What is Local Security Authority Protection in Windows 11?
Local Security Authority Protection (LSA Protection) is a security feature in Windows 11 that adds an additional layer of protection against potential security threats. LSA Protection is responsible for securing the user’s identity and preventing unauthorized access to the system. The feature was introduced to Windows 11 as part of the security update, which came with the version 21H2 in 2023.
Why is it important?
LSA Protection is an essential feature in Windows 11 that should not be disabled. Without it, the device may be vulnerable to various malicious attacks, such as malware, viruses, and phishing attacks. Enabling LSA Protection on your device will ensure your system is adequately secured against potential security threats.
What Risks Can You Face Without It?
If LSA Protection is disabled, your device’s security could be compromised in several ways. Malicious software or an intruder could gain unauthorized access to your system, your identity may be stolen, or your data could be compromised. These risks can have significant consequences, including financial loss and privacy issues.
How Does It Work?
In Windows 11, LSA Protection works by restricting how certain processes can access the Local Security Authority (LSA) subsystem. This is accomplished by running the LSA processes in their own security context, known as runAsPPL (Protected Process Light). This ensures that only trusted processes can access the LSA subsystem and enforce the security policy defined by the operating system.
What is the “Local Security Authority Protection is Off” Alert in Windows 11?
If you see a triangle with an exclamation mark that says “Local Security Authority Protection is Off” on the Windows Security Iron in Windows 11, it means LSA protection is disabled. The alert is a warning that your device may not be secure, and you need immediate action to enable LSA Protection.
Why Did I Get this Alert?
There are various reasons why you may have received the “Local Security Authority Protection is Off” alert. For example, LSA Protection may have been disabled intentionally, or there may be a configuration issue in the operating system. In some cases, a malware infection could also disable LSA Protection on your device.
What Does It Mean?
If you see the “Local Security Authority Protection is Off” alert, it means your device may not be adequately secured against potential security threats. You need immediate action to enable LSA Protection to ensure your device is properly protected.
How to Check If LSA Protection is Enabled?
You can easily check if LSA Protection is enabled on your device by navigating to the Device Security Panel in the Windows Security app. If the option to turn the protection on in the device security panel is disabled or grayed out, LSA protection is already enabled on your device. You can also dismiss warning notifications and ignore the alert if LSA Protection is enabled.
How to Enable Local Security Authority Protection in Windows 11?
There are two ways to enable LSA Protection in Windows 11: using the Local Group Policy Editor or the Windows Registry Editor.
Using Local Group Policy Editor
The Local Group Policy Editor is a tool that allows you to configure advanced settings on your device. To enable LSA Protection using the Local Group Policy Editor, follow these steps:
Step-by-Step Guide to Enable LSA Protection
- Press the Windows key + R to open the Run dialog box.
- Type gpedit.msc and click OK to open the Local Group Policy Editor.
- Navigate to Computer Configuration > Administrative Templates > System > Local Security Policies > Security Options
- Scroll down to “System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies” and double-click on it.
- Select “Enabled” and click on “OK.”
Verify If LSA Protection is Enabled?
After enabling LSA protection using the Local Group Policy Editor, you can verify the feature is enabled by looking at the Device Security Panel in the Windows Security app. If the option to turn on the protection is grayed out, LSA Protection is enabled on your device.
Using Registry Editor
The Windows Registry is a database that stores configuration settings and options for Windows. To enable LSA Protection using the Registry Editor, follow these steps:
How to Enable LSA Protection via Registry Editor?
- Press the Windows key + R to open the Run dialog box.
- Type regedit and click OK to open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
- Find the “RunAsPPL” key and double-click on it.
- Change the value data to “1” and click on “OK.”
- Create a new DWORD value named “RunAsPPLBoot” and set the value data to “1.”
- Restart your device to apply the changes.
Verify If LSA Protection is Enabled?
After enabling LSA protection via the Registry Editor, you can verify the feature is enabled by looking at the Device Security Panel in the Windows Security app. If the option to turn on the protection is grayed out, LSA Protection is enabled on your device.
How to Install KB5007651 Update for Microsoft Defender Antivirus?
The KB5007651 update is a security update for the Microsoft Defender Antivirus anti-malware platform. WindowsLatest reported Microsoft has failed to fix the issue, with LSA protection off after installing the update. You can enable it manually using the methods given above. Since KB5007651 is also important to install, ensure you enable the LSA protection after installing this update.
What is KB5007651 Update?
KB5007651 is a security update that fixes several issues, including one that may disable LSA Protection on devices running Windows 11 version 21H2 (build 22000.318 or later) and Microsoft Defender Antivirus version 1.0.2302.21002. Installing this update is essential to ensure your device is adequately secured against potential security threats.
How to Install KB5007651 Update?
- Open the Settings app by pressing Windows + I.
- Select “Update & Security” and then click on “Windows Update.”
- Click on “Check for updates” and wait for the update to download and install.
- Restart your device to apply the changes.
Verify If LSA Protection is Enabled After Installing the Update?
After installing the KB5007651 update, you can verify that LSA Protection is enabled on your device by looking at the Device Security Panel in the Windows Security app. If the option to turn on the protection is grayed out, LSA Protection is enabled on your device.
How to Enable Device Security Notifications in Windows 11?
Device Security Notifications are essential alerts that notify you when a security-related event occurs on your device. To enable Notifications for LSA Protection in Windows 11, follow these steps:
How to Enable Notification for LSA Protection?
- Open the Settings app by pressing Windows + I.
- Select “System” and then click on “Notifications & actions“
- Scroll down and click on “Add or edit notifications“
- Select Windows Security and toggle on the switch for “LSA Protection“
Verify If Notification is Enabled?
To verify that LSA Protection Notifications are enabled on your device, perform a test security event by disabling LSA Protection. You should receive a notification in the Action Center informing you that LSA Protection is disabled.