Fixed: Local Security Authority Protection Off – Your Device May Be Vulnerable

The Local Security Authority protection on your Windows 11 PC is a crucial process that keeps your credentials secure. The idea behind LSA is to ensure that no loopholes in your security allow a third party to intercept your personal information. It is a process that authenticates the genuineness of your credentials before allowing you access to the system. 

While the effectiveness of the process is proven, there are times when a user finds the feature toggled off on the system. Sometimes, it is manually turned off because of the heavy nature of the process, while other times, it is toggled off after Windows or system updates. 

Turning on manually turned off LSA is easy, provided you know how to do it. On the other hand, if the process is closed by the system and it is done after every update, you may require serious actions to fix the error. 

Without this process, your PC may be vulnerable to interception and data theft. Hence, it is important to keep it ON. 

But how? Well, that is what we will share with you in this post. 

Ensure you read this until the end, as we will explain how to enable Local Security Authority Protection on your PC. You can enable these steps even when the system cannot do so. 

Let’s begin!

What is the LSA problem in Windows?

The Local Security Authority feature keeps your PC protected from code-injecting malware and reduces the chances of credentials being compromised. It is a crucial error that this service is always running and makes sure that the PC is safe. The real problem that appears is that the Windows Defender incorrectly gives a notification that the LSA is not running or has stopped working. 

You may be thinking if the notification is incorrect and the service is still running, where is the issue? Well, the fake warnings often catch a user off-guard which leads to them making harmful decisions. These notifications are often a work of phishing attacks meaning as soon as users click on them, the script is injected, failing the purpose of LSA. 

Not to mention, the curiosity of a user about “What if the LSA is off?” is also a troublesome thought. Hence you should take things into your own hands and try to relaunch the Local Security Authority feature on your PC. 

If it is ON it will remain the same, and if it is OFF you will be able to turn it back on. EASY!

Why Does this Warning Occur

If that yellow exclamation mark in your security settings has appeared recently, chances are that the LSA process was affected by the recent turn of events on your PC.

Usually, the user turns off the Local Security Authority protection from the Task Manager as it appears to be a heavy process. However, if it is not manually disabled and is not running, there can be three reasons behind it – 

1. A corrupt Windows Update was installed on your PC, which caused the LSA to go off.
   
2. The Secure Boot settings have been accidentally reset on Windows. It is the basic security feature that, when disabled, affects other programs, including LSA.
   
3. Due to unnecessary changes in Group Policy Editor, LSA is disabled.

These 3 are the most probable causes of the warning. As you can realize, all of these require a power user to understand and move ahead to fix. 

Check out our easy-to-execute fixes curated, especially for normal users below!

Ways to Resolve Local Security Authority Protection Off on Windows 11

Way #1 – Turn LSA ON Using Windows Security Application

The first and foremost way to enable LSA on your Windows PC is to follow the traditional path and toggle it ON manually via the security application. 

Here’s what you need to do – 

Step 1 – Open the Start Menu & Search for a Security Application in Windows called “Windows Security.”

Step 2 – In Windows Security, you will come across an option that says “Device Security” in the left panel of the screen.

Step 3 – From Device Security, click “Core Isolation details.”

Step 4 – In Core Isolation, you will see the “LSA toggle.” Turn it ON, and you should be good to go. 

This is the basic method. If you cannot find the Local Security Authority Protection on the shared locations, do not worry. There are other ways explained below to turn it on. 

Editor’s Tip – If you do not see the LSA toggle switch then copy and paste the following command in your Terminal window (Win + X) followed by Enter. Get-AppPackage | Where-Object {$_.Name -like “Microsoft.SecHealthUI”}

Read Also: Minecraft Error – ‘An Existing Connection Was Forcibly Closed by the Remote Host’ Fixed!

Way #2 Ensure the Warning Isn’t Just a False Flag

Some experts have reported that this error could be a false alarm due to certain anomalies that occur when updating Windows. To check if the LSA warning is false, follow these steps.

1. Press Win + S to open the Windows Search box and type “Event Viewer” app.
2. Click on Applications and Services Logs in the left panel followed by Microsoft > Windows > LSA

3. Locate the event with ID 5004 related to LSA protection and confirm that it is enabled and working.
4. If you cannot find an event with this ID, the feature may be disabled. In that case, try applying the other fixes to resolve the issue.

Way #3 – Enable LSA Protection Via Policy Editor on Windows

The Local Group Policy Editor is another way you can spot the LSA protection settings and enable them. Simply follow the steps given below – 

Step 1 – Press Windows+R on your keyboard to open the Run Search.
Step 2 – In the Run Search, use the command “GPEDIT.msc.”

Step 3 – After opening the local group policy editor, navigate to the following path – 

Computer Configuration\Administrative Templates\System\Local Security Authority

Step 4 – Following the above path, you can find the configured LSASS to run as a protected process.
Step 5 – Select the option mentioned above and right-click on it. You will find the enable option. Just click on it and restart your PC for changes to take effect. 

Way #4 – Use Registry Editor to Enable LSA

If the above method does not work, you can use the registry editor to sort your Local Security Authority Protection off situation. Many users say that after editing the RunAsPPL registry entry, their problem was fixed.

However, before you make any changes to the registry, we suggest taking a backup.

To do so, open the Registry Editor > click File > Export. Once the backup is created, follow the instructions below to enable LSA via Windows Registry.

Step 1 – Press Windows + R to open the run search.
Step 2 – In the run search, use the command “regedit.”

Step 3 – This will open the registry editor for you.
Step 4 – In the registry editor, navigate to the following path – 

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

and look for the RunAsPPl entry as shown in the below image.

Step 5 – Double-click the RunAsPPL entry and change its Value Data to 2. Click Ok to save the changes.

Step 6 – Next, click on the empty area, click New > select DWORD (32-bit) Value.

Step 7 – Name the new registry as RunAsPPLBoot and click Ok.
Step 8 – Double click RunAsPPLBoot and change the Value Data to 2 > click Ok to apply changes.

Step 9 – Restart the PC. The Local Security Authority Protection is Off should be fixed.

However, if this does not help, we suggest changing the Value Data of RunAsPPLBoot to 1.

Now restart your PC and check the error must be fixed.

In case this does not work, there are chances that the Windows registry requires optimization. The best way to do that is to use a PC Optimization tool like Advanced System Optimizer. Instead of making unnecessary changes that may worsen the situation, the tool cleans only the invalid registry entries and helps optimize the registry for better performance. 

Check out this thorough guide on how and why you should consider optimizing your registries to learn more about it!

What is the impact of enabling LSA protection?

Most network experts recommend enabling this feature to ensure that the OSPF (Open Shortest Path First) protocol is stable and secure. It also helps to secure the network from malicious and unauthorized LSAs. Here are a few benefits of enabling LSA.

• It helps to filter out malicious or invalid LSAs, ensuring that only trusted LSAs are accepted to avoid disruptions like routing loops, network instability, etc.
• It reduces the likelihood of network instability and network outages caused by inconsistent or corrupt routing information. 
• By blocking unauthorized or malformed LSAs, this feature adds a layer of security, especially in large and sensitive networks.
• After enabling the protection feature, users can observe improvement in overall network performance because LSA ensures that only correct and trusted information is used for shortest-path calculations.
• Enabling LSA protection may also improve error detection and logging capabilities.
• It can lead to slightly higher CPU usage and memory consumption. This is the only drawback of enabling LSA protection which can be ignored when compared to the benefit it offers.

Way #5 – Repair/Reset Windows Security

Windows offers ways to repair an application if it is not working properly. The same is available for the internal component, Windows Security application. All you need to do is follow the below steps –

Step 1 – Go to the System Settings by pressing the Win+I shortcut.

Step 2 – System from the left pane and then scroll down to find the System Component option.

Step 3—You may find Windows Security in the System Component List. Expand the Advanced Options and click on it.

Step 4—On the Opened Settings page, scroll down to find the Terminate, Reset, and Repair options. Click on the appropriate one, as required.

This will allow you to repair the issue with your security program, making it more effective and helping you resolve Local Security Authority protection off errors.

Way #6 Method Update Windows OS.

Experts recommend that a complete update of the Windows OS can help fix this issue. Here is what you need to do.

1. Press Win + X to open the Windows Power Menu and choose Settings.
2. Click on the Windows Update Tab in the left panel.
3. Next, click on the “Check For Updates” button on the right side.

4. Windows will automatically check for updates, download, and install them on your PC.
5. Next, click on Advanced Options.

6. On the new page, click on Optional Updates under Advanced Options.
7. Finally, click on Driver Updates and check the box before the drivers you wish to update.
8. Click on the Download & Install button and wait for the update process to complete.
9. Restart the computer.

Way #7 – Uninstall the Last Installed Application

If the error has appeared recently after installing a particular program on your computer, you should consider uninstalling the same program. Also, the error message may appear after updating a program recently hence you can use the control panel to sort the applications. 

Step 1 – Press Win+R to open the run search.
Step 2 – In the run search, use the command appwiz.cpl and hit enter.

Step 3 – On reaching the control panel, you will find uninstall or change a program page on your screen.

Step 4—Click on the Installed On filter, and you will see all the applications sorted by their latest installed date.
Step 5 – Uninstall the last or recently updated application and restart your computer to ensure that the components of the uninstalled applications are removed. 

Once the app is removed, you may find that the Local Security Authority Protection Off – Your Device May Be Vulnerable error is no longer on your PC. 

How do I Know if LSA is Enabled on a PC

After trying all these fixes, you can verify whether the Local Security Authority feature was successfully enabled on your PC by using the Event Viewer application on your Windows 11 PC. 

Everything you do is noted in Windows logs. Hence, the enablement of LSA is also recorded. After trying a fix, restart your PC, and after restarting it, go to the start menu to find Event Viewer. Here is a step-by-step guide –

Step 1 – Go to the Start Menu and search for Event Viewer.

Step 2 – In the Event Viewer, check the left pane and click on Windows logs to expand it.

Step 3 – In the Windows Logs, click on System to find all the recent system-related logs.

Step 4 – In the System Logs, look for – wininit process with the following description –

12: LSASS.exe was started as a protected process with level: 4

After you have found the log, it can be confirmed that the LSA service was started. If you want to check first whether the service is enabled or not, you can use the same method and find the winnint process. 

Enable LSA Protection Instantly & Fix Your PC’s Security!

The 3 ways mentioned above are your best chances of enabling the Local Security Authority Protection on Windows 11. This is crucial as it keeps your private data confidential and safe from cyber-attacks. However, if they do not help, try uninstalling the latest Windows update, as sometimes it causes the issue. Press Windows + I to open Windows settings > click on Windows Update > scroll down to find the Uninstall updates option > look for “KB5023706” update and click “Uninstall.” Restart the PC to apply the change and check the problem should now be fixed.

You can use any of the mentioned ways and enable LSA. Also, to keep the PC optimized and avoid any issues caused by invalid registry, junk files, duplicates, viruses, etc, give Advanced System Optimizer a try.

That’ll be all for this post. Thanks for reading. Good luck!

FAQs –

Should You Disable Local Security Authority Protection?

No! Disabling the LSA on your Windows PC means leaving the door open for infectious scripts and malware to take over system files and properties. It can be difficult for the PC to protect itself from unwanted interaction, especially if you use the internet regularly on your PC.

Did Microsoft remove LSA protection?

Not yet. The LSA protection is still available on Windows 11. However, there was a bit of confusion when “local security authority protection is off” notifications appeared out of nowhere. To fix it, an update was rolled out where the settings in the KB5007651 Defender update were removed to ensure the confusing alerts would no longer be displayed in the Windows Settings app.

Why is LSA important?

The Link-State Advertisement is used to provide link-state routing protocols (like OSPF) to share information about the network’s topology. This also allows routers to perform the following tasks.

• It can provide details about the information related to the network’s links and status. It can be used by routers to identify the shortest route as well as make sure that the network traffic is efficiently sent through the best paths available.
• If the network topology (new links & routers) changes then LSA can guide routers to adjust quickly for fast convergence. 
• LSA also facilitates reducing bandwidth usage by sending updated information about network changes only.

Recommended :

Is Microsoft Edge Running Slow? These Fixes Will Help Speed it up!
ChatGPT Not Working on PC – Here’s What You Can Do!