Windows 10, Windows 11

[FIXED] Local Security Authority protection is off in Windows 11

435 Comments

It seems like as of April 19th, Microsoft fixed “Local Security Authority protection is off” with KB5007651. DeskModder suggests that the issue was resolved by an update to the “Kernel-mode Hardware-enforced Stack Protection” security feature present under Core Isolation (VBS), introduced with Windows 11 22H2.

This article discusses steps to fix Local security authority protection being off, Notified by Windows Security app in Windows 10 or Windows 11, as reported by many people. in the last month.

Symptoms

In the Windows Security Taskbar icon, you might see a warning symbol indicating something needs attention, something like this:

Windows Security Tray icon

When you click on the icon, and then choose Device Security>Core Isolation, then to More details, you might see LSA being on, but still, it notifying the same is off and generates the following message:

Local Security Authority protection is off. Your device may be vulnerable.

The message looks something like this, as seen in the screenshot:

Local Security Authority protection is off in Windows Fix
LSA being off and on at the same time

Fix Local Security Authority protection is off warning

If your Windows Security is notifying you that Local Security Authority protection is off – Your device may be vulnerable, you can use the following commands to forcibly turn on LSA Protection for 2 parameters. Restarting the computer will make the error message go away.

Applies to: Windows 11, Windows 10


Fix Local Security Authority protection error in Windows

To fix this LSA error, you can use the following workaround, which uses two Commans to trigger a Registry edit, which turns the LSA protection to ON forcibly:

  1. Click the Start button and type “cmd” to look for Command Prompt results. Right-click cmd result and select “Run as administrator”.
  2. Press Yes when prompted.
  3. In the Window that opens, execute the following commands one by one:

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

Afterwards, you will see two messages for the operation being successful, looking something like this:

Commands to fix the error

These commands forcibly enable LSA Protection using two Registry edits.

Restart the computer, and you will see the warning message go away.

To conclude, this article helps you to resolve the LSA error message in Windows. Hopefully, Microsoft will fix the error natively soon.

Also check:

[FIX] Memory integrity due to Incompatible drivers cannot be enabled