Recently few users reported that they are receiving the following error notification “Local Security authority protection is off. Your device may be vulnerable” even when the LSA feature is enabled. As per the Microsoft update, this is the bug in the Windows defender update, and this error appears after the windows security update KB5007651. This article will guide you to fix Local Security Protection is off Your device may be vulnerable error in Windows 11/10.
Fix Local Security Protection is off error in Windows 11/10:
LSA stands for Local Security Authority, LSA protection is an important process that verifies a user’s identity, and it manages necessary system credentials like passwords and tokens related to Microsoft accounts and Azure AD accounts. Enabling the Local Security Authority protection will improve your system and account security and also it protect your credentials from attackers. Local Security Authority protection feature prevents code injection and reduces the possibility of compromising credentials. After the recent Windows update, Windows security app prompts to enable the LSA even though that feature is already enabled. The feature is running in the background and from the Windows security LSA page its shows the above-mentioned error. Follow the below-mentioned resolution methods to fix this error.
Solution 1: Modify Registry using Command Prompt
After the Windows update, the LSA registry values may get change, you need to modify the registry configuration, to enable LSA there will be two registry values. RunAsPPL and RunAsPPLBoot, these registry values enable the LSA protection and start it when the system boot also removes the exclamation.
Open the Command prompt in elevated mode.
Copy and paste the following commands.
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "RunAsPPL" /t REG_DWORD /d 2 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "RunAsPPLBoot" /t REG_DWORD /d 2 /f
Once you executed the commands successfully, you can close the command prompt and restart your system once.
Solution 2: Using Group Policy Editor
Open Run command by pressing Windows + R and type gpedit.msc and hit enter, this command will open the Group Policy Editor.
Now navigate to the following path
Computer Configuration > Administrative Templates > System > Local Security Authority
From the left-hand side click on Local Security Authority and from the right-hand side look for the policy named “Configures LSASS to run as a protected process”. Click on the Policy Settings to enable the policy.
Choose Enabled and set the Configure LSA to run as a protected process based on your requirements.
Click on Apply and OK.
Read Also:
LSA Protection Error in Windows: Fix Required Device Restart