Thursday, March 28, 2024
HomeSECURITYMicrosoft acknowledges the problem of false notifications about disabled LSA protection

Microsoft acknowledges the problem of false notifications about disabled LSA protection

-


Microsoft acknowledges the problem of false notifications about disabled LSA protection

Redmond is already preparing a fix for the error, but does not name the exact timing.

Just yesterday Microsoft acknowledged an issue that many Windows 11 users have been complaining about for the last week. As it turns out, the mandatory update of Microsoft Defender Antivirus (Windows Defender) under the identifier KB5007651 causes false warnings from the Windows security system that Local Security Authority (LSA) protection is disabled. According to the company, the issue only affects PCs running Windows 11 21H2 and 22H2.

LSA protection is a security feature that prevents intruders from gaining unauthorized access to a Windows system. The false alert that some users see contains the following information: “Local Security Center protection has been disabled. Your device may be vulnerable.” Moreover, this warning appears even when the LSA option is enabled (as can be seen in the screenshot below).


“After installing the mandatory update for Microsoft Defender Antivirus Platform – KB5007651 (version 1.0.2302.21002), users may begin to receive security notifications or warnings that Local Security Protection has been disabled. After forcibly activating an item, a Windows device may persistently suggest a reboot, ”wrote Microsoft.

Microsoft has stated that it is working on fixing issues with LSA security warnings and will provide more information about it as soon as it becomes available. The company also provided a workaround for all affected users: “If you have enabled Local Security Authority (LSA) protection and rebooted the device at least once, you can dismiss warning notifications and ignore any additional notifications prompting a reboot.”

But Internet users went further and provided their own way to solve the problem (at their own peril and risk):

  1. Open the Windows Registry Editor.
  2. Navigate to the directory: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Make sure the directory contains DWORD values ​​(32 bits) named RunAsPLL and RunAsPLLBoot. If there are none, you need to create them manually with a value of 2.


After a reboot, the intrusive warnings should be gone.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular