Home windows 11 customers report seeing widespread Home windows Safety warnings that Native Safety Authority (LSA) Safety has been disabled despite the fact that it reveals as being toggled on.

LSA safety is a vital safety characteristic for defending in opposition to the theft of delicate data, akin to login credentials, by blocking course of reminiscence dumping and untrusted code injection into the LSA course of.

It ensures that solely approved entities can acquire entry to the crucial data required for consumer authentication and system safety.

Whereas Home windows customers report that this problem is brought on by the not too long ago launched KB5023706 Home windows 11 22H2 cumulative replace, this has been taking place since not less than January 15.

The “Native Safety Authority safety is off. Your machine could also be susceptible.” warnings present up despite the fact that LSA Safety is enabled in Home windows Safety > System safety > Core isolation particulars.

“There’s a technical glitch with this characteristic, when you have efficiently turned on this characteristic and you might be being prompted to restart, kindly word that the characteristic is ON no matter the message as it is a technical glitch that we’re conscious of and we’re working to resolve that problem soonest,” Microsoft Technical assist consultant reportedly informed one of many affected customers.

To test if LSA had truly began in protected mode in your pc when Home windows began, you may seek for the next WinInit occasion within the System logs beneath Home windows Logs: “12: LSASS.exe was began as a protected course of with degree: 4”

​Easy methods to take away the LSA Safety alerts

Till Microsoft rolls out a repair for this Home windows 11 Native Safety Authority glitch, it’s important to add two new DWORD registry entries and set them to ‘2’ to make sure that the LSA Safety characteristic is routinely enabled after the subsequent restart, and the defective warnings will not be proven.

The process requires you to undergo these steps:

1. Open the Registry Editor and go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
2. Add new RunAsPPL and RunAsPPLBoot DWORD entries and set them to 2.
3. Restart the system.

Earlier this month, Redmond introduced that the most recent Home windows 11 construct rolling out to Insiders within the Canary channel would additionally allow Native Safety Authority (LSA) Safety by default.

Nonetheless, this can solely occur if the programs cross an audit test for incompatibilities (Microsoft is but to clarify what compatibility points it is checking for).

In February 2022, Microsoft mentioned it could toggle on a Microsoft Defender “Assault Floor Discount” safety rule by default that may additionally block makes an attempt to steal Home windows credentials from the Native Safety Authority Subsystem Service (LSASS) course of.