If you are a Windows 11 user, you may have noticed a warning message in your Windows Security settings that says “Local Security Authority protection is off. Your device may be vulnerable.” This message may have appeared after a recent update to Windows Defender that caused a bug in the LSA protection feature. But what is LSA protection and why should you care about it? In this article, we will explain what LSA protection is, how to enable or disable it manually, and why you should do it for better security.
What is LSA protection and how does it work?
LSA stands for Local Security Authority, which is a component of Windows that handles authentication, authorization, and auditing processes. LSA is responsible for verifying the identity of users and granting them access to resources based on their permissions. LSA also logs security events and generates security tokens for processes.
LSA protection is a feature that protects the LSA process from being tampered with by malicious software or hackers. LSA protection runs the LSA process in an isolated environment that prevents other processes from accessing its memory or code. This way, LSA protection prevents credential theft, privilege escalation, or other attacks that target the LSA process.
How to enable or disable LSA protection manually?
By default, LSA protection is enabled on Windows 11 devices that have a TPM 2.0 chip and Secure Boot enabled. However, due to a bug in a recent update to Windows Defender, some users may see a false warning that LSA protection is off, even if it is enabled. Microsoft has fixed this bug by removing the LSA protection UI from the Device security settings, as it is not needed for most users.
However, if you want to check or change the status of LSA protection manually, you can do so using the registry editor. Here are the steps to follow:
- Open the registry editor by typing regedit in the search box and clicking on the app.
– Navigate to the following location: Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa
- Look for two values named RunAsPPL and RunAsPPLBoot. If they are not present, right-click on the Lsa key and select New > DWORD (32-bit) Value. Name them RunAsPPL and RunAsPPLBoot respectively.
- To enable LSA protection, double-click on each value and set their data to 2. To disable LSA protection, set their data to 0.
- Close the registry editor and restart your device.
Why should you enable LSA protection?
LSA protection is an important security feature that can protect your device from various types of attacks that target the LSA process. By enabling LSA protection, you can prevent hackers or malware from stealing your credentials, impersonating your identity, or gaining unauthorized access to your resources. This can help you avoid data breaches, identity theft, or ransomware infections.
LSA protection is especially recommended for devices that are used in enterprise or government environments, where security is critical and sensitive data is stored. However, even if you are a home user or a small business owner, you can benefit from enabling LSA protection for better peace of mind.
LSA protection is a feature that protects the Local Security Authority process from being compromised by malicious actors. It runs the LSA process in an isolated environment that prevents other processes from accessing its memory or code. This way, it prevents credential theft, privilege escalation, or other attacks that target the LSA process.
To enable or disable LSA protection manually, you can use the registry editor and change the values of RunAsPPL and RunAsPPLBoot under the Lsa key. By default, LSA protection is enabled on Windows 11 devices that have a TPM 2.0 chip and Secure Boot enabled.
Enabling LSA protection can improve your device’s security and protect your data from various types of attacks. It is especially recommended for devices that are used in enterprise or government environments, where security is critical and sensitive data is stored.
We hope this article helped you understand what LSA protection is and how to enable or disable it manually. If you have any questions or feedback, please let us know in the comments below. And don’t forget to share this article with your friends and family who use Windows 11 devices 🙌