Local Security Authority protection is off. Your device may be vulnerable bug is still causing a headache for Windows 11 users. This bug was first flagged up in March 2023, and it remains broken in Windows 11 KB5025239 & KB5025224, which are the April 2023 cumulative updates for the OS.
So what’s going on here? Like any version of Windows, Windows 11 also comes with Local Security Authority (LSA), which is responsible for enforcing security policies. The LSA process is essential for various areas of the OS, and it is necessary to protect it from being tampered with by malware or other malicious actors.
Windows 11 has the “Local Security Authority protection” feature, first introduced in 8.1 and Server 2012 R2. LSA protection is enabled by default, and Microsoft doesn’t want users to disable it, so a warning for “Local Security Authority protection is off. Your device may be vulnerable” is displayed when you turn off the feature.
LSA Protection runs in the background by isolating the LSA process in a container and preventing other processes, like malicious actors or apps, from accessing the feature. This makes LSA Protection a vital security feature, which is why it is enabled by default in all installations of Windows 11.
And here comes the problem: Windows 11 now warns users, “Local Security authority protection is off. Your device may be vulnerable”, even if the feature is enabled. This false warning isn’t going anywhere, and Microsoft’s multiple attempts to resolve the problem via Windows Defender updates have been unsuccessful.
In addition to the warning, Windows Defender also persistently prompts that a restart is required. Users assume that rebooting their systems will remove the warning, but it doesn’t, and the alert continues to appear.
Microsoft officials told us they started working on a fix in the second week of March, but the bug still haunts users, and it’s unclear when it is getting a proper fix.
How to fix the “Local Security Authority protection is off” error in Windows Settings
Here’s a step-by-step guide tested and validated by Windows Latest to remove the “Local Security Authority protection is off. Your device may be a vulnerable” warning from Windows Settings:
- Open Registry Editor.
- Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- In the LSA folder, create two DWORD entries – RunAsPPL and RunAsPPLBoot.
- Set their values to 2.
- Restart your PC.
You can also open PowerShell with administrator privileges and run the following command to activate these registry changes with just one click:
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f;
If you follow the above steps, you can disable the Windows Security app’s false warning.
According to Microsoft’s spokesperson, you can safely ignore these alerts if you enable Local Security Authority (LSA) protection and restart your PC at least once.
“We recommend you ignore asking for a restart. You can dismiss warning notifications and ignore any additional notifications,” a Microsoft support staff told Windows Latest in a live chat.
You can manually verify if the feature is enabled by navigating to Event Viewer > “Applications and Services Logs” > “Microsoft” > “Windows” > “LSA”. In the event log, you need to find the Event ID 5004, which is linked to the LSA Protection and confirms LSA Protection has been enabled successfully.
