Do you keep receiving a “Local Security protection is off. Your device may be vulnerable.” notification each time you boot into Windows 11’s desktop area? This troubleshooting guide will explain why that happens and what you can do to dismiss it.

How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 1

What Is Local Security Authority Protection in Windows 11?

The Local Security Authority (LSA) is the system component that enforces security policies in Windows 11. It authenticates users during the login process, creates access tokens, and manages password policies. The underlying process is LSASS.exe.

Table of Contents

    To bolster security, Windows 11 offers a feature called Local Security Authority protection. It runs the LSASS process in protected mode, blocking unsigned drivers and plugins from loading and preventing potential attacks from malicious code.

    Why You Keep Receiving the “LSA Protection Is Off” Notification

    The “Local Security Authority protection is off” notification pops up after installing Microsoft Defender Antivirus Version 1.0.2302.21002, regardless of having the feature on or off on your computer. Microsoft has acknowledged it as a known Windows 11 version 22H2 issue.

    What You Can Do to Fix “Local Security Authority Protection Is Off”

    You’ve got three methods to deal with a persistent “Local Security Authority protection is off” security warning in Windows 11. You can:

    • Dismiss the error: Despite the warning, the chances are Local Security Authority is running in protected mode on your computer. You can safely dismiss it after verifying the LSA state via the Event Viewer.
    • Update Windows. At the time of writing, Microsoft has released an official fix with “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2306.10002).” You can install it if it’s available for you.
    • Modify the registry: It’s possible to modify the system registry and manually activate Local Security Authority protection to stop the security warning from appearing.

    Method 1: Check the Event Viewer and Dismiss

    Unless you’re on a new Windows 11 installation, the “Local Security Authority protection is off” error likely appears when Local Security Authority protection is enabled on your system.

    Microsoft’s suggestion—if Microsoft Defender Antivirus Version 1.0.2306.10002 or later is not available to you—is to check if Local Security Authority protection is active via the Event Viewer and dismiss the warning if you’ve already restarted your PC at least once after receiving it.

    Begin by confirming that the Local Security Authority is running in Protected Mode via the Event Viewer. To do that:

    1. Right-click the Start button and select Event Viewer.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 2
    1. Expand Windows Logs and select System on the sidebar.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 3
    1. Select Find.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 4
    1. Type lsass.exe into the Find what field and select Find next.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 5
    1. Check the General pane. You should see “LSASS.exe was started as a protected process with level: 4” if Local Security Authority protection is active.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 6

    To dismiss the “Local Security Authority protection is off” notification in Windows 11:

    1. Restart your computer (if you still need to since receiving the notification).
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 7
    1. Double-click the Windows Security icon on the system tray.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 8
    1. Select Device Security.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 9
    1. Under Core isolation, select Core isolation details.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 10
    1. Select Dismiss next to the “Local Security Authority protection is off” notification.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 11
    1. Restart your computer and check if the “Local Security protection is off” warning recurs.

    Method 2: Update Windows 11

    According to Microsoft, newer versions of Microsoft Defender Antivirus—Version 1.0.2306.10002 and later—fix the “Local Security Authority protection is off” error in Windows 11. Hence, installing all pending updates through Windows Update is the best way to deal with the issue.

    To do that:

    1. Right-click the Start button and select Settings.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 12
    1. Scroll down the sidebar, choose Windows Update, and select Check for updates to initiate a scan for new updates.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 13
    1. Select Download and install to apply all pending updates to the operating system and reboot your PC afterward.

    Method 3: Modify the System Registry

    If the Local Security Authority protection isn’t active when checking with the Event Viewer, updating Windows 11 fails to resolve the issue, or you don’t have newer updates to Microsoft Defender Antivirus available, you must modify the system registry to resolve the issue.

    Warning: Microsoft does not recommend workarounds to dismiss the “Local Security Authority protection is off” security notification, so only go through the steps below if the methods above fail. You should also back up the system registry before you go ahead.

    1. Press Windows + R, type regedit into the Open field, and select OK.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 14
    1. Copy and paste the following path into the address bar at the top of the Registry Editor window and press Enter:

    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 15
    1. Ensure Lsa is selected on the left navigation pane, and double-click the RunAsPPL and RunAsPPLBoot entries on the right.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 16
    1. Change the hex value inside the Value data field to 2 for both entries and select OK.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 17

    Note: If one or both keys aren’t present, you must create them manually—right-click Lsa on the sidebar and select DWORD (32-bit) Value, name it after the missing key, and save with a value of 2.

    1. Select File > Exit to exit the Registry Editor.
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 18
    1. Restart Windows 11.

    Alternatively, you can modify the system registry via Windows PowerShell. Here’s how:

    1. Right-click the Start button and select Windows Terminal (Admin).
    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 19
    1. Copy and paste the following command into the console:

    reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

    How to Dismiss “Local Security Authority Protection Is Off” in Windows 11 image 20
    1. Press Enter to execute the command and restart your PC.

    “Local Security Authority Protection Is Off” Warning Dismissed

    As you just found out, you’ve got multiple ways to deal with the “Local security protection is off” error in Windows 11. You can dismiss the notification if Local Security Authority protection is active, install the latest Microsoft Defender Antivirus updates, or modify the system registry if the problem persists.

    If none of the methods above work, use a third-party antimalware utility for protection until Microsoft addresses the issue again in a future update.

    Leave a Reply

    Your email address will not be published. Required fields are marked *