New Update Windows 11 incorrectly warns Local Security Authority protection is off

[vtqhtr413]

Some users have reported that the Windows Security app is showing “Local Security authority protection is off. Your device may be vulnerable” warnings when the feature is enabled. This bug is in Windows Defender (KB5007651), a mandatory security update shipped alongside Windows 11’s March 2023 Update. Local Security Authority protection is a feature that prevents code injection and reduces the possibility of compromising credentials. The Local Security Authority feature verifies Windows logins, and it is necessary for the OS to function normally.

Windows 11 incorrectly warns Local Security Authority protection is off

Some users have reported that the Windows Security app is showing “Local Security authority protection is off. Your device may be vulnerable” warnings when the feature is enabled. This bug is in Windows Defender (KB5007651), a mandatory security update shipped alongside Windows 11’s March 2023...

www.windowslatest.com

 

[MuzzMelbourne]

Nah, nothing wrong with Microsoft products... but look out for TikTok, et al.

 

[ForgottenSeer 98186]

Nah, nothing wrong with Microsoft products... but look out for TikTok, et al.

A missing registry key (trivial to fix) is not equivalent to a hypothetical threat of the CCP appropriating TikTok.

That's not the real TikTok threat. The real threat is that TikTok makes the world's children, teenagers and adults more stupid, mentally ill and addicted by the day.

Tics and TikTok: Can social media trigger illness? - Harvard Health

For hundreds of years there have been documented instances of groups of people developing similar, medically inexplicable, and sometimes bizarre symptoms, such as paralysis, involuntary tics...

www.health.harvard.edu

The Psychological Effects of TikTok

Generation Z (young people born between 1997 and 2015) are obsessed with TikTok. If you're not familiar with this social...

exploringyourmind.com

21 Dangerous TikTok Trends Every Parent Should Be Aware of

Overdosing on allergy medication and starting electrical fires—these are the most dangerous TikTok trends.

www.newsweek.com

What TikTok does to your mental health: ‘It’s embarrassing we know so little’

Nearly six in 10 teenagers count themselves as daily users of the app yet little is known about the impacts on the brain

www.theguardian.com

 

[oldschool]

The real threat is that TikTok makes the world's children, teenagers and adults ... and addicted by the day.

The last bit sounds somewhat like MT. Just sayin'.

 

[Malleable]

I received this taskbar icon warning. In my case I think I read it was Core Isolation>Memory Integrity was off or it was on and I turned it off then back on and the warning on my taskbar icon went away. I toggled it on, rebooted numerous times since then, and still see the red "This change requires you to restart your device." notification while it's still on.

 

[oldschool]

I received this taskbar icon warning. In my case I think I read it was Core Isolation>Memory Integrity was off or it was on and I turned it off then back on and the warning on my taskbar icon went away. I toggled it on, rebooted numerous times since then, and still see the red "This change requires you to restart your device." notification while it's still on.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002

 

[ForgottenSeer 98186]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002

This solution works.

 

[TairikuOkami]

Alternatively you can run it with UEFI locked, so RunAsPPLBoot does not matter, because it is secure boot protected:

reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "RunAsPPL" /t REG_DWORD /d "1" /f

 

[Moonhorse]

Got this annoyance today aswell.

Just waiting for fix, cba edit register to fix it

 

[Malleable]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002

Thanks. I tried an immediate fix when the warning first appeared that didn't mention the second RunAsPPLBoot DWORD which didn't exist. Just created that and the warning is gone.

 

[plat]

I'm just gonna leave it b/c acc. to the Bleeping article posted here, if it's toggled to "on" it's "on" regardless of the warning. I toggled it and now I have this silly thing here in spoiler. This drive isn't running very often anyway, just to update software like VoodooShield.

Bork Tuesday, Any Problems Yet?

Today's Win10 updates keep disappearing from the Windows Update UI x2 machines. Checking for updates eventually shows the updates are installing though.

www.wilderssecurity.com

"There is a technical glitch with this feature, if you have successfully turned on this feature and you are being prompted to restart, kindly note that the feature is ON irrespective of the message as this is a technical glitch that we are aware of and we are working to resolve that issue soonest," Microsoft Technical support representative reportedly told one of the affected users.

Spoiler

 

[oldschool]

Alternatively you can run it with UEFI locked, so RunAsPPLBoot does not matter, because it is secure boot protected:

reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "RunAsPPL" /t REG_DWORD /d "1" /f

I have mine set to "2" and I have an issue. When I initially applied the above fix in post #6 the LSASS setting was visible and the annoyance was fixed, however now that setting doesn't show in Device Security. Any ideas anyone? Or is this a new bug?

Edit: Apparently this is also part of the bug.

 

[a090]

I have mine set to "2" and I have an issue. When I initially applied the above fix in post #6 the LSASS setting was visible and the annoyance was fixed, however now that setting doesn't show in Device Security. Any ideas anyone? Or is this a new bug?

Are there blue links called Core isolation details and Security processor details in your Device Security tab? If yes, click them and you’ll be taken to another settings page. Sometimes you’ll find LSA protection, Secure Boot, and other miscellaneous Device Security settings hiding inside the either of those blue links.

Another option is to X out of Windows Security and re-open from system tray icon.

This issue has affected me too, but not with LSA. For mine, Secure Boot would behind one of those blue links. Or the Security Processor would disappear and settings would report I had no TPM chip, even though I clearly do (enabled fTPM myself in BIOS) or W11 wouldn’t have installed. Doing what I outlined above usually helped. Try checking the details (blue links) option first, before the X-ing out option.

 

[oldschool]

@a090 Apparently it's also part of the LSA Protection bug. I have this on good authority from another forum.

 

[spiritedawaymadmax]

A missing registry key (trivial to fix) is not equivalent to a hypothetical threat of the CCP appropriating TikTok.

That's not the real TikTok threat. The real threat is that TikTok makes the world's children, teenagers and adults more stupid, mentally ill and addicted by the day.

I completely agree, but got no clue how to fight this trend other than by not using TikTok myself in the hopes that my kids will follow my example...

 

[Kongo]

Seems like it's enabled for me but it always says "These changes require a reboot" even after rebooting multiple times

 

[oldschool]

Seems like it's enabled for me but it always says "These changes require a reboot" even after rebooting multiple times

Did you apply the fix in post #6?

 

[silversurfer]

Anyone noticed the LSA (Local Security Authority Protection) in Windows Security Center became removed/replaced by Microsoft for a new feature called:
"Kernel-mode Hardware-enforced Stack Protection"

Microsoft Defender update causes Windows Hardware Stack Protection mess

In a confusing mess, a recent Microsoft Defender update rolled out a new security feature called 'Kernel-mode Hardware-enforced Stack Protection,' while removing the LSA protection feature. Unfortunately, Microsoft has not provided any documentation on this change, leading to more questions than...

www.bleepingcomputer.com

However, to use this feature, a Windows device must be using Intel Tiger Lake CPUs or AMD Zen3 CPUs and later. Therefore, Windows will only display this new setting if the device has the required hardware.

Like Memory Integrity, when enabling Kernel-mode Hardware-enforced Stack Protection, Windows will ensure that no incompatible drivers are loaded in Windows. If there are, the Stack Protection feature will not enable, and Windows will display a list of incompatible drivers.

 

[oldschool]

Anyone noticed the LSA (Local Security Authority Protection) in Windows Security Center became removed/replaced by Microsoft for a new feature called:
"Kernel-mode Hardware-enforced Stack Protection"

Mine shows nether. My device doesn't qualify for the new feature.

 

[brambedkar59]

Mine shows nether. My device doesn't qualify for the new feature.

Even on 11400H CPU I am not seeing this option in "device security". Although I have disabled memory integrity because I am running Kaspersky.

Spoiler: Screenshot