.2306.10002)

 

[TairikuOkami]

I don't think it does. AFAIK, you need AMD Zen 3 or higher architecture processors. 4500U is Zen 2.

I had LSA protection ON before, then OFF and now it does not show at all, neither does "Kernel-mode Hardware-enforced Stack Protection" .
But after BIOS update, secure boot is disabled and sometimes I forget to enable it, still I get BSOD with an invalid signature, so who knows?

 

[silversurfer]

My hardware neither, but my wife's laptop ryzen 5 4500U should support stack protection, but in process explorer it is off for all processes (even when I enable it with exploit protection). Anyone same experience (hardware should support it, but is off)? Or even better has resolved this issue?

Here as example for Firefox, Stack Protection shows: Compatible modules only, or simply Disabled. Note: First, I have nothing "tweaked" via Windows exploit protection.



But when I manually enable Stack Protection via Windows Exploit Protection for Firefox: Now all processes shows: Compatible modules only